Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cdw-0.8.1/src/native_file_system/cdw_fs_browser.h
Examining data/cdw-0.8.1/src/native_file_system/cdw_file_selector.h
Examining data/cdw-0.8.1/src/native_file_system/cdw_file_manager.h
Examining data/cdw-0.8.1/src/native_file_system/cdw_file.h
Examining data/cdw-0.8.1/src/native_file_system/cdw_fs_browser.c
Examining data/cdw-0.8.1/src/native_file_system/cdw_fs.c
Examining data/cdw-0.8.1/src/native_file_system/cdw_fs.h
Examining data/cdw-0.8.1/src/native_file_system/cdw_file_manager.c
Examining data/cdw-0.8.1/src/native_file_system/cdw_file_picker.c
Examining data/cdw-0.8.1/src/native_file_system/cdw_file.c
Examining data/cdw-0.8.1/src/native_file_system/cdw_file_picker.h
Examining data/cdw-0.8.1/src/native_file_system/cdw_file_selector.c
Examining data/cdw-0.8.1/src/config_cdw_undefine.h
Examining data/cdw-0.8.1/src/utilities/cdw_string.h
Examining data/cdw-0.8.1/src/utilities/cdw_cdll.h
Examining data/cdw-0.8.1/src/utilities/cdw_regex.h
Examining data/cdw-0.8.1/src/utilities/cdw_cdll.c
Examining data/cdw-0.8.1/src/utilities/cdw_sys.h
Examining data/cdw-0.8.1/src/utilities/cdw_dll.h
Examining data/cdw-0.8.1/src/utilities/gettext.h
Examining data/cdw-0.8.1/src/utilities/cdw_utils.c
Examining data/cdw-0.8.1/src/utilities/cdw_dll.c
Examining data/cdw-0.8.1/src/utilities/cdw_string.c
Examining data/cdw-0.8.1/src/utilities/cdw_regex.c
Examining data/cdw-0.8.1/src/utilities/cdw_sys.c
Examining data/cdw-0.8.1/src/utilities/cdw_utils.h
Examining data/cdw-0.8.1/src/utilities/cdw_debug.h
Examining data/cdw-0.8.1/src/utilities/cdw_logging.h
Examining data/cdw-0.8.1/src/utilities/cdw_logging.c
Examining data/cdw-0.8.1/src/cddb.c
Examining data/cdw-0.8.1/src/tasks/cdw_read_disc_info.c
Examining data/cdw-0.8.1/src/tasks/cdw_cdda2wav.h
Examining data/cdw-0.8.1/src/tasks/cdw_read_disc.c
Examining data/cdw-0.8.1/src/tasks/cdw_burn_disc.h
Examining data/cdw-0.8.1/src/tasks/cdw_task.c
Examining data/cdw-0.8.1/src/tasks/cdw_erase_disc.c
Examining data/cdw-0.8.1/src/tasks/cdw_read_disc.h
Examining data/cdw-0.8.1/src/tasks/cdw_read_disc_info.h
Examining data/cdw-0.8.1/src/tasks/cdw_burn_disc.c
Examining data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c
Examining data/cdw-0.8.1/src/tasks/cdw_create_image.c
Examining data/cdw-0.8.1/src/tasks/cdw_calculate_digest.h
Examining data/cdw-0.8.1/src/tasks/cdw_erase_disc.h
Examining data/cdw-0.8.1/src/tasks/cdw_create_image.h
Examining data/cdw-0.8.1/src/tasks/cdw_task.h
Examining data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c
Examining data/cdw-0.8.1/src/main.h
Examining data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofs_options.c
Examining data/cdw-0.8.1/src/external_tools/cdw_ext_tools.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs.h
Examining data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c
Examining data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.h
Examining data/cdw-0.8.1/src/external_tools/cdw_growisofs_options.c
Examining data/cdw-0.8.1/src/external_tools/cdw_growisofs.c
Examining data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs_helpers.h
Examining data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c
Examining data/cdw-0.8.1/src/external_tools/cdw_which.c
Examining data/cdw-0.8.1/src/external_tools/cdw_libburn.c
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format.c
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c
Examining data/cdw-0.8.1/src/external_tools/cdw_cdrecord_options.h
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_libburn.h
Examining data/cdw-0.8.1/src/external_tools/cdw_xorriso_options.c
Examining data/cdw-0.8.1/src/external_tools/cdw_xorriso.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_digest_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo.c
Examining data/cdw-0.8.1/src/external_tools/cdw_thread.h
Examining data/cdw-0.8.1/src/external_tools/cdw_digest.c
Examining data/cdw-0.8.1/src/external_tools/cdw_regex_dispatch.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofs_options.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofs.h
Examining data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_digest_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.h
Examining data/cdw-0.8.1/src/external_tools/cdw_which.h
Examining data/cdw-0.8.1/src/external_tools/cdw_growisofs.h
Examining data/cdw-0.8.1/src/external_tools/cdw_growisofs_options.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c
Examining data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format.h
Examining data/cdw-0.8.1/src/external_tools/cdw_thread.c
Examining data/cdw-0.8.1/src/external_tools/cdw_digest.h
Examining data/cdw-0.8.1/src/external_tools/cdw_regex_dispatch.h
Examining data/cdw-0.8.1/src/external_tools/cdw_xorriso.c
Examining data/cdw-0.8.1/src/external_tools/cdw_cdrecord.h
Examining data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c
Examining data/cdw-0.8.1/src/external_tools/cdw_cdrecord_options.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.h
Examining data/cdw-0.8.1/src/external_tools/cdw_xorriso_options.h
Examining data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c
Examining data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format_regex.h
Examining data/cdw-0.8.1/src/external_tools/cdw_mkudffs_helpers.c
Examining data/cdw-0.8.1/src/optical_file_systems/iso9660.h
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c
Examining data/cdw-0.8.1/src/optical_file_systems/isosize.h
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_ofs.c
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_ofs.h
Examining data/cdw-0.8.1/src/optical_file_systems/isosize.c
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h
Examining data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.h
Examining data/cdw-0.8.1/src/main.c
Examining data/cdw-0.8.1/src/configuration/cdw_config_window.c
Examining data/cdw-0.8.1/src/configuration/cdw_config.h
Examining data/cdw-0.8.1/src/configuration/cdw_config_window.h
Examining data/cdw-0.8.1/src/configuration/cdw_config.c
Examining data/cdw-0.8.1/src/user_interface/cdw_erase_wizard.h
Examining data/cdw-0.8.1/src/user_interface/cdw_help.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_dropdown.h
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_button.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_safe_input_line.h
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_dynamic_label.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_safe_input_line.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_checkbox.h
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_button.h
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_dropdown.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.h
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_checkbox.c
Examining data/cdw-0.8.1/src/user_interface/widgets/cdw_dynamic_label.h
Examining data/cdw-0.8.1/src/user_interface/cdw_erase_wizard.c
Examining data/cdw-0.8.1/src/user_interface/cdw_verify_wizard.c
Examining data/cdw-0.8.1/src/user_interface/cdw_widgets.h
Examining data/cdw-0.8.1/src/user_interface/cdw_tabs_window.h
Examining data/cdw-0.8.1/src/user_interface/cdw_form.h
Examining data/cdw-0.8.1/src/user_interface/cdw_window.c
Examining data/cdw-0.8.1/src/user_interface/cdw_widgets.c
Examining data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c
Examining data/cdw-0.8.1/src/user_interface/cdw_window.h
Examining data/cdw-0.8.1/src/user_interface/cdw_write_wizard.c
Examining data/cdw-0.8.1/src/user_interface/cdw_help.h
Examining data/cdw-0.8.1/src/user_interface/cdw_main_window.c
Examining data/cdw-0.8.1/src/user_interface/cdw_write_wizard.h
Examining data/cdw-0.8.1/src/user_interface/cdw_tabs_window.c
Examining data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.h
Examining data/cdw-0.8.1/src/user_interface/cdw_image_wizard.c
Examining data/cdw-0.8.1/src/user_interface/cdw_processwin.c
Examining data/cdw-0.8.1/src/user_interface/cdw_list_display.c
Examining data/cdw-0.8.1/src/user_interface/cdw_ncurses.h
Examining data/cdw-0.8.1/src/user_interface/cdw_colors.c
Examining data/cdw-0.8.1/src/user_interface/cdw_processwin.h
Examining data/cdw-0.8.1/src/user_interface/cdw_form.c
Examining data/cdw-0.8.1/src/user_interface/cdw_ncurses.c
Examining data/cdw-0.8.1/src/user_interface/cdw_colors.h
Examining data/cdw-0.8.1/src/user_interface/cdw_list_display.h
Examining data/cdw-0.8.1/src/user_interface/cdw_image_wizard.h
Examining data/cdw-0.8.1/src/user_interface/cdw_main_window.h
Examining data/cdw-0.8.1/src/user_interface/cdw_verify_wizard.h
Examining data/cdw-0.8.1/src/cddb.h
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_disc.h
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_cdio_drives.h
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_disc.c
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_drive.h
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_cdio_drives.c
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.h
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c
Examining data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c
Examining data/cdw-0.8.1/gnulib/lib/pathmax.h
Examining data/cdw-0.8.1/gnulib/lib/filenamecat.h
Examining data/cdw-0.8.1/gnulib/lib/cycle-check.c
Examining data/cdw-0.8.1/gnulib/lib/canonicalize.h
Examining data/cdw-0.8.1/gnulib/lib/xreadlink.h
Examining data/cdw-0.8.1/gnulib/lib/same-inode.h
Examining data/cdw-0.8.1/gnulib/lib/dev-ino.h
Examining data/cdw-0.8.1/gnulib/lib/filenamecat.c
Examining data/cdw-0.8.1/gnulib/lib/cycle-check.h
Examining data/cdw-0.8.1/gnulib/lib/xreadlink.c
Examining data/cdw-0.8.1/gnulib/lib/canonicalize.c
Examining data/cdw-0.8.1/gnulib/lib/dirname.h
FINAL RESULTS:
data/cdw-0.8.1/gnulib/lib/xreadlink.c:81:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t r = readlink (file, buffer, buf_size);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:1883:14: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t r = readlink(fullpath, link_path, PATH_MAX - 2);
data/cdw-0.8.1/src/cddb.c:149:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s %s", config.cdbuser, _("password"));
data/cdw-0.8.1/src/cddb.c:164:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "mount %s", config.cdrw_device);
data/cdw-0.8.1/src/cddb.c:167:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "umount %s", config.mountpoint);
data/cdw-0.8.1/src/cddb.c:207:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ch,"%s/%s",dir,eps[cnt]->d_name);
data/cdw-0.8.1/src/cddb.c:225:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)insertdir, dir+dirlength+1);
data/cdw-0.8.1/src/cddb.c:226:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "INSERT INTO content (file, size, date, cd_id) VALUES (\"%s/%s\",'%d','%s', %d);", insertdir, eps[cnt]->d_name, finfo->st_size, date, cd_id);
data/cdw-0.8.1/src/cddb.c:228:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "INSERT INTO content (file, size, date, cd_id) VALUES (\"%s\",'%d','%s', %d);", eps[cnt]->d_name, finfo->st_size, date, cd_id);
data/cdw-0.8.1/src/cddb.c:265:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s", mysql_error(&mysql));
data/cdw-0.8.1/src/cddb.c:295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s", errmsg);
data/cdw-0.8.1/src/cddb.c:334:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND UPPER(content.file) LIKE UPPER(\"%s/%%\")", query, dir);
data/cdw-0.8.1/src/cddb.c:337:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND cd.name='%s'", query, disk);
data/cdw-0.8.1/src/cddb.c:340:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND type.name='%s'", query, type);
data/cdw-0.8.1/src/cddb.c:342:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s ORDER BY cd.number, cd.name", query);
data/cdw-0.8.1/src/cddb.c:380:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND content.file REGEXP '%s'", query, dir);
data/cdw-0.8.1/src/cddb.c:383:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND content.file REGEXP '%s'", query, file);
data/cdw-0.8.1/src/cddb.c:386:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND cd.name=\"%s\"", query, disk);
data/cdw-0.8.1/src/cddb.c:389:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND type.name=\"%s\"", query, type);
data/cdw-0.8.1/src/cddb.c:391:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s ORDER BY cd.number, cd.name", query);
data/cdw-0.8.1/src/cddb.c:403:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND regexp('%s', content.file)", query, dir);
data/cdw-0.8.1/src/cddb.c:406:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND regexp('%s', content.file)", query, file);
data/cdw-0.8.1/src/cddb.c:409:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND cd.name=\"%s\"", query, disk);
data/cdw-0.8.1/src/cddb.c:412:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND type.name=\"%s\"", query, type);
data/cdw-0.8.1/src/cddb.c:414:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s ORDER BY cd.number, cd.name", query);
data/cdw-0.8.1/src/cddb.c:430:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "INSERT INTO cd (name, number, type, date) VALUES (\"%s\",%d,%d, '%s');", cdname, no, type, date);
data/cdw-0.8.1/src/cddb.c:462:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND UPPER(cd.name) LIKE UPPER(\"%%%s%%\")", query, cdname);
data/cdw-0.8.1/src/cddb.c:465:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND cd.number=%d", query, no);
data/cdw-0.8.1/src/cddb.c:468:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s AND type.name=\"%s\"", query, type);
data/cdw-0.8.1/src/cddb.c:470:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s ORDER BY cd.number, cd.name", query);
data/cdw-0.8.1/src/cddb.c:497:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "INSERT INTO type (name) VALUES (\"%s\");", type);
data/cdw-0.8.1/src/cddb.c:526:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s WHERE UPPER(type.name)=UPPER(\"%s\")", query, type);
data/cdw-0.8.1/src/cddb.c:528:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "%s ORDER BY type.type_id", query);
data/cdw-0.8.1/src/cddb.c:558:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "SELECT type.type_id, type.name FROM type WHERE UPPER('%s')=UPPER(type.name) ORDER BY type.type_id", type);
data/cdw-0.8.1/src/cddb.c:597:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "SELECT cd.cd_id FROM cd WHERE UPPER(cd.name)=UPPER('%s') AND cd.number=%d AND cd.type=%d", cdname, no, type_no);
data/cdw-0.8.1/src/cddb.c:621:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(query, "DELETE FROM cd WHERE UPPER(cd.name)=UPPER(\"%s\") AND cd.number=%d AND cd.type=%d", cdname, no, type_no);
data/cdw-0.8.1/src/cddb.c:789:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].files, "%s", row[1]);
data/cdw-0.8.1/src/cddb.c:823:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].files, "%s", row[1]);
data/cdw-0.8.1/src/cddb.c:827:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].type_name, "%s", row[3]);
data/cdw-0.8.1/src/cddb.c:848:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s", row[1]);
data/cdw-0.8.1/src/cddb.c:856:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].files, "%s", row[1]);
data/cdw-0.8.1/src/cddb.c:860:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].type_name, "%s", row[5]);
data/cdw-0.8.1/src/cddb.c:898:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].type_name, "%s", row[5]);
data/cdw-0.8.1/src/cddb.c:900:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].cd_name, "%s", row[1]);
data/cdw-0.8.1/src/cddb.c:901:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s", row[2]);
data/cdw-0.8.1/src/cddb.c:922:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].files, "%s", line);
data/cdw-0.8.1/src/cddb.c:929:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file_list[c].files, "%s", line);
data/cdw-0.8.1/src/cddb.c:1035:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dir_str, "(/%s)", var_dir);
data/cdw-0.8.1/src/cddb.c:1185:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_type, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1191:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_type, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1200:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_disk, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1210:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_dir, "%s/%s", var_dir, file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1212:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_dir, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1253:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s", var_dir);
data/cdw-0.8.1/src/cddb.c:1255:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_dir, "%s", dir);
data/cdw-0.8.1/src/cddb.c:1258:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_dir, "%s/%s", var_dir, dir);
data/cdw-0.8.1/src/cddb.c:1275:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s\n %s?", _("Are you sure do you want to delete category:"), file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1282:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_type, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1289:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s\n %s?", _("Are you sure do you want to delete disk:"), file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1296:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_type, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1509:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "%s %s", config.cdbuser, _("password"));
data/cdw-0.8.1/src/cddb.c:1585:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s\n %s?", _("Are you sure do you want to delete category:"), file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1592:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_type, "%s", file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1599:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(message, "%s\n %s?", _("Are you sure do you want to delete disk:"), file_list[pos].files);
data/cdw-0.8.1/src/cddb.c:1606:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(var_type, "%s", file_list[pos].files);
data/cdw-0.8.1/src/configuration/cdw_config.c:255:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(old_config_file_fullpath, F_OK)) {
data/cdw-0.8.1/src/configuration/cdw_config.c:542:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(old_config_file_fullpath, F_OK)) {
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:752:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(track_format,
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:354:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_MKISOFS].name, CDW_TOOL_MKISOFS_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:355:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_CDRECORD].name, CDW_TOOL_CDRECORD_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:356:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_GROWISOFS].name, CDW_TOOL_GROWISOFS_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:357:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_DVD_RW_FORMAT].name, CDW_TOOL_DVD_RW_FORMAT_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:358:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_DVD_RW_MEDIAINFO].name, CDW_TOOL_DVD_RW_MEDIAINFO_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:359:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_XORRISO].name, CDW_TOOL_XORRISO_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:360:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_MKUDFFS].name, CDW_TOOL_MKUDFFS_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:362:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_MD5SUM].name, CDW_TOOL_MD5SUM_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:363:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SHA1SUM].name, CDW_TOOL_SHA1SUM_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:364:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SHA224SUM].name, CDW_TOOL_SHA224SUM_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:365:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SHA256SUM].name, CDW_TOOL_SHA256SUM_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:366:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SHA384SUM].name, CDW_TOOL_SHA384SUM_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:367:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SHA512SUM].name, CDW_TOOL_SHA512SUM_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:369:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_TRUNCATE].name, CDW_TOOL_TRUNCATE_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:370:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SUDO].name, CDW_TOOL_SUDO_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:371:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_MOUNT].name, CDW_TOOL_MOUNT_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:372:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_UMOUNT].name, CDW_TOOL_UMOUNT_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:373:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_SYNC].name, CDW_TOOL_SYNC_NAME);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:374:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdw_ext_tools.tools[CDW_TOOL_RSYNC].name, CDW_TOOL_RSYNC_NAME);
data/cdw-0.8.1/src/external_tools/cdw_thread.c:383:19: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int exec_ret = execl("/bin/sh", "sh", "-c", command, NULL);
data/cdw-0.8.1/src/external_tools/cdw_which.c:148:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(fullpath, X_OK)) {
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:192:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int a = access(fullpath, mode);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:294:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int a = access(fullpath, expected_mode);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:395:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int a = access(parent, expected_mode);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:168:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int a = access(graftpoints_fullpath, F_OK);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:198:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int r = access(graftpoints_fullpath, F_OK);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:222:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -D%s -J -H -g", CDDA2WAV, config.cdrom);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:236:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line, "T%d: %s %s audio %s", &max_track, tmp, tmp, cdinfo) == 4) {
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:257:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bpc, "%s", config.bitsperchn);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:258:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(brate, "%s", config.bitrate);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:259:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(stereo, "%s", config.stereo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:260:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(echo, "%s", config.echosound);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:261:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(encode, "%s", config.encode);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:262:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lame, "%s", config.lame);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:263:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(highq, "%s", config.highq);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:446:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->stereo, (!strncmp(field_buffer(field[5], 0), "X", 1) ? "1" : "0"));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:447:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->bitsperchn, rtrim(field_buffer(field[7], 0)));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:448:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->echosound, (!strncmp(field_buffer(field[9], 0), "X", 1) ? "1" : "0"));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:449:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->encode, (!strncmp(field_buffer(field[11], 0), "X", 1) ? "1" : "0"));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:450:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->highq, (!strncmp(field_buffer(field[13], 0), "X", 1) ? "1" : "0"));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:451:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->lame, (!strncmp(field_buffer(field[15], 0), "X", 1) ? "1" : "0"));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:452:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((&config)->bitrate, rtrim(field_buffer(field[17], 0)));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:456:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s ", CDDA2WAV);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:458:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -s", cdinfo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:460:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -m", cdinfo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:462:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -e", cdinfo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:468:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s", cdinfo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:471:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -D%s -t%d -b%s -g -H - | %s -q 8 -o %s/audio_%.2d.ogg -", cmd, config.cdrom, tracknum, config.bitsperchn, OGGENC,
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:474:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -D%s -t%d -b%s -g -H - | %s -b%s -o %s/audio_%.2d.ogg -", cmd, config.cdrom, tracknum, config.bitsperchn, OGGENC,
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:484:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s", cdinfo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:487:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -D%s -t%d -b%s -g -H - | %s -h -V2 -b%s - %s/audio_%.2d.mp3 -", cmd, config.cdrom, tracknum, config.bitsperchn, LAME,
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:490:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -D%s -t%d -b%s -g -H - | %s -b%s - %s/audio_%.2d.mp3 -", cmd, config.cdrom, tracknum, config.bitsperchn, LAME,
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:499:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cmd, "%s", cdinfo);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:501:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdinfo, "%s -D%s -t%d -b%s -g -H %s/audio_%.2d.wav", cmd, config.cdrom, tracknum, bpc, config.audiodir, tracknum);
data/cdw-0.8.1/src/user_interface/cdw_main_window.c:1052:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(fullpath, R_OK)) {
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:555:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(progress_string, PROCESSWIN_MAX_RTEXT_LEN + 1,
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:562:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(progress_string, PROCESSWIN_MAX_RTEXT_LEN + 1,
data/cdw-0.8.1/src/utilities/cdw_debug.h:37:72: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define cdw_vdm(...) fprintf(stderr, "%s():%d: ", __func__, __LINE__); fprintf(stderr, __VA_ARGS__); fflush(stderr);
data/cdw-0.8.1/src/utilities/cdw_debug.h:207:53: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "%s():%d: ", __func__, __LINE__); fprintf(stderr, __VA_ARGS__); \
data/cdw-0.8.1/src/utilities/cdw_logging.c:208:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(log_file, format, ap);
data/cdw-0.8.1/src/utilities/cdw_logging.c:539:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fullpath, F_OK)) {
data/cdw-0.8.1/src/utilities/cdw_string.c:1279:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(test_buffer, test_strings[i]);
data/cdw-0.8.1/src/utilities/cdw_sys.c:471:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int rv = access(path, F_OK);
data/cdw-0.8.1/src/utilities/cdw_sys.c:554:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int rv = access(path, F_OK);
data/cdw-0.8.1/src/external_tools/cdw_thread.c:558:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *m = getenv("MKISOFS");
data/cdw-0.8.1/src/external_tools/cdw_thread.c:563:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
m = getenv("GENISOIMAGE");
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:491:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *home = getenv("HOME");
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:808:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
fullpath = realpath(device_fullpath, (char *) NULL);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:398:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/cdw-0.8.1/src/utilities/cdw_sys.c:590:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *tmp = getenv("PATH");
data/cdw-0.8.1/src/utilities/cdw_utils.c:120:11: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int c = getopt_long(argc, argv, "hv", cdw_getopt_long_options, &option_index);
data/cdw-0.8.1/gnulib/lib/canonicalize.c:239:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
dest = memcpy (dest, start, end - start);
data/cdw-0.8.1/gnulib/lib/canonicalize.c:300:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
name = end = memcpy (extra_buf, buf, n);
data/cdw-0.8.1/gnulib/lib/filenamecat.c:36:47: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define mempcpy(D, S, N) ((void *) ((char *) memcpy (D, S, N) + (N)))
data/cdw-0.8.1/src/cddb.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[1000];
data/cdw-0.8.1/src/cddb.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_type[60], var_disk[60], var_dir[2000];
data/cdw-0.8.1/src/cddb.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[255];
data/cdw-0.8.1/src/cddb.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char all[20];
data/cdw-0.8.1/src/cddb.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char add[20];
data/cdw-0.8.1/src/cddb.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scr[20];
data/cdw-0.8.1/src/cddb.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char del[20];
data/cdw-0.8.1/src/cddb.c:85:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qut[20];
data/cdw-0.8.1/src/cddb.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nul[1];
data/cdw-0.8.1/src/cddb.c:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdbpass[60];
data/cdw-0.8.1/src/cddb.c:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[60];
data/cdw-0.8.1/src/cddb.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdname[60], category[60], cd_num[5], command[255], cmd[255];
data/cdw-0.8.1/src/cddb.c:160:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(category, "none\0");
data/cdw-0.8.1/src/cddb.c:195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dname, *ch, *date[25], insertdir[200];
data/cdw-0.8.1/src/cddb.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query[500];
data/cdw-0.8.1/src/cddb.c:206:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ch=(char *) malloc(strlen(eps[cnt]->d_name)+strlen(dir)+4);
data/cdw-0.8.1/src/cddb.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/cdw-0.8.1/src/cddb.c:268:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (dbfile=fopen(config.sqlite_file, "r"))==NULL ){
data/cdw-0.8.1/src/cddb.c:298:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(message, _("Unknown error! Check the settings!"));
data/cdw-0.8.1/src/cddb.c:332:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "SELECT cd.number, cd.name, content.file, content.size, content.date, type.name FROM content LEFT JOIN cd ON content.cd_id=cd.cd_id left join type on cd.type=type.type_id WHERE content.cd_id>0");
data/cdw-0.8.1/src/cddb.c:377:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "SELECT cd.number, cd.name, content.file, content.size, content.date, type.name FROM content LEFT JOIN cd ON content.cd_id=cd.cd_id left join type on cd.type=type.type_id WHERE content.cd_id>0");
data/cdw-0.8.1/src/cddb.c:460:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "SELECT cd.cd_id, cd.name, cd.number, type.name, cd.date FROM cd LEFT JOIN type ON cd.type=type.type_id WHERE cd.cd_id>0");
data/cdw-0.8.1/src/cddb.c:524:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "SELECT type.type_id, type.name FROM type", type);
data/cdw-0.8.1/src/cddb.c:567:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:582:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (result->nrow>0) i=atoi(result->result[2]);
data/cdw-0.8.1/src/cddb.c:605:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:616:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retval=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:644:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "DELETE FROM content WHERE content.cd_id=%d", cd_id);
data/cdw-0.8.1/src/cddb.c:671:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "DELETE FROM type WHERE type.type_id=%d", type_no);
data/cdw-0.8.1/src/cddb.c:689:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "SELECT cd.cd_id FROM cd WHERE cd.type=%d", type_no);
data/cdw-0.8.1/src/cddb.c:698:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cds[i]=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:712:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cds[i-1]=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:721:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "DELETE FROM cd WHERE cd.type=%d", type_no);
data/cdw-0.8.1/src/cddb.c:740:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(query, "DELETE FROM content WHERE content.cd_id=%d", cds[z]);
data/cdw-0.8.1/src/cddb.c:769:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line, itemname[100];
data/cdw-0.8.1/src/cddb.c:788:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].files=(char *)malloc(strlen(row[1])+2);
data/cdw-0.8.1/src/cddb.c:811:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[6];
data/cdw-0.8.1/src/cddb.c:822:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].files=(char *)malloc(strlen(row[1])+4);
data/cdw-0.8.1/src/cddb.c:826:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].type_name=(char *)malloc(strlen(row[3])+1);
data/cdw-0.8.1/src/cddb.c:830:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_list[c].cd_num=atoi(row[2]);
data/cdw-0.8.1/src/cddb.c:832:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", file_list[c].cd_num);
data/cdw-0.8.1/src/cddb.c:847:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
line=file_list[c].files=(char *)malloc(strlen(row[1])+4);
data/cdw-0.8.1/src/cddb.c:855:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].files=(char *)malloc(strlen(row[1])+4);
data/cdw-0.8.1/src/cddb.c:859:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].type_name=(char *)malloc(strlen(row[5])+1);
data/cdw-0.8.1/src/cddb.c:863:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_list[c].cd_num=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:865:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", file_list[c].cd_num);
data/cdw-0.8.1/src/cddb.c:896:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
line=(char *) malloc(strlen(row[2])+5);
data/cdw-0.8.1/src/cddb.c:897:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].type_name=(char *)malloc(strlen(row[5])+4);
data/cdw-0.8.1/src/cddb.c:899:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
file_list[c].cd_name=(char *)malloc(strlen(row[1])+1);
data/cdw-0.8.1/src/cddb.c:924:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_list[c].cd_num=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:930:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_list[c].size=atoi(row[3]);
data/cdw-0.8.1/src/cddb.c:931:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
file_list[c].cd_num=atoi(row[0]);
data/cdw-0.8.1/src/cddb.c:972:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/cdw-0.8.1/src/cddb.c:974:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/cdw-0.8.1/src/cddb.c:975:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_str[255];
data/cdw-0.8.1/src/cddb.c:979:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "Type");
data/cdw-0.8.1/src/cddb.c:982:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "Disk");
data/cdw-0.8.1/src/cddb.c:985:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "Directory");
data/cdw-0.8.1/src/cddb.c:988:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "File");
data/cdw-0.8.1/src/cddb.c:1032:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "( %d / %d )", page, maxpage);
data/cdw-0.8.1/src/cddb.c:1066:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[6];
data/cdw-0.8.1/src/cddb.c:1072:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%d", file_p.cd_num);
data/cdw-0.8.1/src/cddb.c:1274:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[600];
data/cdw-0.8.1/src/cddb.c:1288:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[600];
data/cdw-0.8.1/src/cddb.c:1340:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cddbmenu_const.all, _(" Show all disks "));
data/cdw-0.8.1/src/cddb.c:1341:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cddbmenu_const.add, _(" Add disk "));
data/cdw-0.8.1/src/cddb.c:1342:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cddbmenu_const.scr, _(" Search "));
data/cdw-0.8.1/src/cddb.c:1343:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cddbmenu_const.del, _(" Delete "));
data/cdw-0.8.1/src/cddb.c:1344:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cddbmenu_const.qut, _(" Quit Catalog "));
data/cdw-0.8.1/src/cddb.c:1393:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id=add_disk((char *)disk, atoi(cd_num), switch_type((char *)type), "2004-01-01");
data/cdw-0.8.1/src/cddb.c:1429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *line, itemname[100];
data/cdw-0.8.1/src/cddb.c:1584:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[600];
data/cdw-0.8.1/src/cddb.c:1598:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[600];
data/cdw-0.8.1/src/configuration/cdw_config.c:311:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *config_file = fopen(config_file_fullpath, "w");
data/cdw-0.8.1/src/configuration/cdw_config.c:367:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *config_file = fopen(fullpath, "r");
data/cdw-0.8.1/src/configuration/cdw_config.c:1020:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(config->selected_drive, "default");
data/cdw-0.8.1/src/configuration/cdw_config.c:1372:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
config->burn.cdrecord_pad_size = atoi(option.value);
data/cdw-0.8.1/src/configuration/cdw_config.c:1492:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(option.value);
data/cdw-0.8.1/src/configuration/cdw_config.c:1516:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(option.value);
data/cdw-0.8.1/src/configuration/cdw_config.h:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char custom_drive[OPTION_FIELD_LEN_MAX + 1]; /**< \brief Path to CD/DVD reader/burner */
data/cdw-0.8.1/src/configuration/cdw_config.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selected_drive[OPTION_FIELD_LEN_MAX + 1];
data/cdw-0.8.1/src/configuration/cdw_config.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scsi[OPTION_FIELD_LEN_MAX + 1]; /**< \brief Variable specifying scsi device in form preferred by cdrecord: bus:target:lun */
data/cdw-0.8.1/src/configuration/cdw_config_window.c:738:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvf_buffer[CDW_CVF_WIDTH + 1];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:456:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc->simple_type_label, "CD");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:462:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc->simple_type_label, "DVD");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:467:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc->simple_type_label, "UNKNOWN");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:953:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[CDW_CDIO_SECTOR_META_SIZE_MAX]; /* 12 + 4 + 8 */
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:965:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sector_sync[12];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:972:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sector_header[4];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:979:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sector_subheader[8];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1225:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cdw_assert (disc->open, "ERROR: trying to get information about disc that is not open\n");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1312:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cdw_assert (disc->open, "ERROR: trying to read from closed disc\n");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1491:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[CDIO_CD_FRAMESIZE_RAWER * CDW_CDIO_RW_N_SECTORS];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1712:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1747:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cdw_assert (disc->open, "ERROR: trying to get information about disc that is not open\n");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1782:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cdw_assert (disc->open, "ERROR: trying to get information about disc that is not open\n");
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char simple_type_label[9 + 1];
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.h:67:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open; /* is the disc opened already */
data/cdw-0.8.1/src/disc_and_drive/cdw_disc.h:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_label[CDW_DISC_TYPE_LABEL_LEN + 1]; /* human-readable representation of disc type */
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:340:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int cddev = open(device_fullpath, O_RDONLY | O_NONBLOCK);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:716:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[LABEL_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:419:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[4 + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:701:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tsize_value[TSIZE_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:705:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tsize_value, "${tsize}");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:724:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disc_mode[10];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:733:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad_string[pad_len_max + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:744:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[speed_len_max + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_format[10];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:856:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -tao ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:858:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -dao ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:860:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -sao ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:863:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -raw ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:865:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -raw96r ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:867:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -raw96p ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:869:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(disc_mode, " -raw16 ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_options.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad_size[CDW_CDRECORD_OPTIONS_PADSIZE_FIELD_LEN_MAX + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_options.c:133:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
task->burn.cdrecord_pad_size = atoi(buf);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:158:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:159:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:595:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracknum = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:598:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
done_size = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:601:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fifo = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:604:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_decimal = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:607:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_fract = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_info2_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:633:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:671:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tracknum = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:674:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
done_size = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:677:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total_size = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:680:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fifo = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:683:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_decimal = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:686:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_fract = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:704:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eta_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:713:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:732:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_info2_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:822:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:828:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->write_speeds.drive_default_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:849:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:861:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cd_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:865:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dvd_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:901:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:907:53: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->write_speeds.drive_max_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:975:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1039:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1124:55: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->cdrecord_info.last_sess_start = atol(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1128:55: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->cdrecord_info.next_sess_start = atol(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1182:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seconds = (size_t) atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1191:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
miliseconds = (size_t) atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1252:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_index = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1256:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cd_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1260:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dvd_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1312:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1343:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
first_track = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1350:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_track = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_digest_regex.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_digest_regex.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[9 + 1];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format_regex.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format_regex.c:151:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format_regex.c:161:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perc_decimal = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_format_regex.c:168:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perc_fract = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:232:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:241:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_i = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:257:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->write_speeds.speeds[speed_i] = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:416:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->write_speeds.drive_default_speed = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:563:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_index[3];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:564:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_start_address[10];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:571:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:586:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i_track = atoi(track_index);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:598:70: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->dvd_rw_mediainfo_info.track_address[i_track] = atol(track_start_address);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:638:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:645:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tsa = atoi(submatch); /* track start address */
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:713:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nwa = atol(submatch);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *instances[CDW_EXT_TOOLS_N_INSTANCES_MAX + 1];
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:237:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char label_not_available[20];
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:238:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char label_system_default[20];
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:239:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char label_no_tool_available[20];
data/cdw-0.8.1/src/external_tools/cdw_growisofs.c:394:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[9 + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs.c:569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[9 + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs.c:690:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[10];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:108:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:109:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:637:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:648:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perc_decimal = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:655:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perc_fract = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:662:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_decimal = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:669:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_fract = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:676:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minutes = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:683:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seconds = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:696:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progress_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:746:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eta_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:750:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(eta_string, _("ETA: %2d:%02d"), minutes, seconds);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:754:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:758:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(speed_string, _("Speed: %d.%dx"), speed_decimal, speed_fract);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:792:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
major = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:795:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minor = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eta_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:1111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:1119:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blocks_free = atol(submatch);
data/cdw-0.8.1/src/external_tools/cdw_growisofs_regex.c:1129:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
blocks_to_be_written = atol(submatch);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iso_level_string[iso_len_max + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:452:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:460:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int done_size = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:467:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eta_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eta_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:549:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_mkisofs_regex.c:574:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:242:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "r");
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_helpers.c:347:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char files_progress[PROGRESS_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:397:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_blocksize[CDW_MKUDFFS_BLOCKSIZE_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:426:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_udfrev[CDW_MKUDFFS_UDFREV_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:453:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_strategy[CDW_MKUDFFS_STRATEGY_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:480:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_spartable[CDW_MKUDFFS_SPARTABLE_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:511:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_media_type[CDW_MKUDFFS_MEDIA_TYPE_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:544:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_space[CDW_MKUDFFS_SPACE_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:572:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_ad[CDW_MKUDFFS_AD_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:601:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *cdw_mkudffs_option_encoding[CDW_MKUDFFS_ENCODING_MAX] = {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.c:282:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.c:290:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
done_percent = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_regex.c:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_regex_dispatch.c:176:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_regex_dispatch.c:177:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_thread.c:117:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_thread.c:118:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[5 + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[5 + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank_mode[30 + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:384:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[5 + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stdout_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char stderr_pipe_buffer[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:341:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
segments = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:344:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
progress_decimal = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:347:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
progress_fract = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_info2_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text_info2_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:408:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:456:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:500:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:507:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->write_speeds.speeds[0] = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:517:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
thread_task->disc->write_speeds.speeds[1] = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:535:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:586:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minutes = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:595:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
seconds = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:604:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
frames = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:638:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
done_size = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:641:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
total_size = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:644:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fifo = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:647:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_decimal = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:650:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_fract = atoi(submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:668:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char eta_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:716:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perc_decimal = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:723:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perc_fract = atoi((char *) &submatch);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:782:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char submatch[PIPE_BUFFER_SIZE];
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:210:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "r");
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:320:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE + 1];
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:327:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_buffer[BUFFER_SIZE + 1];
data/cdw-0.8.1/src/native_file_system/cdw_file.c:585:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[10];
data/cdw-0.8.1/src/native_file_system/cdw_file.c:587:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(format, "!%.*s");
data/cdw-0.8.1/src/native_file_system/cdw_file.c:590:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(format, "~%.*s");
data/cdw-0.8.1/src/native_file_system/cdw_file.c:592:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(format, "%.*s");
data/cdw-0.8.1/src/native_file_system/cdw_file.c:604:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t dest[1000];
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:1882:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char link_path[PATH_MAX - 2];
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char random_string[RANDOM_STRING_LEN + 1];
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:262:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
graftpoints_file = open(graftpoints_fullpath, O_CREAT | O_TRUNC | O_RDWR, S_IRUSR | S_IWUSR);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:57:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int f = open(global_config.general.image_fullpath, O_RDONLY);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volume_id[CDW_ISO9660_VOLI_LEN + 1]; /* mkisofs: -V; xorriso: -volid */
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char volume_set_id[CDW_ISO9660_VOLS_LEN + 1]; /* mkisofs: -volset xorriso: -volset_id */
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preparer[CDW_ISO9660_PREP_LEN + 1]; /* mkisofs: -p xorriso: N/A */
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char publisher[CDW_ISO9660_PUBL_LEN + 1]; /* mkisofs: -publisher xorriso: -publisher */
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_id[CDW_ISO9660_SYSI_LEN + 1]; /* mkisofs: -sysid xorriso: -system_id */
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copyright[CDW_ISO9660_COPY_LEN + 1]; /* mkisofs: -copyright xorriso: N/A */
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char abstract[CDW_ISO9660_ABST_LEN + 1]; /* mkisofs: -abstract xorriso: N/A */
data/cdw-0.8.1/src/optical_file_systems/cdw_ofs.c:173:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofs->fd = open(fullpath, O_RDONLY);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkudffs_other_options[CDW_MKUDFFS_OTHER_OPTIONS_LEN_MAX + 1]; /* Other mkudffs options, not specified by other fields. */
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkudffs_lvid[CDW_UDF_LVID_LEN_MAX + 1]; /* Logical Volume Identifier. */
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkudffs_vid[CDW_UDF_VID_LEN_MAX + 1]; /* Volume Identifier. */
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkudffs_vsid[CDW_UDF_VSID_LEN_MAX + 1]; /* Volume Set Identifier. */
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mkudffs_fsid[CDW_UDF_FSID_LEN_MAX + 1]; /* File Set Identifier. */
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rsync_options[CDW_RSYNC_OPTIONS_LEN_MAX + 1];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_type [_delta(1, 1)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_id [_delta(2, 6)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_version [_delta(7, 7)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_fill [_delta(8, 2048)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_type [_delta(1, 1)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_id [_delta(2, 6)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_version [_delta(7, 7)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_bootsys [_delta(8, 39)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_bootid [_delta(40, 71)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_bootcode [_delta(72, 2048)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_type [_delta( 1, 1)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_id [_delta( 2, 6)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_version [_delta( 7, 7)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_unused1 [_delta( 8, 8)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_system_id [_delta( 9, 40)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_volume_id [_delta( 41, 72)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_unused2 [_delta( 73, 80)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_volume_space_size [_delta( 81, 88)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_unused3 [_delta( 89, 120)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_volume_set_size [_delta( 121, 124)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_volume_seq_number [_delta( 125, 128)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_lbsize [_delta( 129, 132)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_path_table_size [_delta( 133, 140)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_pos_path_table_l [_delta( 141, 144)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_opt_pos_path_table_l [_delta( 145, 148)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_pos_path_table_m [_delta( 149, 152)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_opt_pos_path_table_m [_delta( 153, 156)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_root_dir [_delta( 157, 190)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_volume_set_id [_delta( 191, 318)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_publisher_id [_delta( 319, 446)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_data_preparer_id [_delta( 447, 574)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_application_id [_delta( 575, 702)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_copyr_file_id [_delta( 703, 739)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_abstr_file_id [_delta( 740, 776)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_bibl_file_id [_delta( 777, 813)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_create_time [_delta( 814, 830)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_mod_time [_delta( 831, 847)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_expiry_time [_delta( 848, 864)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_effective_time [_delta( 865, 881)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_file_struct_vers [_delta( 882, 882)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_reserved1 [_delta( 883, 883)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_application_use [_delta( 884, 1395)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vd_fill [_delta(1396, 2048)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_len [_delta( 1, 1)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_eattr_len [_delta( 2, 2)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_eattr_pos [_delta( 3, 10)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_data_len [_delta( 11, 18)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_recording_time [_delta( 19, 25)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_file_flags [_delta( 26, 26)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_file_unit_size [_delta( 27, 27)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_interleave_gap [_delta( 28, 28)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_volume_seq_number [_delta( 29, 32)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_file_name_len [_delta( 33, 33)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dr_file_name [_delta( 34, 34)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_year [_delta( 1, 4)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_month [_delta( 5, 6)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_day [_delta( 7, 8)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_hour [_delta( 9, 10)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_minute [_delta( 11, 12)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_second [_delta( 13, 14)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_hsecond [_delta( 15, 16)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lt_gmtoff [_delta( 17, 17)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt_di_len [_delta( 1, 1)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:123:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt_eattr_len [_delta( 2, 2)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:124:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt_eattr_pos [_delta( 3, 6)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt_di_parent [_delta( 7, 8)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pt_name [_delta( 9, 9)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_owner [_delta( 1, 4)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_group [_delta( 5, 8)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_perm [_delta( 9, 10)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_ctime [_delta( 11, 27)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_mtime [_delta( 28, 44)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_extime [_delta( 45, 61)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_eftime [_delta( 62, 78)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_record_format [_delta( 79, 79)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_record_attr [_delta( 80, 80)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_record_len [_delta( 81, 84)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_system_id [_delta( 85, 116)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_system_use [_delta( 117, 180)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_version [_delta( 181, 181)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:143:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_esc_seq_len [_delta( 182, 182)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_reserved1 [_delta( 183, 246)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_appl_use_len [_delta( 247, 250)];
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ea_appl_use [_delta( 251, 251)]; /* actually more */
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:216:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define GET_SHORT(a) a_to_u_short(&((unsigned char *) (a))[0])
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:217:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define GET_BSHORT(a) a_to_u_short(&((unsigned char *) (a))[2])
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:218:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define GET_INT(a) a_to_u_long(&((unsigned char *) (a))[0])
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:219:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define GET_LINT(a) la_to_u_long(&((unsigned char *) (a))[0])
data/cdw-0.8.1/src/optical_file_systems/iso9660.h:220:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define GET_BINT(a) a_to_u_long(&((unsigned char *) (a))[4])
data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c:49:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest_disc[CDW_DIGEST_LEN_MAX + 1];
data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digest_file[CDW_DIGEST_LEN_MAX + 1];
data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c:456:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
task->calculate_digest.source_fd = open(file_fullpath, O_RDONLY);
data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c:504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_buffer[buf_size];
data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c:560:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_value_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_info[PROCESSWIN_MAX_RTEXT_LEN];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:145:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(track_info, "Copying audio track %d", i);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:151:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ending[7 + 1];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:161:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(full_name, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lame[2], tmp[18], encode[255], cdinfo[255], strk[4], etrk[4], bpc[2], stereo[2], echo[2], highq[2], brate[4], cmd[255];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:227:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(config.log_full_path, "r")) == NULL) {
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:264:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(strk, "%d", start_track);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:265:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(etrk, "%d", end_track);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:453:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start_track = atoi(rtrim(field_buffer(field[1], 0)));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:454:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end_track = atoi(rtrim(field_buffer(field[3], 0)));
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:466:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[30];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:476:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Track: %d", tracknum);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:482:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[30];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:492:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Track: %d", tracknum);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:497:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[30];
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:502:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Track: %d", tracknum);
data/cdw-0.8.1/src/tasks/cdw_read_disc.c:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char track_info[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/tasks/cdw_read_disc.c:391:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ending[7 + 1];
data/cdw-0.8.1/src/tasks/cdw_read_disc.c:406:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fullpath, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
data/cdw-0.8.1/src/tasks/cdw_read_disc.c:528:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[CDW_READ_DICS_TRACK_CORE_NAME_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_colors.c:295:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(path, "r");
data/cdw-0.8.1/src/user_interface/cdw_colors.c:333:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CDW_COLORS_BUFFER_SIZE];
data/cdw-0.8.1/src/user_interface/cdw_erase_wizard.c:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[5];
data/cdw-0.8.1/src/user_interface/cdw_ncurses.c:397:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cdw_ncurses_key_printable[2];
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char processwin_empty_string[EMPTY_STRING_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progress_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progress_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fifo_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char speed_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:753:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(speed_string, _("Speed: %2d.%dx"), speed_decimal, speed_fract);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:864:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progress_string[PROCESSWIN_MAX_RTEXT_LEN + 1];
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_buffer[READ_BUFFER_SIZE + 1];
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:165:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[READ_BUFFER_SIZE];
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:235:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(fullpath, "r");
data/cdw-0.8.1/src/user_interface/cdw_write_wizard.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[4 + 1];
data/cdw-0.8.1/src/user_interface/widgets/cdw_safe_input_line.c:266:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char insecure[2];
data/cdw-0.8.1/src/utilities/cdw_cdll.c:579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[15];
data/cdw-0.8.1/src/utilities/cdw_dll.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[TEST_STRING_LEN];
data/cdw-0.8.1/src/utilities/cdw_logging.c:124:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_file = fopen(global_config.general.log_fullpath, "w+");
data/cdw-0.8.1/src/utilities/cdw_logging.c:428:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/cdw-0.8.1/src/utilities/cdw_logging.c:546:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen(fullpath, "r");
data/cdw-0.8.1/src/utilities/cdw_regex.c:172:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[e_size];
data/cdw-0.8.1/src/utilities/cdw_string.c:1189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[2];
data/cdw-0.8.1/src/utilities/cdw_string.c:1275:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char test_buffer[20];
data/cdw-0.8.1/src/utilities/cdw_string.c:1500:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(head, "test_string_one");
data/cdw-0.8.1/src/utilities/cdw_string.c:1528:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *strings[N_STRINGS_MAX] = {"one", "two", "three", "four", "five", "six", "seven", "eight", "nine"};
data/cdw-0.8.1/src/utilities/cdw_sys.c:85:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char label[CDW_SYS_SIGNAL_LABEL_LEN];
data/cdw-0.8.1/src/utilities/cdw_sys.c:370:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/proc/filesystems", "r");
data/cdw-0.8.1/src/utilities/cdw_sys.c:503:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen("/proc/sys/kernel/osrelease", "r");
data/cdw-0.8.1/src/utilities/cdw_utils.c:96:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((strcmp((char *) argv[1], "--catalog") == 0) || (strcmp((char *) argv[1], "-c") == 0)) {
data/cdw-0.8.1/src/utilities/cdw_utils.c:96:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ((strcmp((char *) argv[1], "--catalog") == 0) || (strcmp((char *) argv[1], "-c") == 0)) {
data/cdw-0.8.1/src/utilities/cdw_utils.c:278:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(config.cdrw_device, O_RDONLY | O_NONBLOCK);
data/cdw-0.8.1/src/utilities/cdw_utils.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2352]; /* return */
data/cdw-0.8.1/src/utilities/cdw_utils.c:315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char internal_buffer[2352];
data/cdw-0.8.1/src/utilities/cdw_utils.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2352];
data/cdw-0.8.1/src/utilities/cdw_utils.c:372:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(config.cdrw_device, O_RDWR | O_NONBLOCK);
data/cdw-0.8.1/src/utilities/cdw_utils.c:389:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &msf, sizeof(msf));
data/cdw-0.8.1/src/utilities/cdw_utils.c:409:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(drive, O_RDONLY);
data/cdw-0.8.1/src/utilities/cdw_utils.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fgets_buffer[100];
data/cdw-0.8.1/src/utilities/cdw_utils.c:794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50 + 1];
data/cdw-0.8.1/gnulib/lib/canonicalize.c:93:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resolved_size = strlen (name);
data/cdw-0.8.1/gnulib/lib/canonicalize.c:275:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen (buf);
data/cdw-0.8.1/gnulib/lib/canonicalize.c:276:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (end);
data/cdw-0.8.1/gnulib/lib/filenamecat.c:74:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t baselen = strlen (base);
data/cdw-0.8.1/src/cddb.c:147:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cdbpass)<=0) {
data/cdw-0.8.1/src/cddb.c:148:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cdbpass, "\0");
data/cdw-0.8.1/src/cddb.c:158:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cdname, "\0");
data/cdw-0.8.1/src/cddb.c:159:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cd_num, "\0");
data/cdw-0.8.1/src/cddb.c:206:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch=(char *) malloc(strlen(eps[cnt]->d_name)+strlen(dir)+4);
data/cdw-0.8.1/src/cddb.c:206:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ch=(char *) malloc(strlen(eps[cnt]->d_name)+strlen(dir)+4);
data/cdw-0.8.1/src/cddb.c:224:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dir)!=dirlength){
data/cdw-0.8.1/src/cddb.c:297:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message)<=0)
data/cdw-0.8.1/src/cddb.c:313:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scan_content(dir, mysql, cd_id, strlen(dir));
data/cdw-0.8.1/src/cddb.c:317:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
scan_content(dir, sqlite_db, cd_id, strlen(dir));
data/cdw-0.8.1/src/cddb.c:788:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].files=(char *)malloc(strlen(row[1])+2);
data/cdw-0.8.1/src/cddb.c:791:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(file_list[c].cd_name, "");
data/cdw-0.8.1/src/cddb.c:793:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(file_list[c].type_name, "");
data/cdw-0.8.1/src/cddb.c:822:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].files=(char *)malloc(strlen(row[1])+4);
data/cdw-0.8.1/src/cddb.c:825:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(file_list[c].cd_name, "");
data/cdw-0.8.1/src/cddb.c:826:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].type_name=(char *)malloc(strlen(row[3])+1);
data/cdw-0.8.1/src/cddb.c:847:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line=file_list[c].files=(char *)malloc(strlen(row[1])+4);
data/cdw-0.8.1/src/cddb.c:855:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].files=(char *)malloc(strlen(row[1])+4);
data/cdw-0.8.1/src/cddb.c:858:6: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(file_list[c].cd_name, "");
data/cdw-0.8.1/src/cddb.c:859:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].type_name=(char *)malloc(strlen(row[5])+1);
data/cdw-0.8.1/src/cddb.c:896:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line=(char *) malloc(strlen(row[2])+5);
data/cdw-0.8.1/src/cddb.c:897:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].type_name=(char *)malloc(strlen(row[5])+4);
data/cdw-0.8.1/src/cddb.c:899:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].cd_name=(char *)malloc(strlen(row[1])+1);
data/cdw-0.8.1/src/cddb.c:921:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].files=(char *)malloc(strlen(line)+1);
data/cdw-0.8.1/src/cddb.c:928:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_list[c].files=(char *)malloc(strlen(line)+2);
data/cdw-0.8.1/src/cddb.c:993:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(cddbwin.select, 0, getmaxx(cddbwin.select)-strlen(_(" Search [ ] "))-1, _(" Search [X] "));
data/cdw-0.8.1/src/cddb.c:995:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(cddbwin.select, 0, getmaxx(cddbwin.select)-strlen(_(" Search [ ] "))-1, _(" Search [ ] "));
data/cdw-0.8.1/src/cddb.c:1033:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(cddbwin.page_info, 0, getmaxx(cddbwin.page_info)-strlen(page_str), "%s", page_str);
data/cdw-0.8.1/src/cddb.c:1036:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dir_str)>(getmaxx(cddbwin.page_info)-strlen(page_str))){
data/cdw-0.8.1/src/cddb.c:1036:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dir_str)>(getmaxx(cddbwin.page_info)-strlen(page_str))){
data/cdw-0.8.1/src/cddb.c:1037:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_str[getmaxx(cddbwin.page_info)-strlen(page_str)]='\0';
data/cdw-0.8.1/src/cddb.c:1050:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file_p.files)>0){
data/cdw-0.8.1/src/cddb.c:1073:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(cddbwin.list, pos, 0, "/%d - %.*s", file_p.cd_num, getmaxx(cddbwin.list)-(strlen(num)+5), file_p.files);
data/cdw-0.8.1/src/cddb.c:1201:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1223:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_disk, "*");
data/cdw-0.8.1/src/cddb.c:1224:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_type, "*");
data/cdw-0.8.1/src/cddb.c:1225:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1233:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_disk, "*");
data/cdw-0.8.1/src/cddb.c:1234:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1242:7: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1252:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line=(char *) malloc(strlen(var_dir)+5);
data/cdw-0.8.1/src/cddb.c:1272:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file_list[pos].files)>0){
data/cdw-0.8.1/src/cddb.c:1336:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(cddbwin.main, 1, (COLS / 2) - ((strlen(_("Disk Catalog"))+8) / 2), "::: %s :::", _("Disk Catalog"));
data/cdw-0.8.1/src/cddb.c:1376:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(cddbwin.select, 0, getmaxx(cddbwin.select)-strlen(_(" Search [ ] "))-1, _(" Search [ ] "));
data/cdw-0.8.1/src/cddb.c:1405:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_type, "*");
data/cdw-0.8.1/src/cddb.c:1406:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_disk, "*");
data/cdw-0.8.1/src/cddb.c:1407:2: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1438:12: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_type, "*");
data/cdw-0.8.1/src/cddb.c:1439:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_disk, "*");
data/cdw-0.8.1/src/cddb.c:1440:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1451:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_type, "*");
data/cdw-0.8.1/src/cddb.c:1452:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_disk, "*");
data/cdw-0.8.1/src/cddb.c:1453:3: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1467:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_type, "*");
data/cdw-0.8.1/src/cddb.c:1468:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_disk, "*");
data/cdw-0.8.1/src/cddb.c:1469:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(var_dir, "*");
data/cdw-0.8.1/src/cddb.c:1508:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cdbpass, "\0");
data/cdw-0.8.1/src/cddb.c:1582:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file_list[pos].files)>0){
data/cdw-0.8.1/src/configuration/cdw_config.c:619:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest->custom_drive, src->custom_drive, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:621:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest->selected_drive, src->selected_drive, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:623:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest->scsi, src->scsi, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:740:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(config->custom_drive)) {
data/cdw-0.8.1/src/configuration/cdw_config.c:757:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(config->custom_drive);
data/cdw-0.8.1/src/configuration/cdw_config.c:768:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(config->scsi)) {
data/cdw-0.8.1/src/configuration/cdw_config.c:803:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(config->general.log_fullpath)) {
data/cdw-0.8.1/src/configuration/cdw_config.c:955:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(global_config.scsi)) {
data/cdw-0.8.1/src/configuration/cdw_config.c:1019:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(config->custom_drive, "");
data/cdw-0.8.1/src/configuration/cdw_config.c:1021:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(config->scsi,""); /* some (most?) users will prefer to leave it empty */
data/cdw-0.8.1/src/configuration/cdw_config.c:1074:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(base_dir_fullpath);
data/cdw-0.8.1/src/configuration/cdw_config.c:1437:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->selected_drive, option.value, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1443:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(option.value)) {
data/cdw-0.8.1/src/configuration/cdw_config.c:1448:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->custom_drive, option.value, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1455:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->scsi, option.value, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1602:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->udf.mkudffs_other_options, option.value, CDW_MKUDFFS_OTHER_OPTIONS_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1608:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->udf.mkudffs_lvid, option.value, CDW_UDF_LVID_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1614:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->udf.mkudffs_vid, option.value, CDW_UDF_VID_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1620:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->udf.mkudffs_vsid, option.value, CDW_UDF_VSID_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1626:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->udf.mkudffs_fsid, option.value, CDW_UDF_FSID_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config.c:1632:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->udf.rsync_options, option.value, CDW_RSYNC_OPTIONS_LEN_MAX);
data/cdw-0.8.1/src/configuration/cdw_config_window.c:900:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cvs_buffer_rest)) {
data/cdw-0.8.1/src/disc_and_drive/cdw_cdio.c:1421:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rv = read(disc->ofs->fd, (void *) buffer, disc->tracks[t].sector_size * n_sectors);
data/cdw-0.8.1/src/disc_and_drive/cdw_disc.c:1137:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l, cdw_disc_type_labels[CDW_DISC_TYPE_UNKNOWN], CDW_DISC_TYPE_LABEL_LEN);
data/cdw-0.8.1/src/disc_and_drive/cdw_disc.c:1139:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(l, cdw_disc_type_labels[disc->type], CDW_DISC_TYPE_LABEL_LEN);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:220:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(200000);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:535:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:584:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:720:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (label, _("Use custom path to drive"), max_len);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:769:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(path)) {
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:856:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(config->selected_drive, "custom", OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/disc_and_drive/cdw_drive.c:861:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(config->selected_drive, cdw_cdio_drives[id].fullpath, OPTION_FIELD_LEN_MAX);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:709:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_vdm ("INFO: tsize_value string = \"%s\", strlen(tsize_value) = %zd\n", tsize_value, strlen(tsize_value));
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:740:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_vdm ("pad string is \"%s\", %zd / %zd chars\n", pad_string, strlen(pad_string), pad_len_max);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:746:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_vdm ("speed string is \"%s\", %zd / %zd chars\n", speed_string, strlen(speed_string), speed_len_max);
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:756:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(track_format, " ");
data/cdw-0.8.1/src/external_tools/cdw_cdrecord.c:766:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(disc_mode) ? disc_mode : " ",
data/cdw-0.8.1/src/external_tools/cdw_cdrecord_regex.c:1048:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(submatch);
data/cdw-0.8.1/src/external_tools/cdw_digest_regex.c:151:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(digest_disc, submatch, (size_t) len + 1);
data/cdw-0.8.1/src/external_tools/cdw_digest_regex.c:153:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(digest_file, submatch, (size_t) len + 1);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:572:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(submatch, (char *) &stdout_pipe_buffer[matches[i].rm_so], len);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:579:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(track_index, submatch, len + 1);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:593:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(track_start_address, submatch, len + 1);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:639:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(submatch, (char *) &stdout_pipe_buffer[matches[i].rm_so], (size_t) len);
data/cdw-0.8.1/src/external_tools/cdw_dvd_rw_mediainfo_regex.c:705:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(submatch, (char *) &stdout_pipe_buffer[matches[i].rm_so], (size_t) len);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:793:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(label_not_available, _("(not available)"), 19);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:798:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(label_system_default, _("(system default)"), 19);
data/cdw-0.8.1/src/external_tools/cdw_ext_tools.c:803:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(label_no_tool_available, _("(no tool available)"), 19);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:176:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t iso_len_max = strlen(" -iso-level X ");
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:180:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iso_level_string, sn, strlen(iso_level_string), iso_len_max);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:360:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (drive != (char *) NULL && strlen(drive), "ERROR: invalid \"drive\" = \"%s\"\n", drive);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:373:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (ssize_t) strlen(*multi_string);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:391:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t volume_id = strlen(task->create_image.iso9660.volume_id);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:395:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t preparer = strlen(task->create_image.iso9660.preparer);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:396:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t publisher = strlen(task->create_image.iso9660.publisher);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:397:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t system_id = strlen(task->create_image.iso9660.system_id);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:398:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t copyright = strlen(task->create_image.iso9660.copyright);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:399:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t volume_set_id = strlen(task->create_image.iso9660.volume_set_id);
data/cdw-0.8.1/src/external_tools/cdw_mkisofs.c:400:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t abstract = strlen(task->create_image.iso9660.abstract);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:192:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->abstract, s, CDW_ISO9660_ABST_LEN);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:196:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->volume_set_id, s, CDW_ISO9660_VOLS_LEN);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:200:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->copyright, s, CDW_ISO9660_COPY_LEN);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:204:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->publisher, s, CDW_ISO9660_PUBL_LEN);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:208:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->preparer, s, CDW_ISO9660_PREP_LEN);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:212:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->system_id, s, CDW_ISO9660_SYSI_LEN);
data/cdw-0.8.1/src/external_tools/cdw_mkisofsrc.c:303:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, option.value, len);
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:114:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_lvid) ? " --lvid=\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:115:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_lvid) ? udf->mkudffs_lvid : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:116:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_lvid) ? "\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:118:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_vid) ? " --vid=\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:119:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_vid) ? udf->mkudffs_vid : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:120:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_vid) ? "\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:122:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_vsid) ? " --vsid=\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:123:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_vsid) ? udf->mkudffs_vsid : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:124:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_vsid) ? "\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:126:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_fsid) ? " --fsid=\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:127:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_fsid) ? udf->mkudffs_fsid : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:128:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(udf->mkudffs_fsid) ? "\"" : "",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs.c:130:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
" ", strlen(udf->mkudffs_other_options) ? udf->mkudffs_other_options : " ",
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_helpers.c:315:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (strlen(file->fullpath) != 0, "ERROR: file full path length == 0\n");
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_helpers.c:317:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (strlen(file->fullpath + file->name_start) != 0, "ERROR: file name length == 0\n");
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:289:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(udf->rsync_options)) {
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:368:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(udf->mkudffs_other_options, s, CDW_MKUDFFS_OTHER_OPTIONS_LEN_MAX);
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:372:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(udf->rsync_options, s, CDW_RSYNC_OPTIONS_LEN_MAX);
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:738:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(udf->mkudffs_lvid, s, CDW_UDF_LVID_LEN_MAX);
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:742:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(udf->mkudffs_vsid, s, CDW_UDF_VSID_LEN_MAX);
data/cdw-0.8.1/src/external_tools/cdw_mkudffs_options.c:746:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(udf->mkudffs_fsid, s, CDW_UDF_FSID_LEN_MAX);
data/cdw-0.8.1/src/external_tools/cdw_thread.c:196:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(stdout_pipe[PARENTS_END], &buf, 1);
data/cdw-0.8.1/src/external_tools/cdw_thread.c:243:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
er = read(stderr_pipe[PARENTS_END], &ebuf, 1);
data/cdw-0.8.1/src/external_tools/cdw_which.c:74:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (strlen(tool_name), "ERROR: passed empty tool name to the function (strlen = 0)\n");
data/cdw-0.8.1/src/external_tools/cdw_which.c:130:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dirpath);
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:306:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t volume_id = strlen(task->create_image.iso9660.volume_id);
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:310:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t publisher = strlen(task->create_image.iso9660.publisher);
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:311:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t system_id = strlen(task->create_image.iso9660.system_id);
data/cdw-0.8.1/src/external_tools/cdw_xorriso.c:312:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t volume_set_id = strlen(task->create_image.iso9660.volume_set_id);
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:800:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(submatch)) {
data/cdw-0.8.1/src/external_tools/cdw_xorriso_regex.c:818:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(submatch)) {
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:169:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->volume_set_id, s, CDW_ISO9660_VOLS_LEN);
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:173:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->publisher, s, CDW_ISO9660_PUBL_LEN);
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:177:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(iso->system_id, s, CDW_ISO9660_SYSI_LEN);
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:266:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(ptr);
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:276:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(buffer)) {
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:282:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(trimmed)) {
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:292:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(trimmed);
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:323:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(option_name);
data/cdw-0.8.1/src/external_tools/cdw_xorrisorc.c:328:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(local_buffer, b, len);
data/cdw-0.8.1/src/native_file_system/cdw_file.c:595:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string) >= h_offset) {
data/cdw-0.8.1/src/native_file_system/cdw_file.c:606:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/cdw-0.8.1/src/native_file_system/cdw_file.c:611:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "INFO: char: strlen(string) = %zd\n", strlen(string));
data/cdw-0.8.1/src/native_file_system/cdw_file.c:616:77: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fprintf(stderr, "INFO: wchar: wcslen(dest) = %zd, mbstowcs(): %zd\n\n\n", wcslen(dest), conv_len);
data/cdw-0.8.1/src/native_file_system/cdw_file.c:1139:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert_test (file.name_start == (ssize_t) strlen(dirpath),
data/cdw-0.8.1/src/native_file_system/cdw_file_picker.c:183:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(file_picker.fullpath);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:493:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(home);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:519:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
home, home_dir_fullpath, strlen(home_dir_fullpath));
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:639:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(tmp_dir_fullpath);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:662:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(home_dir_fullpath);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:908:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(*path);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:963:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*path);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:1004:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*path);
data/cdw-0.8.1/src/native_file_system/cdw_fs.c:1271:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(path);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:109:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (strlen(file->fullpath) != 0, "ERROR: file full path length == 0\n");
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:111:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (strlen(file->fullpath + file->name_start) != 0, "ERROR: file name length == 0\n");
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:348:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t llen = strlen(left);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:350:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rlen = strlen(right);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:353:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rlen = strlen(right);
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:359:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t rv1 = write(graftpoints_file, left, strlen(left));
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:360:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t rv2 = write(graftpoints_file, "=", strlen("="));
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:361:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t rv3 = write(graftpoints_file, right, strlen(right));
data/cdw-0.8.1/src/optical_file_systems/cdw_graftpoints.c:362:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ssize_t rv4 = write(graftpoints_file, "\n", strlen("\n"));
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:192:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->volume_id, source->volume_id, CDW_ISO9660_VOLI_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:195:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->volume_set_id, source->volume_set_id, CDW_ISO9660_VOLS_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:198:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->preparer, source->preparer, CDW_ISO9660_PREP_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:201:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->publisher, source->publisher, CDW_ISO9660_PUBL_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:204:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->system_id, source->system_id, CDW_ISO9660_SYSI_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:207:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->copyright, source->copyright, CDW_ISO9660_COPY_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:210:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->abstract, source->abstract, CDW_ISO9660_ABST_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_iso9660.c:276:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(iso->volume_id, _("my volume"), CDW_ISO9660_VOLI_LEN);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c:94:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->mkudffs_other_options, source->mkudffs_other_options, CDW_MKUDFFS_OTHER_OPTIONS_LEN_MAX);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c:97:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->mkudffs_lvid, source->mkudffs_lvid, CDW_UDF_LVID_LEN_MAX);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c:99:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->mkudffs_vid, source->mkudffs_vid, CDW_UDF_VID_LEN_MAX);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c:101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->mkudffs_vsid, source->mkudffs_vsid, CDW_UDF_VSID_LEN_MAX);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c:103:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->mkudffs_fsid, source->mkudffs_fsid, CDW_UDF_FSID_LEN_MAX);
data/cdw-0.8.1/src/optical_file_systems/cdw_udf.c:106:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(target->rsync_options, source->rsync_options, CDW_RSYNC_OPTIONS_LEN_MAX);
data/cdw-0.8.1/src/optical_file_systems/isosize.c:69:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(file, vd, sizeof(*vd));
data/cdw-0.8.1/src/tasks/cdw_calculate_digest.c:515:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(task->calculate_digest.source_fd, read_buffer, (size_t) buf_size);
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:457:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(config.stereo, "1", strlen(config.stereo)) == 0)
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:461:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(config.echosound, "1", strlen(config.echosound)) == 0) {
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:464:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(config.encode, "1", strlen(config.encode)) == 0) {
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:470:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(config.highq, "1", strlen(config.highq)) == 0) {
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:480:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(config.lame, "1", strlen(config.lame)) == 0) {
data/cdw-0.8.1/src/tasks/cdw_cdda2wav.c:486:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(config.highq, "1", strlen(config->highq)) == 0) {
data/cdw-0.8.1/src/tasks/cdw_create_image.c:295:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(global_config.boot_image_path)) {
data/cdw-0.8.1/src/tasks/cdw_create_image.c:318:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2 * CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_create_image.c:390:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2 * CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_create_image.c:399:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_create_image.c:412:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_create_image.c:432:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_create_image.c:452:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_create_image.c:505:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(CDW_CREATE_IMAGE_PAUSE);
data/cdw-0.8.1/src/tasks/cdw_read_disc.c:531:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(filename, _("track"), CDW_READ_DICS_TRACK_CORE_NAME_LEN);
data/cdw-0.8.1/src/tasks/cdw_read_disc_info.c:104:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int c = (int) strlen(label);
data/cdw-0.8.1/src/tasks/cdw_read_disc_info.c:146:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = (int) strlen(label);
data/cdw-0.8.1/src/user_interface/cdw_colors.c:288:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(path);
data/cdw-0.8.1/src/user_interface/cdw_colors.c:479:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if ((strlen(tline) == 0) || tline[0] == '\n') {
data/cdw-0.8.1/src/user_interface/cdw_image_wizard.c:1306:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(task->create_image.iso9660.volume_id, s, CDW_ISO9660_VOLI_LEN);
data/cdw-0.8.1/src/user_interface/cdw_image_wizard.c:1310:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(task->create_image.udf.mkudffs_vid, s, CDW_UDF_VID_LEN_MAX);
data/cdw-0.8.1/src/user_interface/cdw_main_window.c:1044:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len1 = strlen(COMMON);
data/cdw-0.8.1/src/user_interface/cdw_main_window.c:1045:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len2 = strlen("/GPL-2");
data/cdw-0.8.1/src/user_interface/cdw_ncurses.c:214:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((char *) cdw_string_rtrim(field_buffer(field, 0)));
data/cdw-0.8.1/src/user_interface/cdw_ncurses.c:234:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*buffer, (char *) cdw_string_rtrim(field_buffer(field, 0)), len);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:344:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int col = (processwin.n_cols / 2) - ((int) strlen(eta_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:532:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (description && strlen(description)) {
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:533:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(progress_string, description, PROCESSWIN_MAX_RTEXT_LEN);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:540:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int col = (processwin.n_cols / 2) - ((int) strlen(progress_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:554:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (description && strlen(description)) {
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:614:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int col = (processwin.n_cols / 2) - ((int) strlen(progress_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:735:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (processwin.n_cols / 2) - ((int) strlen(fifo_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:739:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (processwin.n_cols / 4) - ((int) strlen(fifo_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:761:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (processwin.n_cols / 2) - ((int) strlen(speed_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:765:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = (3 * processwin.n_cols / 4) - ((int) strlen(speed_string) / 2);
data/cdw-0.8.1/src/user_interface/cdw_processwin.c:820:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:163:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (t = 0; t < strlen(buffer); t++) {
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:166:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_line, buffer, t);
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:185:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp_line + t + 8, buffer + t + 1, READ_BUFFER_SIZE - t - 8);
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:187:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, tmp_line, READ_BUFFER_SIZE);
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:202:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) >= h_offset) {
data/cdw-0.8.1/src/user_interface/cdw_text_file_viewer.c:233:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_assert (strlen(fullpath), "file path len is zero\n");
data/cdw-0.8.1/src/user_interface/cdw_window.c:220:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(bottom_string);
data/cdw-0.8.1/src/user_interface/cdw_window.c:229:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_vdm ("ERROR: details: strlen(bottom_string) = %zd, offset = %zd\n", strlen(bottom_string), offset);
data/cdw-0.8.1/src/user_interface/cdw_window.c:233:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "...", 3);
data/cdw-0.8.1/src/user_interface/cdw_window.c:250:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(top_string);
data/cdw-0.8.1/src/user_interface/cdw_window.c:258:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cdw_vdm ("ERROR: details: strlen(top_string) = %zd, usable_n_cols = %zd\n", strlen(top_string), usable_n_cols);
data/cdw-0.8.1/src/user_interface/cdw_window.c:262:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf + usable_n_cols - 3, "...", 3);
data/cdw-0.8.1/src/user_interface/cdw_write_wizard.c:799:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int other_options_n_cols = (int) strlen(other_options) + 2;
data/cdw-0.8.1/src/user_interface/cdw_write_wizard.c:1460:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(task->create_image.iso9660.volume_id, s, CDW_ISO9660_VOLI_LEN);
data/cdw-0.8.1/src/user_interface/widgets/cdw_button.c:103:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int label_len = (int) strlen(button->label);
data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.c:594:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dialog->button[BUTTON_OK].label_len = (int) strlen(dialog->button[BUTTON_OK].label);
data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.c:595:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dialog->button[BUTTON_YES].label_len = (int) strlen(dialog->button[BUTTON_YES].label);
data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.c:596:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dialog->button[BUTTON_NO].label_len = (int) strlen(dialog->button[BUTTON_NO].label);
data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.c:597:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dialog->button[BUTTON_CANCEL].label_len = (int) strlen(dialog->button[BUTTON_CANCEL].label);
data/cdw-0.8.1/src/user_interface/widgets/cdw_dialog.c:1021:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(d->buffer, b, (size_t) d->chars_max);
data/cdw-0.8.1/src/utilities/cdw_cdll.c:591:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(my_data.string, "hello world", 12);
data/cdw-0.8.1/src/utilities/cdw_cdll.c:611:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(my_data2.string, "asteroid", 10);
data/cdw-0.8.1/src/utilities/cdw_cdll.c:639:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(my_data2.string, "melbourne", 10);
data/cdw-0.8.1/src/utilities/cdw_logging.c:107:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strlen(global_config.general.log_fullpath)) {
data/cdw-0.8.1/src/utilities/cdw_regex.c:219:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(submatch, (char *) &buffer[matches[sub].rm_so], (size_t) len);
data/cdw-0.8.1/src/utilities/cdw_string.c:149:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(string);
data/cdw-0.8.1/src/utilities/cdw_string.c:187:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/cdw-0.8.1/src/utilities/cdw_string.c:218:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen (first);
data/cdw-0.8.1/src/utilities/cdw_string.c:220:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen (arg);
data/cdw-0.8.1/src/utilities/cdw_string.c:321:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(invalid, c, 1);
data/cdw-0.8.1/src/utilities/cdw_string.c:328:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(string);
data/cdw-0.8.1/src/utilities/cdw_string.c:379:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(source);
data/cdw-0.8.1/src/utilities/cdw_string.c:389:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*target, source, len + 1);
data/cdw-0.8.1/src/utilities/cdw_string.c:419:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(line, substring, strlen(substring))) {
data/cdw-0.8.1/src/utilities/cdw_string.c:570:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/cdw-0.8.1/src/utilities/cdw_string.c:620:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/cdw-0.8.1/src/utilities/cdw_string.c:684:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/cdw-0.8.1/src/utilities/cdw_string.c:896:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(start);
data/cdw-0.8.1/src/utilities/cdw_string.c:1283:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(result);
data/cdw-0.8.1/src/utilities/cdw_string.c:1334:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int r = strncmp(result, "test string", strlen("test string"));
data/cdw-0.8.1/src/utilities/cdw_string.c:1336:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(result);
data/cdw-0.8.1/src/utilities/cdw_string.c:1479:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(*(result3 + strlen(sum_of_long_strings)) == '\0');
data/cdw-0.8.1/src/utilities/cdw_string.c:1498:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *head = (char *) malloc(strlen("test_string_one") + 1);
data/cdw-0.8.1/src/utilities/cdw_utils.c:138:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rest != (char *) NULL && strlen(rest)) {
data/cdw-0.8.1/src/utilities/cdw_utils.c:454:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t fgets_len = strlen(fgets_buffer);
data/cdw-0.8.1/src/utilities/cdw_utils.c:464:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(end, fgets_buffer, fgets_len + 1);
data/cdw-0.8.1/src/utilities/cdw_utils.c:522:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__attribute__((unused)) size_t len = strlen(table[j].label);
ANALYSIS SUMMARY:
Hits = 898
Lines analyzed = 65329 in approximately 1.96 seconds (33396 lines/second)
Physical Source Lines of Code (SLOC) = 34668
Hits@level = [0] 341 [1] 290 [2] 469 [3] 7 [4] 130 [5] 2
Hits@level+ = [0+] 1239 [1+] 898 [2+] 608 [3+] 139 [4+] 132 [5+] 2
Hits/KSLOC@level+ = [0+] 35.739 [1+] 25.9028 [2+] 17.5378 [3+] 4.00946 [4+] 3.80755 [5+] 0.0576901
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.