Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/backend-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/network.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/test1284.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/testsupplies.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c
Examining data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c
Examining data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/cgi-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/cgi.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/html.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/makedocset.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testcgi.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testhi.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testtemplate.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/array-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/array.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/array.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/backchannel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/backend.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/cups.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/debug-internal.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/debug-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest-job.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/dir.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/file-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/file.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/file.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getdevices.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs-internal.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/language-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/language.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/language.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/md5-internal.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/notify.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/options.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-attr.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-custom.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-page.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/pwg.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interstub.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/rasterbench.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/request.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/snmp-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/string.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testadmin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testcache.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testconflicts.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testcreds.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testgetdests.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testoptions.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testpwg.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testsnmp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/testthreads.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/thread-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tls.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/util.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/versioning.h
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c
Examining data/cups-2.3.3op1~106-ga72b0140e/data/epson.h
Examining data/cups-2.3.3op1~106-ga72b0140e/data/hp.h
Examining data/cups-2.3.3op1~106-ga72b0140e/data/label.h
Examining data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.c
Examining data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.h
Examining data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/common.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/common.h
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/ipp-strings.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c
Examining data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c
Examining data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c
Examining data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c
Examining data/cups-2.3.3op1~106-ga72b0140e/notifier/testnotify.c
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/genstrings.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-array.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-attr.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-choice.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-constraint.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-file.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-filter.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-font.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-group.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-mediasize.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-message.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-option.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-profile.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-shared.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-string.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-variable.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.h
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdhtml.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdi.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdpo.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/ppdc/testcatalog.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsd.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/filter.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/listen.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime-private.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/policy.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/policy.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/quotas.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/select.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/server.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/sysman.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/sysman.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/testsub.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.h
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx
Examining data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsctl.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c
Examining data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/dither.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippevecommon.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/printer-lg-png.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/printer-png.h
Examining data/cups-2.3.3op1~106-ga72b0140e/tools/printer-sm-png.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/cclass.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/cname.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regex.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regex2.h
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regexec.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regfree.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c
Examining data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/utils.h
Examining data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h

FINAL RESULTS:

data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:223:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(addr->un.sun_path, 0140777);
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1177:23:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
      if ((realsize = readlink(filename, realfile, sizeof(realfile) - 1)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:346:9:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    if (chown(filename, user, group) && !getuid())
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:369:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    if (chmod(filename, mode))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:823:20:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
  if ((linkbytes = readlink(filter, linkpath, sizeof(linkpath) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:525:22:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:177:20:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
  if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:786:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  execv(filename, argv);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:657:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(buf, sizeof(buf), format, ap);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:458:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:87:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(libpath, 0))
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:153:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access(scheme, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:161:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(backend, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:463:5:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execv(backend, argv + first_arg);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:282:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(device, 0))
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:286:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(device, 0))
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:305:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(argv[i], R_OK) != 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:118:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:63:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:68:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:201:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:724:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !access(CUPS_DEFAULT_DOMAINSOCKET, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1096:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(CUPS_DEFAULT_DOMAINSOCKET, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1368:48:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!_cups_strcasecmp(host, "localhost") && !access(name, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1379:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:235:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(prompt, sizeof(prompt), _cupsLangString(cg->lang_default, _("Password for %s on %s? ")), cupsUser(), http->hostname[0] == '/' ? "localhost" : http->hostname);
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:393:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(prompt, sizeof(prompt),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:287:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(buffer, sizeof(buffer), logfile, getpid());
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:491:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, double));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:515:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	      snprintf(temp, sizeof(temp), tformat, va_arg(ap, long long));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:519:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	      snprintf(temp, sizeof(temp), tformat, va_arg(ap, long));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:521:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	      snprintf(temp, sizeof(temp), tformat, va_arg(ap, int));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:536:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *));
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:148:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(temp, sizeof(temp), _cupsLangString(lang, _("%g x %g \"")), size->width / 2540.0, size->length / 2540.0);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:156:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(temp, sizeof(temp), _cupsLangString(lang, _("%d x %d mm")), (size->width + 50) / 100, (size->length + 50) / 100);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:180:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless)")), lsize);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:187:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless, %s)")), lsize, ltype);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:189:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (%s)")), lsize, ltype);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:194:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless, %s)")), lsize, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:196:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (%s)")), lsize, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:201:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (Borderless, %s, %s)")), lsize, ltype, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:203:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(lstr, sizeof(lstr), _cupsLangString(lang, _("%s (%s, %s)")), lsize, ltype, lsource);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2077:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:229:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:235:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:244:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:249:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:256:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:263:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:273:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:277:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:284:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:288:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(message, sizeof(message),
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:540:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:570:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (!access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:572:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (!access(buffer, executable ? X_OK : 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:596:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1378:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(fp->printf_buffer, fp->printf_size, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1400:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    bytes = vsnprintf(fp->printf_buffer, fp->printf_size, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:467:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(resource, sizeof(resource), resourcef, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1870:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(buf, sizeof(buf), format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2655:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(len, sizeof(len), CUPS_LLFMT, CUPS_LLCAST length);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:839:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1104:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    if ((bytes = vsnprintf(buffer, sizeof(buffer), format, ap)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4379:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    if ((bytes = vsnprintf(buffer, sizeof(buffer), format, ap)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6692:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buffer, sizeof(buffer), _cupsLangString(lang, format), ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:68:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(bufptr, sizeof(buffer) - (size_t)(bufptr - buffer),
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:124:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buffer, sizeof(buffer), temp, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:178:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buffer, sizeof(buffer) - 1,
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1335:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
          if (!access(path, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1446:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(filename, sizeof(filename),
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1450:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1459:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", locale);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1462:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1476:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", baselang);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1479:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1512:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (!access(CUPS_BUNDLEDIR "/Resources/zh_TW.lproj/cups.strings", 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1530:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename),
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1694:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (strchr(lang->language, '_') && access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1703:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:195:38:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!stat(ppdname, &ppdinfo) && !access(ppdname, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:231:45:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c:40:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(s, sizeof(s), f, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:174:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, double));
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:205:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, int));
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:229:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *));
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:343:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(buffer, bufsize, format, ap);
data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h:175:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf _cups_snprintf
data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h:180:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define vsnprintf _cups_vsnprintf
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:70:46:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:326:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("locale", 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1381:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system(command);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1768:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(msgbuf, sizeof(msgbuf), _cupsLangString(cg->lang_default, _("Unable to establish a secure connection to host (%d).")), error);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:2064:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(path, R_OK) && tls_cups_keychain)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:945:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:956:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(buffer, 0))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1416:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1416:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1427:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1427:41:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(hostname, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1441:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1441:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1452:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1452:47:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1463:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1463:36:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(crtfile, R_OK) || access(keyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1474:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1474:41:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if ((access(cacrtfile, R_OK) || access(cakeyfile, R_OK)) && (hostptr = strchr(tls_common_name, '.')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1488:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1488:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (!access(cacrtfile, R_OK) && !access(cakeyfile, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1499:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1499:47:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      have_creds = !access(crtfile, R_OK) && !access(keyfile, R_OK);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:584:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:586:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion, machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:603:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s) IPP/2.0", version);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:605:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s; %s) IPP/2.0", version, name.machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:609:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s) IPP/2.0", version);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:611:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s; %s) IPP/2.0", version, name.machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:622:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s) IPP/2.0", name.sysname, name.release);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:624:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s; %s) IPP/2.0", name.sysname, name.release, name.machine);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1188:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2020:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(buffer, sizeof(buffer), format, ap);
data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c:70:18:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if ((strings = popen(iconv, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:144:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        sscanf(line + 4, "%s%d", name, &section);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:954:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!access(manfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:561:5:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execvp(argv[0], argv);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/genstrings.cxx:45:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access("../data", 0) || access("sample.drv", 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/genstrings.cxx:45:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access("../data", 0) || access("sample.drv", 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:69:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(pofile, sizeof(pofile), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", _cupsAppleLanguage(l, applelang, sizeof(applelang)));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:70:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(pofile, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:92:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(pofile, sizeof(pofile), CUPS_BUNDLEDIR "/Resources/%s.lproj/cups.strings", tl);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:250:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        if (sscanf(attr->value, "%s%*[^\"]\"%[^\"]\"%s%s", encoding, version,
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:194:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:209:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:218:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:222:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access(n, 0))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:289:4:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  execlp("cupstestppd", "cupstestppd", "-", (char *)0);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdi.cxx:85:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(srcfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:684:13:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
	    pass = crypt(password, pw->pw_passwd);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:691:10:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
		pass = crypt(password, spw->sp_pwdp);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1997:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(urltext, sizeof(urltext), _cupsLangString(con->language, _("You must access this page using the URL https://%s:%d%s.")), con->servername, con->serverport, con->uri);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2736:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	  if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2773:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	  if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2787:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, F_OK) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3474:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(content_length, sizeof(content_length), "CONTENT_LENGTH=" CUPS_LLFMT, CUPS_LLCAST con->bytes);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:391:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(iccfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1214:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      access(TempDir, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1654:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (Printcap && *Printcap && access(Printcap, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2910:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(temp, 0) && _cups_strcasecmp(value, "internal") && _cups_strcasecmp(line, "ServerKeychain"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:483:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(line, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1087:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access("/usr/local/share/ppd", 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1089:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access("/usr/share/ppd", 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1091:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access("/opt/share/ppd", 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:175:3:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  execv(argv[i + 1], argv + i + 2);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1012:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!access("/System/Library/Frameworks/ApplicationServices.framework/"
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:172:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(v, sizeof(v), value, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:303:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:325:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2022:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(notifier, X_OK) || stat(notifier, &info) || !S_ISREG(info.st_mode))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2404:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(srcfile, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4163:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0) && strlen(attrname) > 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4176:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5749:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(notifier, X_OK) || !strcmp(scheme, ".") || !strcmp(scheme, ".."))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7101:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if ((dtype & CUPS_PRINTER_REMOTE) && access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7114:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
          if (!access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10073:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(formatted, sizeof(formatted),
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1923:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2620:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4319:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4322:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4446:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(jobfile, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:459:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:702:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:720:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:494:5:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execlp(argv[0], argv[0], "-C", ConfigurationFile, "-s", CupsFilesFile, (char *)0);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1356:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(v, sizeof(v), f, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:182:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer, sizeof(buffer), message, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1033:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
          if (access(line, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4087:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(strings_name, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4957:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  else if (!access(ppd_name, 0))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:796:7:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      execv(exec_path, argv);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.c:86:7:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      vsnprintf(sb->prefix, sizeof(sb->prefix), prefix, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:155:7:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      vsnprintf(ftext, sizeof(ftext), text, ap);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:137:5:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execv("./cups-lpd", cupslpd_argv);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:176:4:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  execlp(argv[0], argv[0], options, "0", reqstr, "-o", opstring,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:179:4:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	  execlp(argv[0], argv[0], options, "0", reqstr, serverstr, (char *)NULL);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:223:11:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  return (execv(command, argv));
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:532:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(argv[i], R_OK) != 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1636:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(command, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1646:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(command, X_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2570:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (!strcmp(scheme, "file") && access(resource, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3072:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, double));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3090:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	      snprintf(temp, sizeof(temp), tformat, va_arg(ap, long long));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3094:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	      snprintf(temp, sizeof(temp), tformat, va_arg(ap, long));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3096:8:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	      snprintf(temp, sizeof(temp), tformat, va_arg(ap, int));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3105:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(temp, sizeof(temp), tformat, va_arg(ap, void *));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8236:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(supply_text, sizeof(supply_text), printer_supply[i], level);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:834:5:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execv(PDFTOPS, (char * const *)pdf_argv);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2058:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (strchr(args[0], '/') && !access(args[0], X_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:462:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
              if (access(argv[i], 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:469:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                if (access(filename, 0) && filename[0] != '/'
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:476:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		  if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:479:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		    if (access(filename, 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:656:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(argv[i], 0) && argv[i][0] != '/'
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:663:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(testname, 0))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:747:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buffer, sizeof(buffer), s, ap);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2039:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  else if (!access(src, R_OK) || *src == '/'
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2575:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buffer, sizeof(buffer), s, ap);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3231:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(filename, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3477:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(data->file, R_OK))
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:36:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#define access		_access
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:226:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(f0copy, f0);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:250:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(f2copy, f2);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:505:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(efbuf, "REG_%s", name);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1168:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	(void) strcpy(cs->multis + oldend - 1, cp);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:85:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				(void) strcpy(convbuf, r->name);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:97:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(errbuf, s);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:162:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(buf, argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:166:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(buf, argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:288:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		(void) strcpy(buf, tests[n].str);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:755:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:771:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:338:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:342:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((auth_info_required = getenv("AUTH_INFO_REQUIRED")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:345:40:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  state_reasons = _cupsArrayNewStrings(getenv("PRINTER_STATE_REASONS"), ',');
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:353:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getuid() && (value = getenv("AUTH_UID")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:396:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:399:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((final_content_type = getenv("FINAL_CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:641:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *ptr = getenv("AUTH_USERNAME");
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:649:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    password = getenv("AUTH_PASSWORD");
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:712:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1027:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("CLASS"))
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1253:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1319:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3185:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((ppd = ppdOpenFile(getenv("PPD"))) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3295:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                            getenv("AUTH_INFO_REQUIRED"));
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3296:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((auth_negotiate = getenv("AUTH_NEGOTIATE")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:188:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:840:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:72:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:168:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          if ((snmp_value = getenv("CUPS_SNMP_VALUE")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:173:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if ((snmp_count = getenv("CUPS_SNMP_COUNT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:339:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((device_id = getenv("1284DEVICEID")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:515:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL ||
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:558:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cachedir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:787:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((debug = getenv("CUPS_DEBUG_LEVEL")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:790:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((runtime = getenv("CUPS_MAX_RUN_TIME")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:797:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:158:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:304:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:157:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:965:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
     const char *pdl = getenv("FINAL_CONTENT_TYPE");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1383:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2037:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((requestedLang = getenv("APPLE_LANGUAGE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2038:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    requestedLang = getenv("LANG");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2087:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  usb_legacy_status = getenv("USB_I386_STATUS");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2089:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  usb_legacy_status = getenv("USB_PPC_STATUS");
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2157:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1160:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:93:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv("CLASS") != NULL)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:218:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((dest = getenv("LPDEST")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:220:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((dest = getenv("PRINTER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:118:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *printer = getenv("PRINTER_NAME"),
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:120:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		*server_port = getenv("SERVER_PORT");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:128:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	                 getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:129:5:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			 getenv("SERVER_NAME"), port, "/%s/%s",
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:134:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	                getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:135:4:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
			getenv("SERVER_NAME"), port, "/admin");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:183:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("HTTPS"))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:185:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	       getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:185:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	       getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:188:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	       getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:188:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	       getenv("SERVER_NAME"), getenv("SERVER_PORT"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1646:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((server_root = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1723:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((data_dir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:67:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((pclass = getenv("PATH_INFO")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:82:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  user = getenv("REMOTE_USER");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:138:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *server_port = getenv("SERVER_PORT");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:145:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		       getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:146:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		       getenv("SERVER_NAME"), port, "/classes/%s", pclass);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:63:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cache_dir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:68:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((docroot = getenv("CUPS_DOCROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:99:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((helpfile = getenv("PATH_INFO")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:43:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:273:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((user = getenv("REMOTE_USER")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:572:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((user = getenv("REMOTE_USER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:702:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  user = getenv("REMOTE_USER");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:708:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:830:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((server = getenv("SERVER_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:839:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    ishttps = getenv("HTTPS") != NULL;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:152:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((user = getenv("REMOTE_USER")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:164:45:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (cupsLastError() <= IPP_OK_CONFLICT && getenv("HTTP_REFERER"))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:174:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    cgiFormEncode(url + 6, getenv("HTTP_REFERER"), sizeof(url) - 6);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:68:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((printer = getenv("PATH_INFO")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:83:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  user = getenv("REMOTE_USER");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:139:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *server_port = getenv("SERVER_PORT");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:146:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		       getenv("HTTPS") ? "https" : "http", NULL,
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:147:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		       getenv("SERVER_NAME"), port, "/printers/%s", printer);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:96:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:171:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:188:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  cgiSetVariable("SERVER_NAME", getenv("SERVER_NAME"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:189:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  cgiSetVariable("REMOTE_USER", getenv("REMOTE_USER"));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:289:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  method       = getenv("REQUEST_METHOD");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:290:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  content_type = getenv("CONTENT_TYPE");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:352:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((method = getenv("REQUEST_METHOD")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:620:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cookie = getenv("HTTP_COOKIE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:725:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  data = getenv("QUERY_STRING");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:977:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  content_length = getenv("CONTENT_LENGTH");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1211:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((remote_addr = getenv("REMOTE_ADDR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1213:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_name = getenv("SERVER_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1215:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_port = getenv("SERVER_PORT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:690:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_port_env = getenv("SERVER_PORT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:980:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("GATEWAY_INTERFACE") && (schemedata = cups_auth_find(www_auth, "AuthRef")) != NULL && cups_auth_param(schemedata, "key", auth_key, sizeof(auth_key)))
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1048:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      !getenv("GATEWAY_INTERFACE") &&	/* Not via CGI programs... */
data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c:48:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((device_uri = getenv("DEVICE_URI")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c:57:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((auth_info_required = getenv("AUTH_INFO_REQUIRED")) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/cups/backend.c:61:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((ppd = ppdOpenFile(getenv("PPD"))) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:98:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    _cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:98:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    _cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:99:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                    getenv("CUPS_DEBUG_FILTER"), 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:181:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    _cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:181:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    _cups_debug_set(getenv("CUPS_DEBUG_LOG"), getenv("CUPS_DEBUG_LEVEL"),
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:182:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                    getenv("CUPS_DEBUG_FILTER"), 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:408:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("CUPS_DISABLE_APPLE_DEFAULT"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1857:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (getenv("LPDEST"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1859:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    else if (getenv("PRINTER"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2246:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((env = getenv("LPDEST")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2247:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((env = getenv("PRINTER")) != NULL && !strcmp(env, "lp"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2262:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("CUPS_NO_APPLE_DEFAULT") && (locprinter = _cupsAppleCopyDefaultPrinter()) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:67:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&cups_global_mutex.m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:146:9:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
        InitializeCriticalSection(&cups_global_mutex.m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:261:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cg->cups_datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:264:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cg->cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:267:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cg->cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:270:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cg->cups_statedir = getenv("CUPS_STATEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:273:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:276:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  cg->home = getenv("HOME");
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:302:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cg->cups_datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:305:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cg->cups_serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:308:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cg->cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:311:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cg->cups_statedir = getenv("CUPS_STATEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:314:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:317:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    cg->home = getenv("HOME");
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:84:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	value = getenv(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:519:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOFTWARE") || (language = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:519:44:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOFTWARE") || (language = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:559:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((ptr = getenv("LC_CTYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:560:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((ptr = getenv("LC_ALL")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:561:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  if ((ptr = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:581:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((ptr = getenv("LC_MESSAGES")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:582:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if ((ptr = getenv("LC_ALL")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:583:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  if ((ptr = getenv("LANG")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1307:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("SOFTWARE") != NULL && (lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1307:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("SOFTWARE") != NULL && (lang = getenv("LANG")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1425:41:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char            *cups_strings = getenv("CUPS_STRINGS");
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:231:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:249:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:56:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TEMP")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:70:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TMPDIR")) != NULL && access(tmpdir, W_OK))
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:89:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1374:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("MallocStackLogging") && getenv("MallocStackLoggingNoCompact"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1374:39:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("MallocStackLogging") && getenv("MallocStackLoggingNoCompact"))
data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c:252:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(&mutex->m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c:270:7:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
      InitializeCriticalSection(&mutex->m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/thread.c:277:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&mutex->m_criticalSection);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:110:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!cupsFileFind("certtool", getenv("PATH"), 1, command, sizeof(command)))
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1129:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1132:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_ANYROOT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1135:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1138:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1142:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1146:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_SERVER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1149:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_USER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1152:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1212:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *envuser = getenv("USER");
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1405:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((ipp_port = getenv("IPP_PORT")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c:66:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:53:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:302:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((classification = getenv("CLASSIFICATION")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:48:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("FINAL_CONTENT_TYPE"))
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:75:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("FINAL_CONTENT_TYPE"))
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2399:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2646:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (doc->page_label || getenv("CLASSIFICATION") || doc->number_up > 1 ||
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:3179:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((classification = getenv("CLASSIFICATION")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:96:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((device_uri = getenv("DEVICE_URI")) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:1045:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:714:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1169:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:75:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((final_content_type = getenv("FINAL_CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:81:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ppd   = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:74:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  ppd = ppdOpenFile(getenv("PPD"));
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:619:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:403:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_admin = getenv("SERVER_ADMIN")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:419:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_root = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:199:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cachedir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:202:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((server_name = getenv("SERVER_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:205:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((server_port = getenv("SERVER_PORT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/testnotify.c:42:45:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  fprintf(stderr, "DEBUG: TMPDIR=\"%s\"\n", getenv("TMPDIR"));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1174:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((tmpdir = getenv("TMPDIR")) != NULL &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1177:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((tmpdir = getenv("TMPDIR")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:221:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_bin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:277:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("SOFTWARE"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:747:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_bin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:479:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((serverbin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:931:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1053:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((cups_datadir = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1732:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_bin = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2585:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cups_cachedir = getenv("CUPS_CACHEDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:655:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:150:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((server_root = getenv("CUPS_SERVERROOT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1008:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if ((temp = getenv("PPD")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1375:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((temp = getenv("CUPS_DATADIR")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1380:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((temp = getenv("CUPS_FONTPATH")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1387:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((temp = getenv("CUPS_SERVERBIN")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:111:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    value = getenv(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1996:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!(e = getenv("UPSTART_EVENTS")))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:2010:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((e = getenv("UPSTART_FDS")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:271:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (RunUser && getenv("CUPS_TESTROOT"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:276:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot));
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2410:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((ptr = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2538:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((ptr = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2624:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ((ptr = getenv("CUPS_SERVERBIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3022:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((ptr = getenv("CUPS_DATADIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1084:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((printer = getenv("LPDEST")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1086:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((printer = getenv("PRINTER")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:62:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:677:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((tmpdir = getenv("TEMP")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:680:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:683:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((tmpdir = getenv("TMPDIR")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:74:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((ipp_copies = getenv("IPP_COPIES")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:88:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if ((content_type = getenv("CONTENT_TYPE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:239:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char	*job_name = getenv("IPP_JOB_NAME");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:244:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char	*job_id = getenv("IPP_JOB_ID");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:368:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((value = getenv("IPP_MEDIA")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:369:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((value = getenv("IPP_MEDIA_COL")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:370:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((value = getenv("IPP_MEDIA_DEFAULT")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:371:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        value = getenv("IPP_MEDIA_COL_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:420:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((ppd = ppdOpenFile(getenv("PPD"))) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:425:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((value = getenv("IPP_FINISHINGS")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:426:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      value = getenv("IPP_FINISHINGS_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:454:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((value = getenv("IPP_OUTPUT_BIN")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:455:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      value = getenv("IPP_OUTPUT_BIN_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:463:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((value = getenv("IPP_SIDES")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:464:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      value = getenv("IPP_SIDES_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:476:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((value = getenv("IPP_PRINT_QUALITY")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:477:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      value = getenv("IPP_PRINT_QUALITY_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:494:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if ((value = getenv("IPP_PRINT_COLOR_MODE")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:495:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	value = getenv("IPP_PRINT_COLOR_MODE_DEFAULT");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:810:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((job_id = getenv("IPP_JOB_ID")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:812:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((job_name = getenv("IPP_JOB_NAME")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:929:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((page_ranges = getenv("IPP_PAGE_RANGES")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:278:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1079:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1230:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1258:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1838:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	  if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2040:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2060:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  else if (!cupsFileFind(args[0], getenv("PATH"), 1, program, sizeof(program)))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2067:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2118:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("IPPFIND_DEBUG"))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2072:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char *userprofile = getenv("USERPROFILE");
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:702:23:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_RAND() random()
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:703:25:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_SRAND(v) srandom(v)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:705:23:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_RAND() lrand48()
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:709:25:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_SRAND(v) srand(v)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:44:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "c:e:S:E:x")) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:635:23:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_RAND() random()
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:636:25:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_SRAND(v) srandom(v)
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:638:23:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_RAND() lrand48()
data/cups-2.3.3op1~106-ga72b0140e/xcode/config.h:642:25:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define CUPS_SRAND(v) srand(v)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:137:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uriName[1024];		/* Unquoted fullName for URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:386:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	device_uri[1024];	/* Device URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:739:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[1024],		/* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:841:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		fullName[kDNSServiceMaxDomainName];
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:997:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		key[256],		/* Key string */
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1076:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(value, data, (size_t)(datanext - data));
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1130:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      device->priority = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1167:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(make_and_model, model, (size_t)(ptr - model));
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:91:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	devparport[16];		/* /dev/parportN */
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:105:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((devparportfd = open(devparport, O_RDWR | O_NOCTTY)) != -1)
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		temp[256],	/* Temporary manufacturer string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:391:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	temp[1024];		/* Temporary make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:92:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		username[256] = "",
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:141:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		tmpfilename[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:143:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		mandatory_attrs[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[255],		/* Scheme in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:220:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Updated URI without user/pass */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:221:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		print_job_name[1024];	/* Update job-name for Print-Job */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[16384];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:355:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    uid_t	uid = (uid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:369:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  if ((fd = open(argv[i], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:572:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:573:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  contimeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:802:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		credinfo[1024],	/* Information on credentials */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1294:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1619:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  if ((fd = open(files[0], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1832:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fd = open(files[i], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1907:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      fprintf(stderr, "PAGE: 1 %d\n", copies_sup ? atoi(argv[4]) : 1);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2388:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024];		/* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2814:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	phone[1024],		/* Phone number string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2860:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char	predial[1024];		/* Pre-dial string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2917:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	def_username[HTTP_MAX_VALUE];	/* Default username */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2940:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	quoted[HTTP_MAX_VALUE * 2 + 4];
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3025:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		value[1024],		/* Value string */
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3098:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			value[1024],	/* State/message string */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:40:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	tmpfilename[1024] = "";	/* Temporary spool file name */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:97:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[255],		/* Scheme in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:124:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[16384];		/* Initial print buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:385:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:386:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  timeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:394:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:395:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  contimeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:469:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd       = open(filename, O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:506:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      manual_copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:512:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      copies        = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:522:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      fprintf(stderr, "PAGE: 1 %d\n", atoi(argv[4]));
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:640:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[1024];	/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:715:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			localhost[255];	/* Local host name */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:720:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			control[10240],	/* LPD control 'file' */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:724:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			addrname[256];	/* Address name */
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:731:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[32768];	/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:52:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			portname[32],	/* Port number as string */
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			data[65536];	/* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:175:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              if ((count = atoi(snmp_count)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:245:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(dataptr, packet.object_value.string.bytes, i);
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:32:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		print_buffer[8192],	/* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		print_buffer[8192],	/* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[CUPS_SNMP_MAX_STRING],	/* Name of supply */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	value[CUPS_MAX_SUPPLIES * 4],
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:446:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		addrstr[1024],		/* Address string */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:299:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(temp->address), addr, sizeof(temp->address));
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:622:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&(current->addr), addr->ifa_broadaddr,
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:679:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024],		/* Full device URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:768:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:788:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    DebugLevel = atoi(debug);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:791:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    MaxRunTime = atoi(runtime);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:823:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        DebugLevel = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:839:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        MaxRunTime = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:879:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		addrname[256];		/* Source address name */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:992:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char	make_model[256];	/* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1047:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char	make_model[256];	/* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1103:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char	scheme[32],		/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[1024];	/* Temporary address string */
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1183:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	ifname[255];		/* Interface name */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[255],		/* Scheme in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:72:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		addrname[256];		/* Address name */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024];		/* Initial print buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:140:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((print_fd = open(argv[6], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:146:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:249:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(value) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:250:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  contimeout = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:463:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024];		/* Back-channel buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/test1284.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	device_id[1024],		/* 1284 device ID string */
data/cups-2.3.3op1~106-ga72b0140e/backend/test1284.c:49:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(argv[i], O_RDWR)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[255],		/* Scheme in URI == backend */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:172:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  open("/dev/null", O_WRONLY);		/* Make sure fd 3 and 4 are used */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:173:3:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:200:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fd = open("/dev/null", O_RDONLY)) != 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:249:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buffer[1024];		/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:338:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		buffer[1024];	/* Buffer for response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:442:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fd = open("/dev/null", O_WRONLY)) != 2)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		buffer[2049];	/* Buffer for reponse */
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:656:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp[80];
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:667:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:337:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		  serial[1024];		/* Serial number buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:344:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		  print_buffer[8192],	/* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1005:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			data[2048];	/* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uristr[1024], makestr[1024], modelstr[1024], serialstr[1024];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1214:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char optionsstr[1024], idstr[1024], make_modelstr[1024];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1413:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char 		bundlestr[1024];	/* Bundle path */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:1794:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[258] = {};
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2074:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	*my_argv[32];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		usbpath[1024];	/* Path to USB backend */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2267:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	pathbuf[PROC_PIDPATHINFO_MAXSIZE];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2268:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char msgbuf[256] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2309:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char  gErrorBuffer[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2315:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char logstr[1024];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2323:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(gErrorBufferPtr, (const void *)sockBuffer, len);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2372:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		  buffer[2048];		/* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:189:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	print_buffer[8192],	/* Print data buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:816:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			device_id[1024],/* IEEE-1284 device ID */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	make_model[1024];		/* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1150:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1256:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		options[1024];		/* Device URI options */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1264:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempmfg[256],		/* Temporary manufacturer string */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1600:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	requested_uri[1024],		/* Requested URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1690:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		readbuffer[512];
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1778:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			data[2048];	/* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1911:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		  buffer[2048];		/* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	device[255],			/* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:219:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:226:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:233:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    	if ((fd = open(device, O_RDWR | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	device[255],		/* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:263:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(device, O_WRONLY | O_EXCL)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:276:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  device[255];            /* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:328:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	device[255],		/* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:349:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:353:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:357:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    	    if ((fd = open(device, O_RDWR | O_EXCL)) < 0 && errno == ENOENT)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:429:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	device[255],		/* Device filename */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:445:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = open(device, O_WRONLY | O_EXCL)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:507:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open(uri + 4, O_RDWR | O_EXCL);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:513:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd      = open(uri + 4, O_WRONLY | O_EXCL);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:541:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			data[2048];	/* Request/response data */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c:128:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		method[255],		/* Method in URI */
data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c:222:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((print_fd = open(argv[6], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb.c:228:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Input line from user */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:69:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      interval = atoi(argv[i] + 1);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:193:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      id = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:325:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024];		/* Resource string */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:326:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		rankstr[255];		/* Rank string */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		namestr[1024];		/* Job name string */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:339:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char * const ranks[10] =	/* Ranking strings */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:573:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:42:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*files[1000];		/* Files to print */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	email[1024];	/* EMail address */
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:248:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		num_copies = atoi(opt + 1);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:260:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		num_copies = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:167:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        job_id = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:122:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int	port = atoi(server_port ? server_port : "0");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:124:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	uri[1024];		/* URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	prefix[1024];		/* URL prefix */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:194:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	encoded[1024],		/* Encoded URL string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:323:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Device or printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:588:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	refresh[1024];		/* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:622:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* Device or printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:626:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		baudrate[255];		/* Baud rate string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:714:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	make[1024],		/* Make string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:745:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	template[128],		/* Template name */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:865:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      maxrate = atoi(var + 6);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:945:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		filename[1024];	/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:947:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		buffer[1024];	/* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1208:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	refresh[1024];		/* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		default_auth_type[255];
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1325:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (!max_jobs || atoi(max_jobs) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1341:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (!max_clients || atoi(max_clients) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1344:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (!max_log_size || atoi(max_log_size) <= 0.0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	tempfile[1024];		/* Temporary new cupsd.conf */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1637:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	filename[1024];		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1787:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1872:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2077:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char	option[1024],	/* Form variables for this device */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2177:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                           settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2181:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                           settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2185:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                           settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2189:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                           settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2193:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                           settings)) != NULL && atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2278:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2513:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	url[1024],		/* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2543:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2600:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	url[1024],		/* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2634:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024];		/* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2637:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from PPD file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3333:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	refresh[1024];		/* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3366:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3403:72:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  ippAddBoolean(request, IPP_TAG_OPERATION, "printer-is-shared", (char)atoi(shared));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3432:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	url[1024],		/* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3467:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		keyword[256];		/* Parameter name */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3714:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bufptr, "}", 2);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3756:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resolved[1024],		/* Resolved URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/cgi.h:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024],		/* Temporary file containing data */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:113:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	url[HTTP_MAX_URI];	/* New URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:140:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int	port = atoi(server_port ? server_port : "0");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:142:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	uri[1024];		/* URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:254:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	url[1024],		/* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:300:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			val[1024];	/* Form variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:353:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      first = atoi(var);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:444:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/classes.c:445:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		refresh[1024];		/* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:216:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[2048],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:289:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    word->count = atoi(line + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:845:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:1141:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(temp, text, (size_t)wordlen);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:35:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		topic_data[1024];	/* Topic form data */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:37:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help.c:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*attrs[1000];		/* Attributes */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:29:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:35:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[255],		/* Name of variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:76:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((in = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:224:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	        char	buf[255];	/* Number buffer */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		current_dest[1024];	/* Current destination */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:291:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	temp[255];		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:312:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	job_uri[1024];		/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:428:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uri[1024],		/* Job/printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:690:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:799:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:810:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char		servername[1024];
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:935:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[1024],	/* Name of attribute */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1077:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	uri[1024],		/* New URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1363:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			url[1024],	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1395:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ((first = atoi(var)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:61:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    job_id = atoi(job_id_var);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/jobs.c:170:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	url[1024];		/* Encoded URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/makedocset.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		path[1024],		/* Path to documentation */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:114:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	url[HTTP_MAX_URI];	/* New URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:141:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int	port = atoi(server_port ? server_port : "0");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:143:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	uri[1024];		/* URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:220:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	url[1024],		/* Printer/class URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:307:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			val[1024];	/* Form variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:370:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      first = atoi(var);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:461:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/printers.c:462:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		refresh[1024];		/* Refresh URL */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:198:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(sptr, prefix, strlen(prefix) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:239:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sptr, ".*|.*", 6);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:242:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sptr, lword2, strlen(lword2) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:245:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sptr, ".*", 3);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:248:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sptr, lword, strlen(lword) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:277:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sptr, ".*", 3);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:51:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((in = fopen(tmpl, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:115:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((in = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:120:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((in = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:123:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      in = fopen(filename, "r");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:162:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	templates[1024] = "";	/* Template directory */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[255],		/* Name of variable */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:219:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		outval[1024],		/* Formatted output string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:287:39:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if ((value = cgiGetArray(name + 1, atoi(nameptr) - 1)) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:328:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  count = atoi(name + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:378:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  if ((value = cgiGetArray(name, atoi(nameptr) - 1)) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:481:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      if ((innerval = cgiGetArray(innername, atoi(innerptr) - 1)) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/testtemplate.c:51:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        out = fopen(argv[i], "w");
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[255],		/* Current variable name */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:107:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      element = atoi(s + 1) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	date[256];		/* Date string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:615:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[128],		/* Name string */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:748:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[10240],		/* MIME header line */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:885:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            cgiSetArray(name, atoi(ptr) - 1, line);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:978:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (content_length == NULL || atoi(content_length) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1149:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cgiSetArray(name, atoi(s) - 1, value);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1202:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[512],	/* SID data */
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1204:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		sum[16];	/* MD5 sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsdconf[1024];	/* cupsd.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from cupsd.conf file */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:198:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	message[1024];		/* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:423:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsdconf[1024];	/* cupsd.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:425:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024];		/* Temporary new cupsd.conf */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:427:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from cupsd.conf file */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:504:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    old_debug_logging = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:513:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    old_remote_admin = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:522:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    old_remote_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:531:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    old_share_printers = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:540:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    old_user_cancel_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:556:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    debug_logging = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:575:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    remote_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:594:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    remote_admin = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:614:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    share_printers = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:634:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    user_cancel_any = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:692:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ((server_port = atoi(server_port_env)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1352:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		host[HTTP_MAX_HOST];	/* Hostname for connection */
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:1376:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	message[1024];		/* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/array.c:378:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(da->saved, a->saved, sizeof(a->saved));
data/cups-2.3.3op1~106-ga72b0140e/cups/array.c:414:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(da->elements, a->elements, (size_t)a->num_elements * sizeof(void *));
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[256],		/* Scheme name */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:224:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char default_username[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:270:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	encode[256];		/* Base64 buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:283:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char nonce[HTTP_MAX_VALUE];	/* nonce="xyz" string */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:381:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		prompt[1024],	/* Prompt for user */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:801:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		  buf[1024];		/* Name buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:939:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			trc[16],	/* Try Root Certificate parameter */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:950:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			auth_key[1024];	/* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:951:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024];	/* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1082:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL && pid > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1100:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:1110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	certificate[33],	/* Certificate string */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			cupsd_hostname[HTTP_MAX_HOST];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			gss_service_name[32];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			resolved_uri[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:115:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			http_date[256];	/* Date+time buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			*ip_ptrs[2];	/* Pointer to packed address */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[1024];	/* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ipp_unknown[255];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:138:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			language[32];	/* Cached language */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			pwg_name[65],	/* PWG media name for custom size */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:159:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			snmp_community[255];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:164:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			tempfile[1024];	/* cupsTempFd/File buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:170:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			user[65],	/* User name */
data/cups-2.3.3op1~106-ga72b0140e/cups/cups-private.h:192:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			def_printer[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/cups.h:280:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		media[128];		/* Media name to use */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:88:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[2048];	/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:171:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[2048];	/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:285:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	buffer[1024];		/* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:290:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	_cups_debug_fd = open(buffer + 1, O_WRONLY | O_APPEND | O_CREAT, 0644);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:292:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	_cups_debug_fd = open(buffer, O_WRONLY | O_TRUNC | O_CREAT, 0644);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:296:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      _cups_debug_level = atoi(level);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tformat[100],		/* Temporary format string for snprintf() */
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:559:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, va_arg(ap, char *), (size_t)width);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			lstr[1024],	/* Localized size name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:280:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			pair[256];	/* option.value pair */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-localization.c:332:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[32],	/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:77:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			value[2048];	/* Option value */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:175:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[1024];	/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:283:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:297:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:413:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		value[2048];		/* Current attribute value as string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:687:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024];		/* Resource path */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:842:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[IPP_MAX_NAME];		/* Attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:890:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[IPP_MAX_NAME];		/* Attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:940:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[IPP_MAX_NAME];		/* Attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1922:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[IPP_MAX_NAME + 1],
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1975:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			media_key[256];	/* Synthesized media-key value */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2593:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[1024];	/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2635:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2665:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int_value = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			def_name[1024],	/* Default printer name, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:129:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		def_name[1024],		/* Default printer name, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:597:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[32],		/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:602:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		portstr[16];		/* Port number string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[32],		/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1222:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1354:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024];		/* printer-uri value */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1358:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		media_default[41];	/* Default paper size */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1360:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		optname[1024],		/* Option name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:1749:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Path to lpoptions */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2037:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* lpoptions file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2087:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2740:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			fullName[kDNSServiceMaxDomainName],
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2942:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			serviceName[256],/* Service name */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:2998:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		key[256],	/* Key string */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3041:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(value, txt, (size_t)(txtnext - txt));
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			tempuri[1024];	/* Temporary URI buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3418:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Local lpoptions file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3547:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    scheme[32],             /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:4027:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[8192],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:4082:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[8192],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		directory[1024];	/* Directory filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c:239:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		directory[1024];	/* Directory filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.c:336:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Full filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/dir.h:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[260];		/* File name */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			message[1024],	/* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:390:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char	trailer[8];	/* Trailer CRC and length */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1079:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		hostname[1024],		/* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1108:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(filename, O_RDONLY | O_LARGEFILE | O_BINARY, 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1244:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          unsigned char header[10];	/* gzip file header */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1435:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fp->ptr, fp->printf_buffer, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1618:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fp->ptr, s, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1685:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, fp->ptr,(size_t) count);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fp->ptr, buf, bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2399:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(fp->cbuf, ptr, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2478:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char	trailer[8];	/* Trailer bytes */
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2489:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(trailer, fp->stream.next_in, (size_t)tbytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2618:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(filename, mode, 0666)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[65536],	/* Buffer for address info */
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(request.ifr_name, ifp->ifr_name, sizeof(ifp->ifr_name));
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:131:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(temp->ifa_addr, &(ifp->ifr_addr), sockaddr_len(&(ifp->ifr_addr)));
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:144:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp->ifa_netmask, &(request.ifr_netmask),
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:167:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(temp->ifa_broadaddr, &(request.ifr_broadaddr),
data/cups-2.3.3op1~106-ga72b0140e/cups/getifaddrs.c:180:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp->ifa_dstaddr, &(request.ifr_dstaddr),
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Buffer for file */
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		if_modified_since[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:244:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(filename, O_WRONLY | O_EXCL | O_TRUNC)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:294:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Buffer for file */
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:542:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/globals.c:186:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	installdir[1024] = "",	/* Install directory */
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:143:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	temp[CC_SHA512_DIGEST_LENGTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:157:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hash, temp, CC_SHA224_DIGEST_LENGTH);
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:164:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	temp[CC_SHA512_DIGEST_LENGTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:178:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hash, temp, CC_SHA256_DIGEST_LENGTH);
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:186:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	temp[64];		/* Temporary hash buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/hash.c:240:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(hash, temp, tempsize);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:833:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		localStr[1024];	/* Local host name C string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:913:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	temp[1024];		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[256];	/* Temporary address string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:430:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(current, src, sizeof(http_addrlist_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:556:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		ipv6[64],	/* IPv6 address */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:635:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv6), current->ai_addr,
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:638:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv4), current->ai_addr,
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:690:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	portnum = atoi(service);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:763:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv6.sin6_addr), host->h_addr_list[i],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:771:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv4.sin_addr), host->h_addr_list[i],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:817:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      portnum = atoi(service);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:181:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		error[256];		/* Most recent error message */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:222:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[HTTP_MAX_HOST],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:230:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[HTTP_MAX_BUFFER];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:233:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		_md5_state[88];	/* MD5 state (deprecated) */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:234:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			nonce[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:246:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			_authstring[HTTP_MAX_VALUE],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:256:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			wbuffer[HTTP_MAX_BUFFER];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:279:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			gsshost[256];	/* Hostname for Kerberos */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:292:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			algorithm[65],	/* Algorithm from WWW-Authenticate */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-private.h:301:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			*fields[HTTP_FIELD_MAX],
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:55:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const http_days[7] =/* Days of the week */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:65:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const http_months[12] =
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:446:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024];		/* Formatted resource string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:501:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			data[1024];	/* Source string for MD5 */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:502:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		md5sum[16];	/* MD5 digest/sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:822:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		mon[16];		/* Abbreviated month name */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1320:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		kd[65],			/* Final MD5/SHA-256 digest */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1328:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	hash[32];		/* Hash buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1360:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	cnonce[65];		/* cnonce value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1730:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[32],	/* URI components... */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2300:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			resource[257],	/* Remote path */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uuid[256];		/* UUID value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2318:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(uuid, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2372:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (((char *)value)[0] == '/')
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2378:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2388:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource + 1, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2513:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			resource[257],	/* Remote path */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2515:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ifname[IF_NAMESIZE];
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2542:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uuid[256];		/* UUID value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2546:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(uuid, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2622:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2632:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource + 1, value, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:225:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(credential->data, data, datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:606:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Junk buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:809:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	temp[HTTP_MAX_VALUE],	/* Copy of Accepts-Encoding value */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1342:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[HTTP_MAX_VALUE],	/* Temporary buffer for name */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1601:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		len[32];		/* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1754:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(http->sbuffer + ((z_stream *)http->stream)->avail_in, http->buffer, buflen);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1810:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, http->buffer, length);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:1863:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[65536];		/* Buffer for formatted string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2038:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	len[32];		/* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2065:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	len[32];		/* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2098:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	len[32];		/* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[4096],			/* HTTP request line */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2328:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[256];	/* Temporary address string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2652:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char len[32];			/* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2743:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[32768],		/* Line from connection... */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2879:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      http->expect = (http_status_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3240:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(http->wbuffer + http->wused, buffer, length);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3556:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary value string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3637:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	combined[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3936:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		service[255];		/* Service name */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4022:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[255],			/* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4042:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, "  ", 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4047:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, "  ", 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4207:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, http->buffer, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	len[32];		/* Length string */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4298:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[1024];		/* Encoded URI buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4818:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		header[16];		/* Chunk header */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:422:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			pad[256];	/* Padding to ensure binary compatibility */
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:487:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:488:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsDoAuth or cupsHashData instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:489:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5String(const unsigned char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsHashString instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/http.h:489:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5String(const unsigned char *, char [33]) _CUPS_DEPRECATED_2_2_MSG("Use cupsHashString instead.");
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		token[1024];		/* Token string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:76:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	name[128],		/* Variable name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:102:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	syntax[128],		/* Attribute syntax (value tag) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:434:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		token[1024];		/* Token string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:457:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	syntax[128],		/* Attribute syntax (value tag) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:555:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		value[2049],		/* Value string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:834:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Formatted string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uri[1024];		/* New printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	resolved[1024];		/* Resolved mDNS URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:349:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(attr->values[0].date, value, 11);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:537:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(attr->values[0].unknown.data, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:884:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			code[IPP_MAX_LANGUAGE];
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1059:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[IPP_MAX_TEXT + 4];
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1217:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			code[32];	/* Language/charset value buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1523:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(dstattr->values, srcattr->values, (size_t)srcattr->num_values * sizeof(_ipp_value_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1544:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(dstattr->values, srcattr->values, (size_t)srcattr->num_values * sizeof(_ipp_value_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1568:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(dstattr->values, srcattr->values, (size_t)srcattr->num_values * sizeof(_ipp_value_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1613:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy(dstval->unknown.data, srcval->unknown.data, (size_t)dstval->unknown.length);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1935:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			parent[1024],	/* Parent attribute name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:3476:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(string, bufptr + 2, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:3974:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(temp, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4337:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[IPP_MAX_TEXT + 4];
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4490:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		code[32];		/* Language code */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4718:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[64],		/* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5131:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char	temp[256];		/* Temporary error string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5176:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char	temp[256];		/* Temporary error string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5447:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bufptr, attr->name, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5482:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bufptr, attr->name, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5691:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(bufptr, value->string.text, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5737:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		  memcpy(bufptr, value->date, 11);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5932:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(bufptr, value->string.language, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5948:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(bufptr, value->string.text, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6091:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(bufptr, value->unknown.data, (size_t)n);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6686:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[2048];		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[2048],		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[2048],		/* Temporary format buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[2048],		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		output[8192];		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:256:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Command-line argument buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:260:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		new_lc_time[255],	/* New LC_TIME value */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:254:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          temp[1024];             /* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:450:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			locale[255];	/* Copy of locale name */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:452:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			langname[16],	/* Requested language name */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:919:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			s[4096],	/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1080:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(m->str + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1092:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(m->msg + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1188:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	buffer[1024];		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1323:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		path[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1418:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* Path to cups.strings file */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1686:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Filename for language locale file */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1772:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[8192],	/* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/language.h:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			language[16];	/* Language/locale name */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5-internal.h:56:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[64];		/* accumulate block */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5-internal.h:70:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16]) _CUPS_INTERNAL;
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:151:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(xbuf, data, 64);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:302:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf + offset, p, (size_t)copy);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:316:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf, p, (size_t)left);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:320:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
_cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16])
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:322:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char pad[64] = {
data/cups-2.3.3op1~106-ga72b0140e/cups/md5.c:328:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[8];
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char       md5[33])		/* O - MD5 string */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:31:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		sum[16];	/* Sum data */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:32:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[256];	/* Line to sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
             char       md5[33])	/* IO - MD5 sum */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:64:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		sum[16];	/* Sum data */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[1024];	/* Line of data */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			a2[33];		/* Hash of method and resource */
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:98:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              char                md5[33])
data/cups-2.3.3op1~106-ga72b0140e/cups/notify.c:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024];	/* Subject buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/options.c:43:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	strvalue[32];			/* String value */
data/cups-2.3.3op1~106-ga72b0140e/cups/options.c:552:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		key[256],		/* Key string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:110:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char	hash[64];	/* Hash of password */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:168:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    ippAddInteger(request, IPP_TAG_JOB, value_tag, mandatory, atoi(keyword));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:178:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		lower = upper = atoi(keyword);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:280:72:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    ippAddInteger(request, IPP_TAG_JOB, IPP_TAG_ENUM, "print-quality", atoi(keyword));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:385:81:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ippAddInteger(request, IPP_TAG_JOB, IPP_TAG_INTEGER, "job-pages-per-set", atoi(keyword) / finishings_copies);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:401:76:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ippAddInteger(request, IPP_TAG_JOB, IPP_TAG_INTEGER, "job-pages-per-set", atoi(keyword) / finishings_copies);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:433:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[2048],		/* Current line */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:489:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  if (atoi(line + 16) != _PPD_CACHE_VERSION)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:615:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((num_bins = atoi(value)) <= 0 || num_bins > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:663:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((num_sizes = atoi(value)) < 0 || num_sizes > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:753:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((num_sources = atoi(value)) <= 0 || num_sources > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:802:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((num_types = atoi(value)) <= 0 || num_types > 65536)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:900:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      pc->max_copies = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:999:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			pwg_keyword[3 + PPD_MAX_NAME + 1 + 12 + 1 + 12 + 3],
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:1026:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			msg_id[256];	/* Message identifier */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:1743:51:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      finishings->value       = (ipp_finishings_t)atoi(ppd_attr->spec);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:1882:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    pc->max_copies = atoi(ppd_attr->value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:2797:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			newfile[1024];	/* New filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3027:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			make[256],	/* Make and model */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3049:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			msgid[256];	/* Message identifier (attr.value) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	stringsfile[1024];	/* Temporary strings file */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	pattern[33];		/* Password pattern */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	tleft[256],		/* Left string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3587:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	tmax[256], tmin[256];	/* Min/max values */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3945:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		tray[IPP_MAX_OCTETSTRING];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:3975:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tray, tray_ptr, (size_t)tray_len);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4454:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      lowdpi = atoi(rs + 2);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4456:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        hidpi = atoi(rs + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4609:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char      	member_value[256];	/* Member attribute value */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4909:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(name, sizeptr + 1, (size_t)(dimptr - sizeptr - 1));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:4927:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[32],	/* URL scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:5054:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newsize, size, sizeof(cups_size_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c:183:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			resoption[PPD_MAX_NAME],
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c:708:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		option[PPD_MAX_NAME],	/* Option name/MainKeyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-conflicts.c:960:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			firstpage[255];	/* AP_FIRSTPAGE_Keyword string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:130:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		asection[17],	/* Section name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:366:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[65],		/* Local title string */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:901:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  pos = atoi(attr->value) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:913:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  pos = atoi(attr->value) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1072:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(bufptr, choices[i]->code, (size_t)j);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ckeyword[PPD_MAX_NAME],	/* Custom keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ll_CC[6];		/* Language + country locale */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:234:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ll_CC[6],		/* Language + country locale */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:275:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	msgid[1024],		/* State message identifier */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:441:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ll_CC[6];		/* Language + country locale */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:598:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		lkeyword[PPD_MAX_NAME];	/* Localization keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:174:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	pwg_pq = (_pwg_print_quality_t)(atoi(print_quality) - IPP_QUALITY_DRAFT);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:345:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int pq = atoi(print_quality);       /* print-quaity value */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:623:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	option[PPD_MAX_NAME * 2 + 1],	/* Current option/property */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:885:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      cparam->current.custom_int = atoi(choice + 7);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-mark.c:965:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      cparam->current.custom_int = atoi(val->value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-page.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		spec[PPD_MAX_NAME];	/* Selector for min/max */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-private.h:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ppd_filename[HTTP_MAX_URI];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-private.h:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resolver[PPD_MAX_NAME];	/* Resolver name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		http_hostname[HTTP_MAX_HOST];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		localhost[HTTP_MAX_URI],/* Local hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024] = "";	/* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	ppdname[1024];		/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:229:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		tmppath[1024];	/* Temporary directory */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:390:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(buffer, O_CREAT | O_TRUNC | O_WRONLY, 0600);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-util.c:555:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* printer-uri attribute */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:425:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			keyword[PPD_MAX_NAME],
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:445:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			custom_name[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ll[7],		/* Base language + '.' */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:819:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ppd->language_level = atoi(string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:884:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ppd->model_number = atoi(string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:944:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ppd->throughput = atoi(string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:972:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		ctype[33],	/* Data type */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1026:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->minimum.custom_int = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1027:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->maximum.custom_int = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1038:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->minimum.custom_passcode = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1039:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->maximum.custom_passcode = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1044:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->minimum.custom_password = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1045:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->maximum.custom_password = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1062:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->minimum.custom_string = atoi(cminimum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1063:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cparam->maximum.custom_string = atoi(cmaximum);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1251:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ppd->patches + strlen(ppd->patches), string, strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1508:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tchoice[PPD_MAX_NAME];	/* Temporary choice name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1543:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tchoice[PPD_MAX_NAME];	/* Temporary choice name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1932:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cname[PPD_MAX_NAME];	/* Rewrite with a leading underscore */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1961:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cname[PPD_MAX_NAME];	/* Rewrite with a leading underscore */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1997:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cname[PPD_MAX_NAME];	/* Rewrite with a leading underscore */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:3419:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		srcsuper[16],		/* Source MIME media type */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[PPD_MAX_NAME];	/* Name of attribute (cupsXYZ) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		spec[PPD_MAX_NAME];	/* Specifier string, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[PPD_MAX_TEXT];	/* Human-readable text, if any */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:154:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		choice[PPD_MAX_NAME];	/* Computer-readable option name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[PPD_MAX_TEXT];	/* Human-readable option name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		keyword[PPD_MAX_NAME];	/* Option keyword name ("PageSize", etc.) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:164:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		defchoice[PPD_MAX_NAME];/* Default option choice */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:165:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[PPD_MAX_TEXT];	/* Human-readable text */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:179:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[PPD_MAX_TEXT - PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:181:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[PPD_MAX_NAME];	/* Group name @since CUPS 1.1.18/macOS 10.3@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		option1[PPD_MAX_NAME];	/* First keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:191:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		choice1[PPD_MAX_NAME];	/* First option/choice (blank for all) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:192:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		option2[PPD_MAX_NAME];	/* Second keyword */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:193:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		choice2[PPD_MAX_NAME];	/* Second option/choice (blank for all) */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[PPD_MAX_NAME];	/* Media size option */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:210:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[PPD_MAX_NAME];	/* Emulator name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:217:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resolution[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:219:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		media_type[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[PPD_MAX_NAME];	/* Parameter name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:267:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[PPD_MAX_TEXT];	/* Human-readable text */
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.h:277:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		keyword[PPD_MAX_NAME];	/* Name of option that is being extended... */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:270:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		usize[12 + 1 + 12 + 3],	/* Unit size: NNNNNNNNNNNNxNNNNNNNNNNNNuu */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:367:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(uptr, units, 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:762:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	wstr[32], lstr[32];	/* Width and length as strings */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:872:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	wstr[32], lstr[32];	/* Width and length strings */
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:939:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		wstr[32], lstr[32];	/* Width and length as strings */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		s[2048];		/* Message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-error.c:86:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf->current, s, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[64];		/* Name value */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	other[64];		/* Other operator */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	string[64];		/* Sring value */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:955:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(temp, obj, sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1008:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, st->objs + n, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1010:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(st->objs + n + c - s, temp, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1021:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, st->objs + n + c - s, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1023:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(st->objs + n, temp, (size_t)s * sizeof(_cups_ps_obj_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1292:52:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
          obj.value.number = strtol(cur + 1, &cur, atoi(start));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1564:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((i = atoi(name + 11)) < 0 || i > 15)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1571:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((i = atoi(name + 8)) < 0 || i > 15)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-interpret.c:1578:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((i = atoi(name + 10)) < 0 || i > 15)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:511:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char	header[8];	/* File header */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:654:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          unsigned char	appleheader[32];	/* Raw header */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:927:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(temp, temp - r->bpp, r->bpp);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:969:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, ptr, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:980:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(p, r->pcurrent, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1107:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	appleheader[32];/* Raw page header */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1323:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(r->pcurrent, p, (size_t)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1541:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, r->bufptr, (size_t)count);
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stream.c:1725:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    cf = (_cups_copyfunc_t)memcpy;
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:178:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(h, &(r->header), sizeof(cups_page_header_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:209:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(h, &(r->header), sizeof(cups_page_header2_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:254:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(r->header), h, sizeof(cups_page_header_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:282:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(r->header), h, sizeof(cups_page_header2_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:244:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		MediaClass[64];		/* MediaClass string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:245:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		MediaColor[64];		/* MediaColor string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:246:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		MediaType[64];		/* MediaType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:247:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		OutputType[64];		/* OutputType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:293:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		MediaClass[64];		/* MediaClass string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:294:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		MediaColor[64];		/* MediaColor string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:295:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		MediaType[64];		/* MediaType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:296:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		OutputType[64];		/* OutputType string */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsString[16][64];	/* User-defined string values @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:349:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsMarkerType[64];	/* Ink/toner type @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:350:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsRenderingIntent[64];/* Color rendering intent @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/raster.h:351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsPageSizeName[64];	/* PageSize name @since CUPS 1.2/macOS 10.5@ */
data/cups-2.3.3op1~106-ga72b0140e/cups/rasterbench.c:173:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		buffer[8 * TEST_WIDTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/rasterbench.c:256:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		data[32][8 * TEST_WIDTH];
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:53:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((infile = open(filename, O_RDONLY | O_BINARY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[32768];		/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:589:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			date[256];	/* Date: header value */
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:259:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, buffer + 4, (size_t)templen);
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:359:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, real_data + real_oidlen, (size_t)real_datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:413:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			last_oid[2048];	/* Last OID */
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:602:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer + 4, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp-private.h:60:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	bytes[CUPS_SNMP_MAX_STRING];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp-private.h:81:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		community[CUPS_SNMP_MAX_COMMUNITY];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:115:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:347:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[CUPS_SNMP_MAX_PACKET];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:439:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(packet->address), &address, sizeof(packet->address));
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:649:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[CUPS_SNMP_MAX_PACKET];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:735:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		string[CUPS_SNMP_MAX_STRING];
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1167:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bufptr, packet->community, commlen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1207:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(bufptr, packet->object_value.string.bytes, valuelen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1407:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(string, *buffer, length);
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1417:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(string, *buffer, strsize - 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tformat[100],		/* Temporary format string for sprintf() */
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:188:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, temp, templen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:219:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, temp, templen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:243:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, temp, templen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:261:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, va_arg(ap, char *), (size_t)width);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:287:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, s, (size_t)slen);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:293:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr + width - slen, s, (size_t)slen);
data/cups-2.3.3op1~106-ga72b0140e/cups/string-private.h:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		str[1];			/* String */
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:116:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(item->str, s, slen + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:150:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:398:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[1024],			/* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:610:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  return (memcpy(t, s, slen + 1));
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tmppath[1024];		/* Temporary directory */
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:133:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, _O_CREAT | _O_RDWR | _O_TRUNC | _O_BINARY,
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:136:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, O_RDWR | O_CREAT | O_EXCL | O_NOFOLLOW, 0600);
data/cups-2.3.3op1~106-ga72b0140e/cups/tempfile.c:138:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:40:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		word[256];		/* Word from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*saved[32];		/* Saved entries */
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:523:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		word[256];		/* Word from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:526:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                  printer_state_reasons[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:51:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                  job_state_reasons[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[32],     /* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:130:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              if ((num_clients = atoi(argv[i])) < 1)
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:433:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        xdpi = ydpi = atoi(val + 2);
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:588:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(lineptr, color, 3);
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:631:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          printer_state_reasons[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:634:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          job_state_reasons[1024];/* Printer state reasons */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:765:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024] = "";	/* Temporary file (if any) */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:972:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                  buffer[1024];   /* Value */
data/cups-2.3.3op1~106-ga72b0140e/cups/testclient.c:1008:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                  buffer[1024];   /* Attribute value buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testconflicts.c:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[256],		/* Input buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcreds.c:26:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcreds.c:34:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		hinfo[1024],		/* String for connection credentials */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c:171:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		buffer[1024];	/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c:190:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		buffer[16384];	/* Read/write buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testcups.c:207:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      interval = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:414:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[32768];		/* File buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:519:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char value[1024];                 /* Value of default attribute */
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:549:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	units[32];		/* Units */
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:671:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char valstr[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:46:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:198:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	line[8192];		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:246:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[1024];			/* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:270:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[512];		/* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:447:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:450:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	readbuf[8192],		/* Read buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:676:64:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      else if (_cups_strcasecmp(line, "TestLine") || !value || atoi(value) != i ||
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:224:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Input buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		encode[256],		/* Base64-encoded string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:230:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme from URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:398:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	numeric[1024];		/* Numeric IP address */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	resolved[1024];		/* Resolved URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:639:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      out = fopen(argv[i], "wb");
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:664:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char info[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:116:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* File line source string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:118:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		legsrc[1024],		/* Legacy source string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:152:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(argv[1], "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:194:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen("utf8demo.txt", "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:543:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(utf32src, utf32dest, (len + 1) * sizeof(cups_utf32_t));
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:948:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char                  buffer[2048];   /* Value string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:993:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, data->wbuffer + data->rpos, count);
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:1014:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	hex[256] = "";		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:1093:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(data->wbuffer + data->wused, buffer, count);
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024];	/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:195:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        locale_str[256],        /* Locale ID C string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:205:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        country_str[256];       /* Country code C string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:291:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024];		/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:306:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1082:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	scheme[32],		/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1173:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	realfile[1024];		/* Real file path */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1211:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		lang[255],	/* LANG environment variable */
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:1376:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	command[1024];		/* malloc_history command */
data/cups-2.3.3op1~106-ga72b0140e/cups/testpwg.c:93:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fd = open(argv[2], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:74:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:133:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		data[2048];	/* Raster data */
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:148:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen("test.raster", "wb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testraster.c:286:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen("test.raster", "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/cups/testsnmp.c:121:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary OID string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testsnmp.c:203:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary OID string */
data/cups-2.3.3op1~106-ga72b0140e/cups/testthreads.c:188:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	      char valstr[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:88:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024],		/* Command */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:364:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Keychain filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:459:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1024];
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:535:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			cert_name[256];	/* Certificate's common name (C string) */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:626:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	credentials_str[1024],	/* String for incoming credentials */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:812:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		commonName[256],/* Common name associated with cert */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:816:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	md5_digest[16];	/* MD5 result */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:924:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Filename for keychain */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1042:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Filename for keychain */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1219:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1225:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			msgbuf[1024];	/* Error message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1677:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((void *)credential->data, CFDataGetBytePtr(data),
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[1024],	/* Temporary directory name */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:71:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		buffer[8192];	/* Buffer for x509 data */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:73:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		serial[4];	/* Serial number buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localname[256];                /* hostname.local */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:262:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[1024];			/* Default path buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:403:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char	cserial[1024],	/* Certificate serial number */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:485:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	credentials_str[1024],	/* String for incoming credentials */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[256],	/* Common name associated with cert */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:673:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	md5_digest[16];	/* MD5 result */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:716:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* filename.crt */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:847:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* filename.crt */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		filename[1024],	/* site.crl */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1263:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1268:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			priority_string[2048];
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1368:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	crtfile[1024],		/* Certificate file */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1422:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cacrtfile[1024], cakeyfile[1024];	/* CA cert files */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1469:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cacrtfile[1024], cakeyfile[1024];	/* CA cert files */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cert_name[1024];	/* Name from certificate */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		cert_name[256];	/* Common name */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:350:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	md5_digest[16];	/* MD5 result */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		error[1024];		/* Error message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:550:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		error[1024];		/* Error message buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:723:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, sspi->readBuffer, bytesToCopy);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:845:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, pDataBuffer->pvBuffer, bytesToCopy);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:869:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(((BYTE *)sspi->readBuffer) + sspi->readBufferUsed, ((BYTE *)pDataBuffer->pvBuffer) + bytesToCopy, bytesToSave);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:927:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	hostname[256],			/* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sspi->writeBuffer + sspi->streamSizes.cbHeader, bufptr, chunk);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1224:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Hostname */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1227:3:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  TCHAR			username[256];	/* Username returned from GetUserName() */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1228:3:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  TCHAR			commonName[256];/* Common name for certificate */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2069:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		common_name[512];	/* Common name for cert */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2233:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2254:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2342:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			error[1024];	/* Error message string */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2356:23:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  count             = MultiByteToWideChar(CP_ACP, 0, common_name, -1, NULL, 0);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2361:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (!MultiByteToWideChar(CP_ACP, 0, common_name, -1, commonNameUnicode, count))
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		creds_str[2048];	/* Credentials string */
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024],		/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		value[1024];		/* Attribute (string) value */
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:148:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port = atoi(argv[i] + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:150:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/cups/tlscheck.c:187:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char unknownCipherName[256];
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	toset[1024];		/* Destination character set */
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	toset[1024];		/* Destination character set */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			user[65],	/* User name */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			gss_service_name[32];
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:420:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      cg->ipp_port = atoi(port);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:515:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			version[256];	/* macOS/iOS version */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:817:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((tty = open("/dev/tty", O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:974:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1285:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	sval[1024];			/* String value */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1346:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[1024],			/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1407:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ((cg->ipp_port = atoi(ipp_port)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:1496:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[256],			/* Copy of value */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Job/printer URI */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:228:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	resource[1024];			/* Printer resource */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:438:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for jobs */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:787:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/cups/util.c:911:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024],		/* Resource for destinatio */
data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.c:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		keyword[PPD_MAX_NAME],	/* Keyword name */
data/cups-2.3.3op1~106-ga72b0140e/examples/ppdx.c:184:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[PPDX_MAX_CHUNK],	/* Chunk buffer */
data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c:31:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		contents[8193],		/* Contents of file */
data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c:49:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen("testppdx.c", "r");
data/cups-2.3.3op1~106-ga72b0140e/examples/testppdx.c:82:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fp = fopen("testppdx.dat", "wb")) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/filter/commandtops.c:130:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024],		/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:99:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    Orientation = atoi(val) - 3;
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:26:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/gziptoany.c:49:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024];		/* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:197:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[8192];		/* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:518:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:613:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (Duplex && (pages = atoi(line + 8)) > 0 && pages <= doc->number_up)
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:693:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int orient = (atoi(line + 14) / 90) & 3;
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:1047:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:1230:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		label[256],		/* Page label string */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:1632:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      bytes = atoi(strchr(line, ':') + 1);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2015:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024];		/* Output buffer */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[255],		/* Option name */
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2311:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  doc->job_id = atoi(argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2314:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  doc->copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2435:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    switch (intval = atoi(val))
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2563:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    max_copies = atoi(attr->value);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2697:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      bytes = atoi(strchr(line, ':') + 1);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:48:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char	*Planes[6],		/* Output buffers */
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:540:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(comp_ptr, start, (size_t)count);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertoepson.c:1010:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:28:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char	*Planes[4],		/* Output buffers */
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:529:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(comp_ptr, start, count);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertohp.c:679:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:514:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  val = atoi(choice->choice);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:673:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  val = atoi(choice->choice);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:869:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(LastBuffer, Buffer, header->cupsBytesPerLine);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1016:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(comp_ptr, start, count);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1031:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(LastBuffer, line, length);
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertolabel.c:1132:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(argv[6], O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:66:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(argv[6], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/filter/rastertopwg.c:241:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      unsigned quality = (unsigned)atoi(val);		/* print-quality value */
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			idbuf[80],	/* Abbreviated msgid */
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:336:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bufptr, "...", 4);
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:352:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[255],		/* Format string buffer */
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			s[4096],	/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:233:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(msgstr + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:245:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(msgid + length, ptr, ptrlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	iconv[1024],			/* iconv command */
data/cups-2.3.3op1~106-ga72b0140e/locale/strings2po.c:76:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((po = fopen(argv[2], "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:82:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((infile = fopen(argv[1], "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:93:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((outfile = fopen(argv[2], "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:942:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	name[1024],		/* Name */
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:1171:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char temp[1024];			/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* Line/buffer from stream/file */
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:60:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:61:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp     = fopen(argv[6], "rb");
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* Line/buffer from stream/file */
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:59:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    copies = atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:60:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp     = fopen(argv[6], "rb");
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:149:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		lock_filename[1024];	/* Lock filename */
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:628:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((*fd = open(lockfile, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:24:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mailtoCc[1024];			/* Cc email address */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mailtoFrom[1024];		/* From email address */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:26:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mailtoReplyTo[1024];		/* Reply-To email address */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:27:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mailtoSubject[1024];		/* Subject prefix */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:28:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mailtoSMTPServer[1024];		/* SMTP server to use */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:29:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	mailtoSendmail[1024];		/* Sendmail program to use */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:202:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		response[1024];		/* SMTP response buffer */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	hostbuf[1024];		/* Local hostname */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:237:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	spec[1024];		/* Host:service spec */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:253:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:261:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:268:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:275:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:282:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:355:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:368:58:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (!cupsFileGets(fp, response, sizeof(response)) || atoi(response) >= 500)
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:392:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:493:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*argv[100],		/* Argument array */
data/cups-2.3.3op1~106-ga72b0140e/notifier/mailto.c:608:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024];	/* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:71:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[32],		/* URI scheme ("rss") */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Local filename */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		baseurl[1024];		/* Base URL */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:127:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      max_events = atoi(options + 11);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:212:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                     NULL, server_name, atoi(server_port), "/rss%s", resource);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:437:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[4096],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:449:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:538:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      sequence_number = atoi(start + 6);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:605:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		date[1024];		/* Current date */
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:609:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "w")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/notifier/testnotify.c:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024];	/* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-array.cxx:36:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(data, a->data, (size_t)count * sizeof(ppdcShared *));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-array.cxx:86:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, data, (size_t)count * sizeof(ppdcShared *));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	pofile[1024];		// Message catalog file
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		applelang[256];	// Apple language ID
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:131:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	baseloc[3];		// Base locale...
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:172:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[1024];		// Text to translate
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:237:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[4096],		// Line buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:667:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	id[1024],			// Message id
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:744:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[3];		// Bytes
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:930:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[4];		// Output buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:379:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			query[42],	// Query attribute
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:661:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char density[255], gamma[255], profile[9][255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:860:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char left[255], right[255], bottom[255], top[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:889:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char width[255], length[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:947:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char width0[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:961:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char length0[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1035:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char order[255];
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[256],		// Comment line
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:243:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		encoding[256],	// Encoding string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:161:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		// Temporary path
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:293:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[1024],			// Name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:340:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	buffer[256];			// String buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:376:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[1024],			// Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:417:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Option name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:510:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resolution[1024],	// Resolution/media type
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		// One string to rule them all
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:707:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:768:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[256];		// Duplex keyword
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:870:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	type[1024],			// MIME type
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:948:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[256],			// String buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:982:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[256],	// Font name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1090:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// UI name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Name for installable option
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1449:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[1024];			// String buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1471:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	buffer[256],			// Number buffer
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1510:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// UI name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1619:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		locale[32],		// Locale name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1696:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1801:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resolution[1024],	// Resolution/media type
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1894:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1938:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[256],		// Name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024],		// Name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2175:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tformat[100];		// Temporary format string for fprintf()
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2248:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(tformat, bufformat, (size_t)(format - bufformat));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2265:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(tformat, bufformat, (size_t)(format - bufformat));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2283:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(tformat, bufformat, (size_t)(format - bufformat));
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2385:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[256],		// Token from file...
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2559:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	basedir[1024],		// Base directory
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2739:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	copytemp[8192],		// Copyright string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3056:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	name[256];		// Model name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3087:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		name[41];	// Media size name
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3179:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	name[256];		// Model name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3225:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	name[256];		// Filename string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3242:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	name[256];		// PC filename string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3345:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	name[256];		// Model name string
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:3426:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		bckname[1024];		// Backup file
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-string.cxx:31:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(value, v, vlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:151:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	temp[1024],	// Copy of language list
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		bckname[1024];		// Backup filename
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		// Line from file
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:294:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	locale[255];		// Locale string
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	username[HTTP_MAX_VALUE],	/* Username string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:178:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ifname[32],	/* Interface name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		authdata[HTTP_MAX_VALUE];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:862:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	scheme[256];		/* Auth scheme... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1377:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1968:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp, mask, sizeof(cupsd_authmask_t));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.c:53:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Name of banner */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Certificate filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:75:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(filename, O_WRONLY | O_CREAT | O_EXCL, 0400)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:268:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Certificate file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:309:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Certificate file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.h:18:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		certificate[33];	/* 32 hex characters, or 128 bits */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.h:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		username[33];		/* Authenticated username */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:25:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uri[1024];	/* Class URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:265:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[4096],	/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:347:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (value && (i = atoi(value)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:476:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->state_time = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:581:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->quota_period = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:589:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->page_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:597:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->k_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/classes.c:660:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* classes.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[256];	/* Hostname of client */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	peername[256];		/* Name of process */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:550:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[32768],	/* Line from client... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buf[1024];	/* Buffer for real filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:694:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  char	scheme[HTTP_MAX_URI],	/* Method/scheme */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1384:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1662:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    con->file = open(con->filename, O_WRONLY | O_CREAT | O_TRUNC, 0640);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1862:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(con->filename, O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1916:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	location[HTTP_MAX_VALUE];	/* Location field */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:1970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	message[4096],		/* Message for user */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2069:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		auth_str[1024];		/* Authorization string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2418:44:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  	      con->pipe_status = (http_status_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2694:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		language[7],		/* Language subdirectory, if any */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3001:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Configuration filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3004:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[16384];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		argbuf[10240],		/* Argument buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3214:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		auth_type[256],		/* AUTH_TYPE environment variable */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3575:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    con->clientport = atoi(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3731:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  con->file = open(filename, O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:32:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			username[HTTP_MAX_VALUE],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			header[2048];	/* Header from CGI program */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			clientname[256];/* Client's server name for connection */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.h:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			servername[256];/* Server name for connection */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:127:58:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void	colord_get_qualifier_format(ppd_file_t *ppd, char *format[3]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:330:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ppdfile[1024],	/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:340:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			q_keyword[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:905:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		device_id[1024];	/* Device ID as understood by colord */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:906:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		format_str[1024];	/* Qualifier format as a string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1021:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		format_str[1024];	/* Qualifier format as a string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1317:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       *format[3])		/* I - Format tuple */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1370:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ppdfile[1024],		/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1376:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*format[3];		/* Qualifier format tuple */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1495:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	device_id[1024];		/* Device ID as understood by colord */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:224:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(a->name, name, namelen + 1);	/* OK since a->name is allocated */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:245:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		pathname[1024];		/* File name with prefix */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:412:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[1024];		/* Service name buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:535:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		/* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1716:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024],	/* Hostname + port number buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1972:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      i = atoi(maskval);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2444:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	value[1024],			/* Value string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2525:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		value[1024],		/* Value string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2607:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	value[1024],			/* Value string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2678:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[1024];	/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2875:4:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		 atoi(value) != 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2938:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[HTTP_MAX_BUFFER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2982:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      JobRetryInterval = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:2989:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      JobRetryLimit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3149:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3439:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[HTTP_MAX_BUFFER],	/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3499:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Group = (gid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3524:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        LogFileGroup = (gid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3685:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int uid = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3698:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  User = (uid_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3763:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[HTTP_MAX_BUFFER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:3883:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[HTTP_MAX_BUFFER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.h:86:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1];		/* Alias name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.h:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char		*SystemGroups[MAX_SYSTEM_GROUPS]
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	device_class[128],		/* Device class */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Backend directory filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:145:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  request_id = atoi(argv[1]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:153:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  device_limit = atoi(argv[2]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:161:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  timeout = atoi(argv[3]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:169:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  normal_user = (uid_t)atoi(argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:472:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[2048],			/* Line from backend */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:736:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			program[1024];	/* Full path to backend */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:738:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			*argv[2];	/* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:71:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[512],		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:94:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	all[TAR_BLOCK];		/* Raw data block */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:97:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	pathname[100],		/* Destination path */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:209:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    cat_ppd(argv[3], atoi(argv[2]));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:211:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:211:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    list_ppds(atoi(argv[2]), atoi(argv[3]), argv[4]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:307:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		message[2048],		// status-message
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:421:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[256],		/* Scheme from PPD name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:476:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	*argv[4];		/* Arguments for program */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:557:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:597:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Archive filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:770:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* ppds.dat filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1002:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* ppds.dat filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	newname[1024];		/* New filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1200:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    model_number = atoi(model_number_str);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1592:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024],		// Driver URI
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1708:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		drivers[1024];		/* Location of driver programs */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1713:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*argv[3],		/* Arguments for command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1948:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[256],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2361:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Name of PPD or directory */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2393:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dinfoptr, &dinfo, sizeof(struct stat));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2653:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		curname[256],		/* Current archive file name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2760:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		res[2048],		/* Regular expression string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2864:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		res[2048],		/* Regular expression string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:74:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              gid = (gid_t)atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:82:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              niceval = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:90:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              uid = (uid_t)atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	line[1024];		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[256],		/* Command string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		hostname[256],		/* Name of client */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:416:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from lpoptions file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:720:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:779:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Temporary filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:782:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[256],		/* Line from file/stdin */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:788:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		control[1024],		/* Control filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:791:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		user[1024],		/* User name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:891:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fd = open(control, O_WRONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1022:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(control, "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1228:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1248:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  while ((id = atoi(list)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1324:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		rankstr[255];		/* Rank string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1325:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		namestr[1024];		/* Job name string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1326:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		dest[256];		/* Printer/class queue */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1328:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char * const ranks[10] =	/* Ranking strings */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1403:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  id = atoi(list);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:49:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		TempFile[1024] = "";
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:106:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		mimedir[1024];		/* MIME directory */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cupsfilesconf[1024];	/* cups-files.conf file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:533:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[MIME_MAX_SUPER],	/* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:605:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024];		/* Full path to program */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:813:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		processPath[1024],	/* CFProcessPath environment variable */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:856:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        infd = open("/dev/null", O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:868:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        outfd = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:877:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open("/dev/null", O_RDWR)) > 3)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:884:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open("/dev/null", O_RDWR)) > 4)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:923:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*argv[8],		/* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1136:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      filterfds[1 - current][1] = open(outfile, O_CREAT | O_TRUNC | O_WRONLY,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1146:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    pid = exec_filter(program, (char **)argv, (char **)envp,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1146:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    pid = exec_filter(program, (char **)argv, (char **)envp,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024];		/* job-uri */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:1370:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	valueStr[1024],			/* Domain string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:346:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		admin_hostname[256],	/* Hostname for admin page */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1000:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[256],			/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1188:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[256];		/* Service name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1385:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		webif[1024];		/* Web interface share name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		nameBuffer[1024];	/* C-string buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1592:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024];		/* Printer/class resource path */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1670:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1739:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	newfile[1024];		/* New cups-lpd.N file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1742:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	line[1024];		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1789:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	*argv[5],		/* Arguments for command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1826:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	newfile[1024];		/* New smb.conf.N file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1829:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	line[1024];		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:22:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	*common_env[MAX_ENV];	/* Common env vars */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		v[4096];		/* Formatting string value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:88:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	newfile[1024],			/* filename.N */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:178:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		newfile[1024];		/* filename.N */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:224:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	oldfile[1024];		/* filename.O */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:317:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[512];	/* Data buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/file.c:334:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(filename, O_WRONLY | O_EXCL)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:152:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char        value[1024];          /* Attribute value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:821:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		job_uri[HTTP_MAX_URI];	/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE + 2];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1526:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      priority = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:1999:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	notifier[1024],		/* Notifier filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2125:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sub->user_data, user_data->values[0].unknown.data,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2186:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uuid[64];	/* job-uuid string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2210:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2218:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* Line from file... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2219:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		srcfile[1024],		/* Source Script/PPD file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		old_device_uri[1024];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2740:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cache_name[1024];		/* Cache filename for printer attrs */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2951:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3012:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3127:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3367:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3474:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3661:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		username[33],		/* Username */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:3902:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			job_uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4099:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		attrname[255],		/* Name of attribute */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4381:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[2048];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4434:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024];		/* Temporary PPD file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4438:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*argv[4],		/* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4445:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[2048];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4447:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		option[PPD_MAX_NAME],	/* Option name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4452:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cups_protocol[PPD_MAX_LINE];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4471:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tempfd = open(tempfile, O_WRONLY | O_CREAT | O_TRUNC, 0600);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4720:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	job_uri[HTTP_MAX_URI];		/* Job URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4849:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5044:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			printer_uri[HTTP_MAX_URI];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5236:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		fromppd[1024],		/* Source PPD */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[128],		/* Sanitized printer name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5574:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5730:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	notifier[1024];		/* Notifier filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5845:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	temp[64];		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5847:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp, user_data->values[0].unknown.data, (size_t)user_data->values[0].unknown.length);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5929:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(sub->user_data, user_data->values[0].unknown.data,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5958:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Script/PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6115:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			command[1024],	/* cups-deviced command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6209:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6214:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* Filename for document */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6262:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6313:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((con->file = open(filename, O_RDONLY)) == -1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6409:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6473:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7029:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	command[1024],		/* cups-driverd command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7083:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	filename[1024];		/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7132:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((con->file = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			command[1024],	/* cups-driverd command */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7692:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7730:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    job     = cupsdFindJob(atoi(resource + 6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7735:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                      atoi(resource + 6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7868:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7921:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8075:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Scheme portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8197:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8401:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8403:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[MIME_MAX_SUPER],	/* Supertype of file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:8695:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[256];	/* Line data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9007:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9059:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9232:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9283:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9393:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Job authentication filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9395:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[65536];	/* Line for file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9565:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			job_uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9577:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			super[MIME_MAX_SUPER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9583:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9635:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10021:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	resource[HTTP_MAX_URI];	/* Resource portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10069:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		formatted[1024];	/* Formatted errror message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10181:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10244:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    jobid = atoi(resource + 6);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10674:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[256],	/* New attribute name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:11163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		baseuser[256],		/* Base username */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:11237:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			super[MIME_MAX_SUPER],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:494:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[255];	/* Device URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:595:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	type[MIME_MAX_TYPE];	/* MIME media type for printer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1166:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	      job->print_pipes[1] = open(job->printer->device_uri + 5,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1169:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	      job->print_pipes[1] = open(job->printer->device_uri + 7,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1172:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	      job->print_pipes[1] = open(job->printer->device_uri + 7,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1175:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	      job->print_pipes[1] = open(job->printer->device_uri + 5,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1548:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Full filename of job.cache file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1653:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			jobfile[1024];	/* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2002:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	line[65536],		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2182:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		/* job.cache filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2256:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Job control filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2540:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2616:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[2048];		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:2962:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			temp[2048],	/* Log message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3096:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[1024];	/* Buffer for formatted messages */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4261:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		jobfile[1024];		/* Job filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4294:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        NextJobId = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4310:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      jobid = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4388:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->state_value = (ipp_jstate_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4413:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->priority = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4425:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->dtype = (cups_ptype_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4429:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->koctets = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4433:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->num_files = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4469:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	super[MIME_MAX_SUPER],	/* MIME super type */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4538:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Line buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4570:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        next_job_id = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4631:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->id              = atoi(dent->filename + 1);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4677:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	filename[1024];			/* Document filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4709:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	filename[1024];			/* Control filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4732:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			date_name[128];	/* date-time-at-xxx */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:5069:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		message[CUPSD_SB_BUFFER_SIZE],
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:5123:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int total = atoi(message + 6);	/* Total impressions */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:5262:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int progress = atoi(attr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.h:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			*auth_env[3],	/* AUTH_xxx environment variables,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.h:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			message[1];	/* Message string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/listen.c:123:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			s[256];		/* String addresss */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		backname[1024],		/* Backup log filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:307:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char		s[1024];	/* Date/time string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:308:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char * const months[12] =/* Months */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:447:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Buffer for vsnprintf */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:499:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			clientmsg[1024];/* Format string for client message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:554:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			jobmsg[1024];	/* Format string for job message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:608:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp->message, log_line, log_len + 1);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:774:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[2048],	/* Buffer for page log */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:780:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			number[256];	/* Page number */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:845:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	      memcpy(name, format + 1, (size_t)(nameend - format - 1));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:1021:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	temp[2048];			/* Temporary string for URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:390:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((i = open("/dev/null", O_RDONLY)) != 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:396:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((i = open("/dev/null", O_WRONLY)) != 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:402:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((i = open("/dev/null", O_WRONLY)) != 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	line[1024];		/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1343:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		v[65536 + 64];		/* Formatting string value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1396:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024];		/* Process name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1504:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	message[1024];	/* New printer-state-message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:1852:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			s[256];		/* String addresss */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:2045:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          pidfile[1024];          /* PID/KeepAlive file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:176:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Message buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:277:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Full filename of .convs file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Full filename of .types file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:544:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			path[1024];	/* Full path to filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:660:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024],		/* Input line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:760:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    cost = atoi(lineptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:849:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[32768],		/* Input line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	matchv[64];		/* Match value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	localev[64];		/* Locale value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	stringv[64];		/* String value */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[MIME_MAX_SUPER],	/* Super-type name ("image", "application", etc.) */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.h:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filter[MIME_MAX_FILTER];/* Filter program to use */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[1024];	/* Hostname for address */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:187:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(temp->hostname, hostname, hostlen + 1);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:195:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&(temp->address), addr->ifa_addr, sizeof(struct sockaddr_in));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:196:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&(temp->mask), addr->ifa_netmask, sizeof(struct sockaddr_in));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:199:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(temp->broadcast), addr->ifa_dstaddr,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:209:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&(temp->address), addr->ifa_addr, sizeof(struct sockaddr_in6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:210:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&(temp->mask), addr->ifa_netmask, sizeof(struct sockaddr_in6));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:213:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&(temp->broadcast), addr->ifa_dstaddr,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.h:23:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[32],	/* Network interface name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:61:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uri[1024],	/* Printer URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:787:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	filename[1024];		/* Script/PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:943:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[4096],	/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:972:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (value && (i = atoi(value)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1057:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if (value && (i = atoi(value)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1204:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->state_time = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1213:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->config_time = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1238:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->type = (cups_ptype_t)atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1320:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->quota_period = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1328:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->page_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1336:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->k_limit = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1392:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  p->marker_time = atoi(valueptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1478:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* printers.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1934:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	buffer[1024],			/* URI buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[256],		/* printer-supply values */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2252:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[HTTP_MAX_URI];	/* Resource portion of URI */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2617:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		reason[255],		/* Reason string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2870:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		srcfile[1024],		/* Original filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3017:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			localname[1024],/* Localized hostname */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[256];		/* name-default */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3459:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[MIME_MAX_SUPER],	/* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3471:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Full filter filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3611:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE + 2];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3697:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		pdl[1024];	/* Buffer to build pdl list */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3848:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cache_name[1024];	/* Cache filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3851:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ppd_name[1024];		/* PPD filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3853:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		strings_name[1024];	/* Strings filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3884:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char * const sides[3] =	/* sides-supported values */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4843:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		outPath[HTTP_MAX_URI];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		username[33];		/* User data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:78:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		state_message[1024];	/* Printer state message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*reasons[64];		/* printer-state-reasons strings */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:83:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*job_sheets[2];		/* Banners/job sheets */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.h:110:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*auth_info_required[4];	/* Required authentication fields */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[1];			/* Name of process */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:76:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			profile[1024],	/* File containing the profile */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	testroot[1024];		/* Root directory of test files */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:475:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*real_argv[110],	/* Real command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:490:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		processPath[1024],	/* CFProcessPath environment variable */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:668:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        errfd = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:697:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        infd = open("/dev/null", O_RDONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:709:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        outfd = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.h:25:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	prefix[64];			/* Prefix for log messages */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.h:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	buffer[CUPSD_SB_BUFFER_SIZE];	/* Buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			ftext[1024];	/* Formatted text buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:672:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			line[1024],	/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:704:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      i = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:717:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
				   atoi(value));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:830:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((sub->job = cupsdFindJob(atoi(value))) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:940:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sub->lease  = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:958:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sub->interval = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:974:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sub->expire = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:990:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	sub->next_event_id = sub->first_event_id = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:1024:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024], /* subscriptions.conf filename */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:1447:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	*argv[4],			/* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.c:1567:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		message[1024];		/* Pointer to message text */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/subscriptions.h:85:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		user_data[64];	/* notify-user-data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	*cupslpd_argv[1000];		/* Arguments for cups-lpd */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:230:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024],		/* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:250:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(args[0], O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:381:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024];		/* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:405:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024];		/* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024],		/* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:478:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024],		/* Command buffer */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:42:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[MIME_MAX_SUPER],	/* Super-type name */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:201:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[MIME_MAX_SUPER],	/* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:345:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	indent[255] = "\t";	/* Indentation for rules */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* File to type */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:86:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      children = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:102:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      requests = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:121:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port   = atoi(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testspeed.c:145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	options[255],		/* Command-line options for child */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testsub.c:48:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*events[100];		/* Events */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testsub.c:425:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	vstring[256];	/* Formatted time */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:37:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[MIME_MAX_BUFFER];/* Buffered data */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:134:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(temp->type, type, typelen);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[255],		/* Name in rule string */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:439:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  mt->priority = atoi(value[0]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:535:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(temp->value.stringv, value[1], (size_t)length[1]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:569:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(temp->value.stringv, value[2], (size_t)length[2]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:913:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char temp[MIME_MAX_BUFFER + 1];
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:916:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(temp, fb->buffer, (size_t)fb->length);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:165:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	*envp[500],			/* Array of environment variables */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:301:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open("/dev/null", O_RDONLY)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:43:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024];		/* Printer or job URI */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:208:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        job_id = atoi(job + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:218:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        job_id = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:921:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	junkstr[255];			/* Temp string */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1748:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			option[PPD_MAX_NAME],
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2322:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		super[16],		/* Super-type for filter */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2977:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Profile filename */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2982:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*specs[1000];		/* Specifiers for profiles */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[PPD_MAX_NAME];	/* PapeSize name that is supposed to be */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3382:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	altbuf[PPD_MAX_NAME];
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3427:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		ll[3];			/* Base language */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3655:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	 language = (char *)cupsArrayNext(languages))
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3885:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		/* Temporary path */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:45:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*files[1000];		/* Files to print */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:51:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:237:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		job_id = atoi(strrchr(val, '-') + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:239:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		job_id = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:254:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	email[1024];	/* EMail address */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:267:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		num_copies = atoi(opt + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:280:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		num_copies = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:318:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		priority = atoi(opt + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:331:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		priority = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:660:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for job */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:705:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for job */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:227:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char line[256];
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:695:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:813:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:862:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:916:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1062:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI];	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1175:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resolved[1024],		/* Resolved URI */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:1335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[HTTP_MAX_URI],	/* URI for printer/class */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c:171:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	timeout = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c:180:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      timeout = atoi(argv[i] + 10);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:106:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        jobid = atoi(job + 1);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:109:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        jobid = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	job_uri[HTTP_MAX_URI],		/* job-uri */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[10240],		/* String for options */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:391:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[10240],		/* Option string buffer */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:483:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024];		/* Resource path */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:685:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		printer_state_time[255];/* Printer state time */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:862:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		method[HTTP_MAX_URI],	/* Request method */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1300:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[255],		/* Temporary buffer */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1475:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	alerts[1024],	/* Alerts string */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1535:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		printer_uri[HTTP_MAX_URI],
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1812:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	alerts[1024],	/* Alerts string */
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1932:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char	alerts[1024],	/* Alerts string */
data/cups-2.3.3op1~106-ga72b0140e/tools/dither.h:2:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char threshold[64][64] =
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:257:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[65536];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:267:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:426:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(compptr, start, count);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:472:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	username[HTTP_MAX_VALUE],	/* Username string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uri[1024],	/* Request URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:259:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Client hostname */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:397:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		directory[1024] = "";	/* Spool directory */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:593:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      serverport = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1137:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uri[1024],	/* job-uri value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char printer_uri[1024];		/* job-printer-uri value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			name[256],	/* "Safe" filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1312:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return (open(fname, O_WRONLY | O_CREAT | O_TRUNC, 0666));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			service[255];	/* Service port */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1360:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		media_key[256];		/* media-key value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1440:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			path[1024];	/* Full path to command */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1442:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		sha256[32];	/* SHA-256 digest/sum */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1443:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uuid_data[1024],/* Data to hash for printer-uuid */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1448:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char		*formats[100],	/* Supported document formats */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1451:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char		*sup_attrs[100];/* Supported attributes */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1452:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			xxx_supported[256];
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1715:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	temp[1024],		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1803:161:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  for (num_formats = 0, format = (const char *)cupsArrayFirst(docformats); format && num_formats < (int)(sizeof(formats) / sizeof(formats[0])); format = (const char *)cupsArrayNext(docformats))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2012:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[2048];	/* String buffer for value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2341:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      key.id = atoi(uriptr + 1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2365:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2501:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[256],	/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2511:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* Filename buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2605:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((infile = open(resource, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2782:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	buffer[8192];			/* Read buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2935:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tformat[100],		/* Temporary format string for sprintf() */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uris[3][1024];		/* Buffers for URIs */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3608:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char	*values[3];		/* Values for attribute */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3623:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uri[1024];		/* URI value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3656:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		reason[32];		/* Reason string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3674:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uri[1024];		/* URI value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3682:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uri[1024];		/* URI value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3693:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uris[2][1024];		/* Buffers for URIs */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3694:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char	*values[2];		/* Values for attribute */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3736:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char * const afplay[3] =
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[256];		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4275:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			device_id[1024],/* printer-device-id */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4978:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*urf[10];		/* urf-supported values */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4979:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		urf_rs[32];		/* RS value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5501:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	device_id[1024];		/* Device ID string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5513:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	input_tray[1024];	/* printer-input-tray value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5740:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->impressions = atoi(option->value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5748:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      job->impcompleted = atoi(option->value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5803:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[1];			/* First byte from client */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5843:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			uri[1024];	/* URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5847:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[32],	/* Method/scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5984:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    client->host_port = atoi(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6068:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	buffer[4096];	/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6071:62:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (!stat(client->printer->strings, &fileinfo) && (fd = open(client->printer->strings, O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6102:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	buffer[4096];	/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6105:63:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (!stat(client->printer->icons[1], &fileinfo) && (fd = open(client->printer->icons[1], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6144:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	buffer[4096];	/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6147:63:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (!stat(client->printer->icons[2], &fileinfo) && (fd = open(client->printer->icons[2], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6186:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	buffer[4096];	/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6189:63:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if (!stat(client->printer->icons[0], &fileinfo) && (fd = open(client->printer->icons[0], O_RDONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6444:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		scheme[32],	/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		*myargv[3],	/* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6617:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		val[1280],	/* IPP_NAME=value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6622:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		line[2048],	/* Line from stderr */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6764:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	scheme[32],		/* URI scheme */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6783:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((mystdout = open(resource, O_WRONLY | O_CREAT | O_TRUNC, 0666)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6800:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  if ((mystdout = open(resource, O_WRONLY | O_CREAT | O_TRUNC, 0666)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6805:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        else if ((mystdout = open(resource, O_WRONLY)) >= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6813:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		service[32];	/* Service number */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6835:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      mystdout = open("/dev/null", O_WRONLY);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7148:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			adminurl[247],	/* adminurl value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7205:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	new_dnssd_name[256];	/* New DNS-SD name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			regtype[256];	/* DNS-SD service type */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[256];		/* Subtype service string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7455:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	message[1024];			/* Text message */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[256];			/* WWW-Authenticate value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7736:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			tray_str[1024],	/* printer-input-tray string value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7825:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[255];		/* Form name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7874:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ready_sheets = atoi(val);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7973:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(tray_str, ready_tray, (size_t)tray_len);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7977:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        ready_sheets = atoi(tray_ptr + 6);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8089:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	when[256],		/* When job queued/started/finished */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8145:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		supply_text[1024],	/* Supply string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	name[64];		/* Form field */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8234:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        level = atoi(val);      /* New level */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8272:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(supply_text, supply_value, (size_t)supply_len);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8276:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      level = atoi(supply_ptr + 6);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8478:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	header[8];	/* First 8 bytes of file */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:75:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    copies = atoi(ipp_copies);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:127:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	c[5];			/* Base-85 encoded characters */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:129:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static unsigned char leftdata[4];	/* Leftover data at the end */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:189:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(leftdata + leftcount, data, (size_t)(length - leftcount));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:247:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  ppdEmitJCL(ppd, stdout, job_id ? atoi(job_id) : 0, cupsUser(), job_name ? job_name : "Unknown");
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:407:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      media = pwgMediaForSize(atoi(x_dimension), atoi(y_dimension));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:407:50:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      media = pwgMediaForSize(atoi(x_dimension), atoi(y_dimension));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:536:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[65536],		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:559:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:781:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempfile[1024];		/* Temporary file */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:784:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char	*pdf_argv[8];		/* Command-line arguments */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:785:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		pdf_options[1024];	/* Options */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:904:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];			/* Line from file */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:913:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename, "rb")) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:1037:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(filename, O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		buf[1024],	/* Full name string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1902:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		program[1024];		/* Program to execute */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:1972:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	temp[2048],		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		fullName[kDNSServiceMaxDomainName];
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			port[10];	/* Port number of service */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2254:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		preasons[1024],	/* Comma-delimited printer-state-reasons */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2467:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      temp->range[1] = atoi(value + 1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2476:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      temp->range[0] = temp->range[1] = atoi(value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2486:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	message[256];		/* Error message */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2505:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
     memcpy(temp->args, args, (size_t)num_args * sizeof(char *));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2562:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			key[256],	/* TXT key value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2607:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(key, txtRecord, valueLen);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2644:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		key[256],		/* TXT key */
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2683:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(key, current->text, current->size);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2711:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		uri[1024];		/* URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		compression[16];	/* COMPRESSION value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		*displayed[200];	/* Displayed attributes */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:140:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		file[1024],		/* Data filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		name[1024];		/* Test name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		pause[1024];		/* PAUSE value */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:147:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[512];		/* Resource for request */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		test_id[1024];		/* Test identifier */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:586:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		repeat = atoi(argv[i]);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:731:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[10240];		/* Format buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:766:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  ascheme[32],                    /* Components of first URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:771:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char  bscheme[32],                    /* Components of second URI */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:880:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, data, (size_t)datalen);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:909:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:912:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[131072];		/* Copy buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1446:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char	group_name[256],/* Parent attribute name */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2195:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	buffer[255];		/* String buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2247:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((tty = open("/dev/tty", O_RDONLY)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2389:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	buffer[IPP_MAX_LENGTH * 5 / 4 + 1];
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2447:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[131072];		/* Value buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2566:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[10240];		/* Format buffer */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3026:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	name[1024],			/* Name string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3183:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  data->request_id = atoi(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3226:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[1024];		/* Filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3568:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      if ((count = atoi(temp)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3696:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      else if (atoi(temp) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3704:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	data->last_status->repeat_limit = atoi(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3708:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	data->last_expect->repeat_limit = atoi(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3901:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(data->last_expect->with_value, value + 1, (size_t)(ptr - value - 1));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4118:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		filename[1024];	/* Mapped filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4154:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		filename[1024];	/* Mapped filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4190:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char		filename[1024];	/* Mapped filename */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4413:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		/* Temporary value string */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4839:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(temp, adata, (size_t)adatalen);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4878:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          unsigned char	withdata[1023],	/* WITH-VALUE data */
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4932:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(withdata, value, (size_t)withlen);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:41:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open		_open
data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.h:2038:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef union _TXTRecordRef_t { char PrivateData[16]; char *ForceNaturalAlignment; } TXTRecordRef;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/dns_sd.h:2427:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char assert0[(sizeof(union _TXTRecordRef_t) == 16) ? 1 : -1];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c:235:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[10];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c:238:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%c", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/debug.c:240:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "\\%o", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:1000:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char pbuf[10];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:1003:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(pbuf, "%c", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:1005:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(pbuf, "\\%o", ch);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char erbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:53:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			startoff = (regoff_t)atoi(optarg);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:56:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			endoff = (regoff_t)atoi(optarg);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:129:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char inbuf[1000];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:131:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *f[MAXF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char erbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:187:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(erbuf) != (int)REG_BADPAT) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:215:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *should[NSHOULD];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:217:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char erbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:223:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char f0copy[1000];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:224:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char f2copy[1000];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:413:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char grump[500];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:428:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(grump, "start %ld end %ld", (long)sub.rm_so,
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:441:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(grump, "start %ld end %ld, past end of string",
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:452:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(grump, "matched `%.*s'", len, p);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:458:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(grump, "matched `%.*s' instead", len, p);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:471:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(grump, "matched null at `%.20s'", p);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:485:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char epbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:501:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char efbuf[100];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:509:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	return(atoi(efbuf));
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:35:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char nuls[10];		/* place to point scanner in event of error */
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:845:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bracket[3];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:891:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bracket[4];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:74:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char convbuf[50];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:87:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf(convbuf, "REG_0x%x", target);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:124:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(localbuf, "%d", r->code);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regexec.c:75:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define	ASSIGN(d, s)	memcpy(d, s, m->g->nstates)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:155:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:158:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fields[MNF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:161:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		for (n = atoi(argv[3]); n > 0; n--) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:165:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		for (n = atoi(argv[3]); n > 0; n--) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:187:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fields[NF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:213:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fi[RNF];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[512];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:281:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *fields[RNF+1];
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/utils.h:21:26:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define	memmove(d, s, c)	bcopy(s, d, c)
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1095:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr = device_id + strlen(device_id);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1112:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((ptr = value + strlen(value) - 1) > value && *ptr == ')')
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1192:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char *valptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/backend/dnssd.c:1210:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr = device_id + strlen(device_id);
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:103:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		 uri + strlen(uri) - 1);
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:131:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((length = read(devparportfd, device_id, (size_t)device_id_size - 1)) >= 2)
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:309:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!_cups_strncasecmp(mdl, mfg, strlen(mfg)))
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:311:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      mdl += strlen(mfg);
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:377:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!mfg || !_cups_strncasecmp(mdl, mfg, strlen(mfg)))
data/cups-2.3.3op1~106-ga72b0140e/backend/ieee1284.c:410:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(des) >= 8)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:687:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    else if ((bytes = read(0, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1651:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:1845:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	         (bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2852:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(phone) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:2868:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(ptr) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3046:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3053:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3120:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0, valptr = value; i < count; i ++, valptr += strlen(valptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3574:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      remptr    += strlen(remptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3587:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	addptr    += strlen(addptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3605:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	remptr    += strlen(remptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3625:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	remptr    += strlen(remptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/ipp.c:3641:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	addptr    += strlen(addptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:427:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
             (bytes = read(0, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1011:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cptr = control + strlen(control);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1019:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cptr   += strlen(cptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1026:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      cptr   += strlen(cptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1049:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (lpd_command(fd, "\002%d cfA%03d%.15s\n", (int)strlen(control),
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1058:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      (unsigned)strlen(control));
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1060:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1060:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1068:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(fd, &status, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1116:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((nbytes = read(print_fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1182:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (lpd_command(fd, "\002%d cfA%03d%.15s\n", (int)strlen(control),
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1191:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      (unsigned long)strlen(control));
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1193:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1193:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((size_t)lpd_write(fd, control, strlen(control) + 1) < (strlen(control) + 1))
data/cups-2.3.3op1~106-ga72b0140e/backend/lpd.c:1200:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read(fd, &status, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:181:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    for (dataptr = data + strlen(data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:183:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	         count --, dataptr += strlen(dataptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:187:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            data + strlen(data) + 1);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:222:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      datalen = (int)strlen(data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:229:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:235:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:253:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:262:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:267:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:272:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:277:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            datalen += (int)strlen(dataptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:331:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      datalen = (int)strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/network.c:342:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  datalen = (int)strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:68:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((print_bytes = read(print_fd, print_buffer,
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:273:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((bc_bytes = read(device_fd, bc_buffer, sizeof(bc_buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/runloop.c:296:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((print_bytes = read(print_fd, print_buffer,
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:245:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:700:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp-supplies.c:745:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:725:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    uriptr += strlen(uriptr);
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1041:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	     strlen(device->id) < packet.object_value.string.num_bytes))
data/cups-2.3.3op1~106-ga72b0140e/backend/snmp.c:1187:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ifname[strlen(ifname) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:286:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    else if ((bytes = read(0, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/socket.c:482:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((bytes = read(device_fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:269:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    write(1, buffer, strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:280:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  write(1, buffer, strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:306:4:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	  usleep(10000);
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:321:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	write(1, buffer, strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/testbackend.c:397:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(1, data, strlen(data));
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:665:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	g.print_bytes = read(print_fd, print_buffer, g.debug_bytes);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:668:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	g.print_bytes = read(print_fd, print_buffer, sizeof(print_buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2193:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(1000);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2413:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(g.print_fd, buffer, sizeof(buffer)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-darwin.c:2457:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *datalen = (int)strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:437:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	g.print_bytes = read(print_fd, print_buffer, sizeof(print_buffer));
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1348:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  mfglen = strlen(mfg);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1751:2:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	usleep(1000000 * timeleft.tv_sec + timeleft.tv_usec);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1840:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    datalen = strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-libusb.c:1952:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read(g.print_fd, buffer, sizeof(buffer)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/backend/usb-unix.c:584:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  datalen = strlen(data);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c:69:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (params = line + strlen(line) - 1; params >= line;)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpc.c:152:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  slen = strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:94:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:113:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpq.c:164:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:82:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:101:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:125:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:154:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:205:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:249:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:278:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lpr.c:398:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
           (bytes = read(0, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:79:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:103:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/berkeley/lprm.c:122:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:512:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (*ptr || ptr == name || strlen(name) > 127)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:695:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (*ptr || ptr == name || strlen(name) > 127)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:845:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strncmp(attr->values[0].string.text, var, strlen(var)) == 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1157:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uriptr = uri + strlen(uri);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:1581:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:2949:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      units = option->defchoice + strlen(option->defchoice) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3593:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          integer = (long)strlen(val);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3621:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3675:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    integer = (long)strlen(val);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/admin.c:3708:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:973:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = text + strlen(text);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/help-index.c:1090:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      ptr += strlen(ptr) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:86:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = getc(in)) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:88:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      getc(in);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:95:34:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      for (nameptr = name; (ch = getc(in)) != EOF;)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:594:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				  strlen(command_file));
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:968:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      nameptr = name + strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1048:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/ipp-var.c:1159:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      valptr += strlen(valptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:59:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  slen = strlen(query) * 3;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:164:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      wlen = (size_t)(sptr - s) + 2 * 4 * wlen + 2 * strlen(prefix) + 11;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:166:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        wlen += strlen(lword);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:198:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      memcpy(sptr, prefix, strlen(prefix) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:199:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:242:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(sptr, lword2, strlen(lword2) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:243:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:248:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memcpy(sptr, lword, strlen(lword) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/search.c:249:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:233:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = getc(in)) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:244:28:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      for (s = name; (ch = getc(in)) != EOF;)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:453:26:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	for (s = compare; (ch = getc(in)) != EOF;)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:461:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:470:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    while ((ch = getc(in)) != EOF && ch != '}')
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:498:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            s += strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:501:19:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    *s++ = (char)getc(in);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:607:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        putc(getc(in), out);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/template.c:609:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        getc(in);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:726:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (data == NULL || strlen(data) == 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:769:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  blen = strlen(bstring);
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:818:15:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((ch = getchar()) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:859:15:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((ch = getchar()) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:944:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (ptr = mimetype + strlen(mimetype) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:996:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((nbytes = read(0, data + tbytes, (size_t)(length - tbytes))) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cgi-bin/var.c:1226:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cupsHashData("md5", (unsigned char *)buffer, strlen(buffer), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/adminutil.c:237:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        value = line + strlen(line);
data/cups-2.3.3op1~106-ga72b0140e/cups/array.c:179:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:168:128:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (schemedata = cups_auth_scheme(www_auth, scheme, sizeof(scheme)); schemedata; schemedata = cups_auth_scheme(schemedata + strlen(scheme), scheme, sizeof(scheme)))
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:273:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      httpEncode64_2(encode, sizeof(encode), http->userpass, (int)strlen(http->userpass));
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:519:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t	schemelen = strlen(scheme);	/* Length of scheme */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:594:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t	namelen = strlen(name);		/* Name length */
data/cups-2.3.3op1~106-ga72b0140e/cups/auth.c:862:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  token.length = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/cups/backchannel.c:78:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return (read(3, buffer, bytes));
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:402:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:434:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:493:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += (int)strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:498:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:523:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += (int)strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:528:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:538:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += (int)strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/debug.c:543:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:280:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            return (strlen(value) <= (size_t)attr->values[0].integer);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:295:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int_value = (int)strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:306:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
          if (sscanf(value, "%dx%d%15s", &xres_value, &yres_value, temp) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:308:17:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
            if (sscanf(value, "%d%15s", &xres_value, temp) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1545:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bufptr += strlen(mname);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1551:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(mname);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1633:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1653:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1669:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:1939:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((nameptr = name + strlen(name) - 8) <= name || strcmp(nameptr, "-default"))
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2681:10:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    if (sscanf(value, "%dx%d%15s", &xres_value, &yres_value, temp) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest-options.c:2683:12:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	      if (sscanf(value, "%d%15s", &xres_value, temp) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:3067:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((ptr = value + strlen(value) - 1) > value && *ptr == ')')
data/cups-2.3.3op1~106-ga72b0140e/cups/dest.c:4312:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c:534:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  memmove(sep, sep + 1, strlen(sep));
data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c:635:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          ippSetOctetString(ipp, &attr, i, val, (int)strlen(val));
data/cups-2.3.3op1~106-ga72b0140e/cups/encode.c:811:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      namelen = (int)strlen(option->name);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:818:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ptr += strlen(ptr) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:1585:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bytes = (ssize_t)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2496:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	  if (read(fp->fd, trailer + tbytes, sizeof(trailer) - (size_t)tbytes) < ((ssize_t)sizeof(trailer) - tbytes))
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2708:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      total = (ssize_t)read(fp->fd, buf, (unsigned)bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/file.c:2713:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      total = read(fp->fd, buf, bytes);
data/cups-2.3.3op1~106-ga72b0140e/cups/getputfile.c:399:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:138:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return ((int)(offsetof(struct sockaddr_un, sun_path) + strlen(addr->un.sun_path) + 1));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:210:12:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    mask = umask(0);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:222:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(mask);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:574:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:581:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:594:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:604:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:608:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:717:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cg->hostent.h_length    = (int)strlen(name) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:872:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local"))
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addr.c:872:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local"))
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:584:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
data/cups-2.3.3op1~106-ga72b0140e/cups/http-addrlist.c:604:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:357:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:516:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cupsHashData("md5", (unsigned char *)data, strlen(data), md5sum, sizeof(md5sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:679:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (httpEncode64_2(out, 512, in, (int)strlen(in)));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:838:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  if (sscanf(s, "%*s%d%15s%d%d:%d:%d", &day, mon, &year, &hour, &min, &sec) < 6)
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1285:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char *resptr = resource + strlen(resource);
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1404:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1409:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1414:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashsize = (size_t)cupsHashData(hashalg, (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1434:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1439:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:1444:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hashsize = (size_t)cupsHashData("md5", (unsigned char *)temp, strlen(temp), hash, sizeof(hash));
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2406:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (hostptr = hostTarget + strlen(hostTarget) - 7) > hostTarget &&
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2430:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2672:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	   (hostptr = hostTarget + strlen(hostTarget) - 6) > hostTarget &&
data/cups-2.3.3op1~106-ga72b0140e/cups/http-support.c:2696:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2475:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:2475:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3591:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr   = temp + strlen(temp) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3609:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  valuelen = strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:3619:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fieldlen = strlen(http->fields[field]);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4033:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  start = line + strlen(line);
data/cups-2.3.3op1~106-ga72b0140e/cups/http.c:4829:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (http_write(http, header, strlen(header)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:739:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        valuelen = strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-file.c:741:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (value[0] == '<' && value[strlen(value) - 1] == '>')
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:703:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          bufptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:761:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bufptr += strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:804:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bufptr += strlen(val->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:853:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          bufptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-support.c:2549:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(attr->name) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:96:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    tempptr = temp + strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp-vars.c:118:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dstptr += strlen(dstptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1095:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes = (ssize_t)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:1155:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4370:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes = (ssize_t)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:4432:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5049:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(attr->values[i].string.text) > (IPP_MAX_URI - 1))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5051:173:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad URI value \"%s\" - bad length %d (RFC 8011 section 5.1.6)."), attr->name, attr->values[i].string.text, (int)strlen(attr->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5147:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(attr->values[i].string.text) > (IPP_MAX_LANGUAGE - 1))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5149:185:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad naturalLanguage value \"%s\" - bad length %d (RFC 8011 section 5.1.9)."), attr->name, attr->values[i].string.text, (int)strlen(attr->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5192:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(attr->values[i].string.text) > (IPP_MAX_MIMETYPE - 1))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5194:184:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ipp_set_error(IPP_STATUS_ERROR_BAD_REQUEST, _("\"%s\": Bad mimeMediaType value \"%s\" - bad length %d (RFC 8011 section 5.1.10)."), attr->name, attr->values[i].string.text, (int)strlen(attr->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5418:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((n = (int)strlen(attr->name)) > (IPP_BUF_SIZE - 8))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5457:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((n = (int)strlen(attr->name)) > (IPP_BUF_SIZE - 12))
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5649:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n = (int)strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5890:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += (int)strlen(value->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5893:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    n += (int)strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5922:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    n = (int)strlen(value->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:5938:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    n = (int)strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6467:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes += strlen(attr->name);	/* Name */
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6506:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bytes += strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6531:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bytes += strlen(value->string.language);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6534:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bytes += strlen(value->string.text);
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6669:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return ((ssize_t)read(*fd, buffer, (unsigned)length));
data/cups-2.3.3op1~106-ga72b0140e/cups/ipp.c:6671:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return (read(*fd, buffer, length));
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:63:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/langprintf.c:284:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      charset = new_lc_time + strlen(new_lc_time);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:177:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  switch (strlen(locale))
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:287:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen(apple_language_locale[i].language);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:717:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(langname) != 2 && strlen(langname) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:717:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(langname) != 2 && strlen(langname) != 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1057:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(m->str ? m->str : m->msg);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1058:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptrlen = strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/language.c:1538:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						(CFIndex)strlen(filename), false);
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:40:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:74:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/md5passwd.c:84:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cupsHashData("md5", (unsigned char *)line, strlen(line), sum, sizeof(sum));
data/cups-2.3.3op1~106-ga72b0140e/cups/options.c:307:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((ptr = copyarg + strlen(copyarg) - 1) > copyarg && *ptr == '}')
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-attr.c:305:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (bufptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:102:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      attr = ippAddOctetString(request, IPP_TAG_OPERATION, "job-password", password, (int)strlen(password));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:113:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hashlen = cupsHashData(keyword, password, strlen(password), hash, sizeof(hash))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:184:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ippAddOctetString(request, IPP_TAG_JOB, mandatory, keyword, (int)strlen(keyword));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:633:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(value, "%127s%40s", pwg_keyword, ppd_keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:694:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(value, "%127s%40s%d%d%d%d%d%d", pwg_keyword, ppd_keyword,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:771:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(value, "%127s%40s", pwg_keyword, ppd_keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-cache.c:820:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(value, "%127s%40s", pwg_keyword, ppd_keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:140:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(attr->value, "%f%16s%41s%40s", &aorder, asection, amain,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:321:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buflength = strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:682:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  bufsize += strlen(cparam->current.custom_string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:706:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufsize += 23 + strlen(choices[i]->option->keyword) + 6;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:732:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  bufsize += 4 * strlen(cparam->current.custom_string);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:738:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufsize += 17 + strlen(choices[i]->option->keyword) + 1 +
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:739:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	           strlen(choices[i]->choice) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:747:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufsize += strlen(choices[i]->code) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:749:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufsize += strlen(ppd_custom_code);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:772:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 0, bufptr = buffer; i < count; i ++, bufptr += strlen(bufptr))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:828:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:837:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:857:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:988:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1011:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1033:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1048:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1066:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1071:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j = (int)strlen(choices[i]->code);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1081:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-emit.c:1089:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:381:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    schemelen = strlen(scheme);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd-localize.c:708:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(ll_CC) == 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:577:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ll_CC_len = strlen(ll_CC);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:578:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ll_len    = strlen(ll);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:653:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  string ? (int)strlen(string) : 0));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1007:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
          sscanf(string, "%d%32s%64s%64s", &corder, ctype, cminimum,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1240:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        temp = realloc(ppd->patches, strlen(ppd->patches) +
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1241:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	                             strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1251:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(ppd->patches + strlen(ppd->patches), string, strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1251:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(ppd->patches + strlen(ppd->patches), string, strlen(string) + 1);
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1271:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      DEBUG_printf(("2_ppdOpen: name=\"%s\" (%d)", name, (int)strlen(name)));
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1276:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = (int)strlen(name) - 1; i > 0 && _cups_isspace(name[i]); i --)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1618:20:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (!sptr || sscanf(sptr, "%40s%40s", name, keyword) != 2)
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:1774:15:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      switch (sscanf(string, "%40s%40s%40s%40s", constraint->option1,
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:2770:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (pg->ppd_conform == PPD_CONFORM_STRICT && strlen(text) >= sizeof(group->text))
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:3380:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strptr = lineptr + strlen(lineptr) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/ppd.c:3459:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(attr->value, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:358:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uptr += strlen(uptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:361:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uptr += strlen(uptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:522:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      (suffix = name + strlen(name) - 10 /* .FullBleed */) > name &&
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:709:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      units = ptr + strlen(ptr) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cups/pwg-media.c:855:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       units = ptr + strlen(ptr) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:321:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((count = read(fd, buf, (unsigned)bytes)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/raster-stubs.c:323:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((count = read(fd, buf, bytes)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/request.c:218:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      while ((bytes = read(infile, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:177:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((bytes = read(CUPS_SC_FD, buffer, _CUPS_SC_MAX_BUFFER)) < 0)
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:325:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           (int)strlen(oid) + 1, timeout))
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:350:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    real_oidlen  = (int)strlen(real_data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:434:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  oidlen      = strlen(oid);
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:444:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             current_oid, (int)strlen(current_oid) + 1, timeout))
data/cups-2.3.3op1~106-ga72b0140e/cups/sidechannel.c:484:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      real_oidlen  = strlen(real_data) + 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:280:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       src ++, dstptr += strlen(dstptr))
data/cups-2.3.3op1~106-ga72b0140e/cups/snmp.c:1141:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  commlen = (unsigned)strlen(packet->community);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:85:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:117:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:175:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    templen = strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:206:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    templen = strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:230:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    templen = strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/cups/snprintf.c:271:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (int)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:106:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  slen = strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:222:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (tempptr = temp + strlen(temp) - 1;
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:233:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    declen = (int)strlen(dec);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:271:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bufptr = buf + strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:446:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      tempptr += strlen(tempptr);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:555:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len    = (strlen(item->str) + 8) & (size_t)~7;
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:606:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  slen = strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:692:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  dstlen = strlen(dst);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:703:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  srclen = strlen(src);
data/cups-2.3.3op1~106-ga72b0140e/cups/string.c:739:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  srclen = strlen(src);
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:283:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      i = (int)strlen(dent->filename) - 2;
data/cups-2.3.3op1~106-ga72b0140e/cups/testarray.c:532:10:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  while (fscanf(fp, "%255s", word) == 1)
data/cups-2.3.3op1~106-ga72b0140e/cups/testdest.c:554:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(name, "%lfx%lf%31s", &dw, &dl, units) == 3)
data/cups-2.3.3op1~106-ga72b0140e/cups/testfile.c:754:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0; i < (int)strlen(partial_line); i ++)
data/cups-2.3.3op1~106-ga72b0140e/cups/testhttp.c:303:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     (int)strlen(base64_tests[i][0]));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:275:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)len != strlen((char *)utf8latin))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:277:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8latin));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:326:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)len != strlen((char *)utf8greek))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:328:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8greek));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:372:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)len != strlen((char *)utf8japan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:374:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8japan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:419:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)len != strlen((char *)utf8japan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:421:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8japan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:466:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)len != strlen((char *)utf8taiwan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:468:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8taiwan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:512:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((size_t)len != strlen((char *)utf8taiwan))
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:514:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("FAIL (len=%d, expected %d)\n", len, (int)strlen((char *)utf8taiwan));
data/cups-2.3.3op1~106-ga72b0140e/cups/testi18n.c:547:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (len != strlen ((char *) utf8good))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:798:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(argv[i]) > 5 && !strcmp(argv[i] + strlen(argv[i]) - 5, ".test"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:798:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(argv[i]) > 5 && !strcmp(argv[i] + strlen(argv[i]) - 5, ".test"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:810:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if (strlen(argv[i]) > 4 && !strcmp(argv[i] + strlen(argv[i]) - 4, ".hex"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testipp.c:810:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if (strlen(argv[i]) > 4 && !strcmp(argv[i] + strlen(argv[i]) - 4, ".hex"))
data/cups-2.3.3op1~106-ga72b0140e/cups/testlang.c:247:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buflen = strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:427:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      printf("FAIL (%d bytes instead of %d)\n", s ? (int)strlen(s) : 0,
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:428:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	     (int)strlen(default_code));
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:447:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      printf("FAIL (%d bytes instead of %d)\n", s ? (int)strlen(s) : 0,
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:448:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	     (int)strlen(custom_code));
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:851:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      printf("FAIL (%d bytes instead of %d)\n", s ? (int)strlen(s) : 0,
data/cups-2.3.3op1~106-ga72b0140e/cups/testppd.c:852:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	     (int)strlen(default2_code));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:891:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1588:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1593:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1637:6:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	    usleep(1000);		/* in 1 millisecond */
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-darwin.c:1789:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:148:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(language->language) == 5)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:155:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                common_name, strlen(common_name));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:157:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                common_name, strlen(common_name));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:171:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, common_name, (unsigned)strlen(common_name), GNUTLS_FSAN_SET);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:181:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, localname, (unsigned)strlen(localname), GNUTLS_FSAN_APPEND);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:192:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        gnutls_x509_crt_set_subject_alt_name(crt, GNUTLS_SAN_DNSNAME, alt_names[i], (unsigned)strlen(alt_names[i]), GNUTLS_FSAN_APPEND);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:699:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:793:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if ((num_data + strlen(line)) >= alloc_data)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1041:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  else if ((num_data + strlen(line)) >= alloc_data)
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1087:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bufptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1355:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-gnutls.c:1360:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    status = gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, hostname, strlen(hostname));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:385:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:960:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:1249:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/cups-2.3.3op1~106-ga72b0140e/cups/tls-sspi.c:2302:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (ptr = buffer + strlen(buffer) - 1; ptr >= buffer; ptr --)
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:105:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return ((int)strlen((char *)dest));
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:164:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    srclen       = strlen(src);
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:226:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return ((int)strlen(dest));
data/cups-2.3.3op1~106-ga72b0140e/cups/transcode.c:293:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    srclen       = strlen((char *)src);
data/cups-2.3.3op1~106-ga72b0140e/cups/usersys.c:852:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((passbytes = read(tty, &passch, 1)) == 1)
data/cups-2.3.3op1~106-ga72b0140e/filter/common.c:465:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = 5 + (int)strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2045:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  doc_write(doc, s, strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/filter/pstops.c:2153:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  if (sscanf(line + 17, "%254s%254s", name, value) != 2)
data/cups-2.3.3op1~106-ga72b0140e/locale/checkpo.c:118:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      idfmt = msg->msg + strlen(msg->msg) - 1;
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:209:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t ptrlen = strlen(ptr);	/* Length of string */
data/cups-2.3.3op1~106-ga72b0140e/locale/po2strings.c:211:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length = strlen(msgstr ? msgstr : msgid);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:118:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t linelen = strlen(line);	/* Length of line */
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:816:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(anchor, line + 4, sizeof(anchor) - 1);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:837:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      lineptr = line + strlen(line) - 1;
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:843:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  lineptr = line + strlen(line) - 2;
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:946:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(name, s, sizeof(name) - 1);
data/cups-2.3.3op1~106-ga72b0140e/man/mantohtml.c:1180:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(temp, s, sizeof(temp) - 1);
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:175:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((ch = getc(fp)) == EOF)
data/cups-2.3.3op1~106-ga72b0140e/monitor/bcp.c:184:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ch = getc(fp);
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:164:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((ch = getc(fp)) == EOF)
data/cups-2.3.3op1~106-ga72b0140e/monitor/tbcp.c:173:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ch = getc(fp);
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:433:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    reasons_length += 1 + strlen(ippGetString(attr, i, NULL));
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:444:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p += strlen(p);
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:505:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  reasons_length += 1 + strlen(ippGetString(attr, i, NULL));
data/cups-2.3.3op1~106-ga72b0140e/notifier/dbus.c:516:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  p += strlen(p);
data/cups-2.3.3op1~106-ga72b0140e/notifier/rss.c:696:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((e = malloc(bytes + 1 + strlen(s))) == NULL)
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-catalog.cxx:95:98:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)pofile, (CFIndex)strlen(pofile), false);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:456:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:468:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:480:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1175:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                	   strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1190:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                	   strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1205:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                	   strlen(manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-driver.cxx:1317:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        	 (int)((size_t)cupsFileTell(fp) + 25 + strlen(pc_file_name->value)),
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:94:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     strlen(ppd->manufacturer)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-import.cxx:96:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr = ppd->modelname + strlen(ppd->manufacturer);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:174:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr = temp + strlen(temp) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1763:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  commptr = command + strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1769:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    commptr += strlen(commptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1776:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    commptr += strlen(commptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:1783:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    commptr += strlen(commptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2002:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2012:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-source.cxx:2306:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = (int)strlen(s);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc-string.cxx:28:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t vlen = strlen(v);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:164:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:214:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:220:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:226:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdc.cxx:312:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	                   strlen(d->manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/ppdc/ppdmerge.cxx:329:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    vlen = strlen(languages[i].version);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:201:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ifptr = ifname + strlen(ifname) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:229:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  temp.mask.name.length = strlen(temp.mask.name.name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:760:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len                = (int)strlen(authorization) + 0;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:865:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(authorization, "%255s", scheme) != 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1416:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((uriptr = uri + strlen(uri) - 1) > uri && *uriptr == '/')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1426:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uriptr = uri + strlen(uri) - 4; /* len > 4 if we get here... */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1622:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hostlen = strlen(hostname);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/auth.c:1882:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  temp->length = strlen(temp->location);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/banners.c:93:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dent->filename[strlen(dent->filename) - 1] == '~')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cert.c:247:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write(fd, cert->certificate, strlen(cert->certificate));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2033:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t length = strlen(message);	/* Length of message */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2136:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      auth_key  = auth_str + strlen(auth_str);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2358:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  else if ((bytes = read(con->file, con->header + con->header_used, (size_t)bytes)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2715:145:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if ((!strncmp(con->uri, "/ppd/", 5) || !strncmp(con->uri, "/printers/", 10) || !strncmp(con->uri, "/classes/", 9)) && !strcmp(con->uri + strlen(con->uri) - 4, ".ppd"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2718:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dest[strlen(dest) - 4] = '\0'; /* Strip .ppd */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2752:147:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if ((!strncmp(con->uri, "/icons/", 7) || !strncmp(con->uri, "/printers/", 10) || !strncmp(con->uri, "/classes/", 9)) && !strcmp(con->uri + strlen(con->uri) - 4, ".png"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2755:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dest[strlen(dest) - 4] = '\0'; /* Strip .png */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2821:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (!strncmp(con->uri, "/strings/", 9) && !strcmp(con->uri + strlen(con->uri) - 8, ".strings"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2824:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dest[strlen(dest) - 8] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2925:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (con->uri[strlen(con->uri) - 1] != '/')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:2955:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr  = filename + strlen(filename);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/client.c:3266:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      commptr = argbuf + strlen(argbuf);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:307:105:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    url = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (const UInt8 *)iccfile, (CFIndex)strlen(iccfile), false);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1033:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  idstrlen = strlen(printer_name) + 1 + strlen(qualifier) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/colorman.c:1033:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  idstrlen = strlen(printer_name) + 1 + strlen(qualifier) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:218:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  namelen = strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:442:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  token.length = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1213:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
data/cups-2.3.3op1~106-ga72b0140e/scheduler/conf.c:1813:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    maskval = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:624:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (line[strlen(line) - 1] == '\n')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-deviced.c:625:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    line[strlen(line) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1190:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    make_and_model_len = strlen(make_and_model);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1195:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    product_len = strlen(product);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1639:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen(d->manufacturer->value)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1777:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scheme_end = scheme + strlen(scheme) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1804:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	scheme_end = scheme + strlen(scheme) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1849:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (sscanf(line, "\"%255[^\"]\"%127s%*[ \t]\"%127[^\"]\""
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1860:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (line[strlen(line) - 1] == '\n')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1861:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    line[strlen(line) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:1907:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        ptr = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2026:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      sscanf(line, "%*[^:]:%63s", lang_encoding);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2028:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      sscanf(line, "%*[^:]:%63s", lang_version);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2036:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (device_id[0] && device_id[strlen(device_id) - 1] != ';')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2049:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = product + strlen(product) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2175:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!_cups_strncasecmp(make_model, manufacturer, strlen(manufacturer)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-driverd.cxx:2450:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if ((ptr = filename + strlen(filename) - 14) > filename &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-exec.c:139:3:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
  umask(077);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:854:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(line) < 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:875:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen(name) < 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:919:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if (strlen(name) < 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1588:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = getc(fp)) != EOF)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cups-lpd.c:1598:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ch = getc(fp);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:232:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		  if (sscanf(argv[i], "%15[^/]/%255s", super, type) != 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:260:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
		  if (sscanf(argv[i], "%15[^/]/%255s", super, type) != 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:398:5:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    sscanf(srctype, "%15[^/]/%255s", super, type);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:416:3:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  sscanf(dsttype, "%15[^/]/%255s", super, type);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:556:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  if (sscanf(filter, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:566:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(filter, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type, &cost,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:763:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes += 2 * (strlen(option->name) + strlen(option->value)) + 2;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:763:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes += 2 * (strlen(option->name) + strlen(option->value)) + 2;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/cupsfilter.c:781:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sptr += strlen(sptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:317:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hostptr = hostname + strlen(hostname) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:395:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((ptr = DNSSDHostName + strlen(DNSSDHostName) - 1) >= DNSSDHostName && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:544:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(keyvalue[i][1]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1057:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ptr = name + strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1220:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (p->info && strlen(p->info) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/dirsvc.c:1613:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/env.c:254:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 0, namelen = strlen(name); i < num_common_env; i ++)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:846:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(resource, "/classes/", 9) || strlen(resource) == 9)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:2239:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(resource, "/printers/", 10) || strlen(resource) == 10)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4149:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(attrname) > 2 && attrname[2] == '-')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4163:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (access(filename, 0) && strlen(attrname) > 2)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4535:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((bytes = read(temppipe[0], buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:4895:93:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ippAddOctetString(con->response, IPP_TAG_PRINTER, "printer-alert", printer->alert, (int)strlen(printer->alert));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5625:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (!strncmp(resource, "/printers", 9) && strlen(resource) <= 10)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:5630:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (!strncmp(resource, "/classes", 8) && strlen(resource) <= 9)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6520:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (!strncmp(resource, "/printers", 9) && strlen(resource) <= 10)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:6527:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  else if (!strncmp(resource, "/classes", 8) && strlen(resource) <= 9)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7720:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (!strncmp(resource, "/jobs", 5) && strlen(resource) <= 6) ||
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7721:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (!strncmp(resource, "/printers", 9) && strlen(resource) <= 10) ||
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:7722:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (!strncmp(resource, "/classes", 8) && strlen(resource) <= 9))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9464:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	httpEncode64_2(line, sizeof(line), auth_info->values[i].string.text, (int)strlen(auth_info->values[i].string.text));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9495:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    httpEncode64_2(line, sizeof(line), auth_info->values[0].string.text, (int)strlen(auth_info->values[0].string.text));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9501:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    httpEncode64_2(line, sizeof(line), auth_info->values[1].string.text, (int)strlen(auth_info->values[1].string.text));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9513:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    httpEncode64_2(line, sizeof(line), con->username, (int)strlen(con->username));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:9522:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    httpEncode64_2(line, sizeof(line), con->password, (int)strlen(con->password));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:10825:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    namelen = strlen(attr->name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/ipp.c:11075:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bufptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:937:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  switch (strlen(attr->values[0].string.text))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:995:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      psrlen += strlen(job->printer->reasons[i]) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1011:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	psrptr += strlen(psrptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:1599:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(dent->filename) >= 6 && dent->filename[0] == 'c' && dent->fileinfo.st_mtime > fileinfo.st_mtime)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3029:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr = temp + strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3042:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3872:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    newlength += 1 + strlen(pwgppd->name) + 1 + strlen(pwgppd->value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3872:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    newlength += 1 + strlen(pwgppd->name) + 1 + strlen(pwgppd->value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:3998:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4094:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4106:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4109:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    optptr += strlen(optptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4170:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bytes += strlen(attr->name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4172:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bytes += (size_t)attr->num_values * strlen(attr->name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4241:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bytes += 2 * strlen(attr->values[i].string.text) + 2;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4473:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(value, "%d%*[ \t]%15[^/]/%255s%d", &number, super, type,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/job.c:4614:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(dent->filename) >= 6 && dent->filename[0] == 'c')
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:154:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (logptr = logname, ptr = filename + strlen(filename);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:171:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:204:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (!strncmp(filename, CUPS_LOGDIR, strlen(CUPS_LOGDIR)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:602:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t         log_len = strlen(log_line);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:793:3:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  sscanf(page, "%255s%d", number, &copies);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:810:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:815:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:820:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:825:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:830:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:835:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:889:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:894:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:908:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/log.c:929:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			bufptr += strlen(bufptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:336:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(ConfigurationFile) + 15;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/main.c:584:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:314:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(dent->filename) > 6 &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:315:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        !strcmp(dent->filename + strlen(dent->filename) - 6, ".convs"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:386:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(dent->filename) > 6 &&
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:387:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        !strcmp(dent->filename + strlen(dent->filename) - 6, ".types"))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:703:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (lineptr = line + strlen(line) - 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:889:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    linelen = strlen(line);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/mime.c:898:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        linelen += strlen(line + linelen);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/network.c:174:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hostlen = strlen(hostname);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1030:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          if ((valueptr = strchr(line + strlen(ServerBin), ':')) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1655:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = 0, ptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1663:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1714:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = 0, ptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1722:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1734:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = 0, ptr = value + strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1742:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1794:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = values + strlen(values);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:1968:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      slash = start + strlen(start);	/* No slash, point to the end */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2236:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        supply = ippAddOctetString(p->attrs, IPP_TAG_PRINTER, "printer-supply", buffer, (int)strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:2238:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ippSetOctetString(p->attrs, &supply, i, buffer, (int)strlen(buffer));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3488:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  if (sscanf(filter, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3505:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(filter, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type, &cost,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3748:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pdl[strlen(pdl) - 1] = '\0';	/* Remove trailing comma */
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:3994:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    "job-password-supported", (int)strlen(p->pc->password));
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4852:109:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      outUrl      = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)outPath, (CFIndex)strlen(outPath), FALSE);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4853:117:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      icnsFileUrl = CFURLCreateFromFileSystemRepresentation(kCFAllocatorDefault, (UInt8 *)ppd_attr->value, (CFIndex)strlen(ppd_attr->value), FALSE);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/printers.c:4984:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 !strcmp(p->device_uri + strlen(p->device_uri) - 5, "/cups")))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:761:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(077);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/process.c:822:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/statbuf.c:129:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((bytes = read(sb->fd, sb->buffer + sb->bufused, (size_t)(CUPSD_SB_BUFFER_SIZE - sb->bufused - 1))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/sysman.c:822:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while (read((int)SysEventPipes[0], &sysevent, sizeof(sysevent))
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:202:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:210:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read(infd, &status, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:291:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bytes = (ssize_t)strlen(control);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:313:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read(infd, command, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:339:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:355:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read(infd, command, 1) < 1)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:449:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bytes = (ssize_t)strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:458:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((bytes = read(infd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:492:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bytes = (ssize_t)strlen(command);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testlpd.c:501:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((bytes = read(infd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:121:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      sscanf(argv[i], "%15[^/]/%255s", super, type);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:224:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  if (sscanf(filter, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:234:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(filter, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type, &cost,
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:412:7:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
      strcat(indent, "\t");
data/cups-2.3.3op1~106-ga72b0140e/scheduler/testmime.c:414:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      indent[strlen(indent) - 1] = '\0';
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:125:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  typelen = strlen(type) + 1;
data/cups-2.3.3op1~106-ga72b0140e/scheduler/type.c:452:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length[0]  = (int)strlen(value[0]);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:388:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:425:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/scheduler/util.c:431:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:93:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:122:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cancel.c:144:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c:103:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c:126:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupsaccept.c:145:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:886:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ppd->product[strlen(ppd->product) - 1] != ')')
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:960:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(ppd->shortnickname) > 31)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1387:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (strlen(ppd->pcfilename) > 12)
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1450:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(option->keyword);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1459:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	            len < strlen(option2->keyword) &&
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:1536:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        		ppd->patches == NULL ? 0 : (int)strlen(ppd->patches));
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2358:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        sscanf(attr->value, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type,
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2476:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(attr->value, "%15[^/]/%255s%*[ \t]%15[^/]/%255s%d%*[ \t]%1023[^\n]",
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:2604:2:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	sscanf(attr->value, "%15[^/]/%255s%d%*[ \t]%1023[^\n]", super, type,
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3269:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t ppdlen = strlen(pwg_media->ppd);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3283:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  ppdlen = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3289:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          strlcat(buf, ".Fullbleed", sizeof(buf) - strlen(buf));
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3296:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t buflen = strlen(buf);/* Length of full bleed name */
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3375:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          size_t	buflen = strlen(buf);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3388:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    altlen = strlen(altbuf);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3444:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      langlen = (int)strlen(language);
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3552:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				ckeyword + 1 + strlen(language),
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3584:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    ckeyword + 1 + strlen(language),
data/cups-2.3.3op1~106-ga72b0140e/systemv/cupstestppd.c:3601:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    ckeyword + 1 + strlen(language),
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:106:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:128:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:175:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:195:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:215:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:268:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:296:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:319:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:360:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:379:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:399:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:442:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:463:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:482:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lp.c:618:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
           (bytes = read(0, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:105:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:147:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:184:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:205:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:274:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:294:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:314:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:361:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:409:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:432:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:451:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:481:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:514:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:545:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpadmin.c:577:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpinfo.c:200:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpmove.c:77:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:76:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:122:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:181:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:199:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:261:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:281:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:370:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:403:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             ptr = buffer + strlen(buffer);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:451:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpoptions.c:464:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:122:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:141:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:171:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:207:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:282:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:296:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:324:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:347:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:437:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:456:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        opt += strlen(opt) - 1;
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1485:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      aptr += strlen(aptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1822:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      aptr += strlen(aptr);
data/cups-2.3.3op1~106-ga72b0140e/systemv/lpstat.c:1942:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  aptr += strlen(aptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippevepcl.c:284:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:1755:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cupsHashData("sha2-256", (unsigned char *)uuid_data, strlen(uuid_data), sha256, sizeof(sha256));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2614:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if ((bytes = read(infile, buffer, sizeof(buffer))) < 0 &&
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2824:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  end   = s + (slen > 0 ? slen : strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:2978:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3010:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3074:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            httpWrite2(client->http, temp, strlen(temp));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3098:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            httpWrite2(client->http, temp, strlen(temp));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3107:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            httpWrite2(client->http, temp, strlen(temp));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:3125:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            html_escape(client, s, strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4825:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ptr    = device_id + strlen(device_id);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4846:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4859:110:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", printer_input_tray_color[0], (int)strlen(printer_input_tray_color[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4861:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(attrs, &attr, i, printer_input_tray_color[i], (int)strlen(printer_input_tray_color[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4865:104:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", printer_input_tray[0], (int)strlen(printer_input_tray[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4867:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(attrs, &attr, i, printer_input_tray[i], (int)strlen(printer_input_tray[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4883:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply_color[0], (int)strlen(printer_supply_color[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4885:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(attrs, &attr, i, printer_supply_color[i], (int)strlen(printer_supply_color[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4891:96:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply[0], (int)strlen(printer_supply[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:4893:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(attrs, &attr, i, printer_supply[i], (int)strlen(printer_supply[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5521:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ippSetOctetString(attrs, &attr, i, input_tray, (int)strlen(input_tray));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5523:97:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", input_tray, (int)strlen(input_tray));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5530:94:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-input-tray", printer_input_tray, (int)strlen(printer_input_tray));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5545:102:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply_color[0], (int)strlen(printer_supply_color[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5547:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(attrs, &attr, i, printer_supply_color[i], (int)strlen(printer_supply_color[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5553:96:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    attr = ippAddOctetString(attrs, IPP_TAG_PRINTER, "printer-supply", printer_supply[0], (int)strlen(printer_supply[0]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5555:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(attrs, &attr, i, printer_supply[i], (int)strlen(printer_supply[i]));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:5893:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6079:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6113:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6155:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6197:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:6905:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((bytes = read(mypipe[0], endptr, sizeof(line) - (size_t)(endptr - line) - 1)) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7178:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7193:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7237:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TXTRecordSetValue(&ipp_txt, "ty", (uint8_t)strlen(value), value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7238:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  TXTRecordSetValue(&ipp_txt, "adminurl", (uint8_t)strlen(adminurl), adminurl);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7240:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TXTRecordSetValue(&ipp_txt, "note", (uint8_t)strlen(value), value);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7241:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  TXTRecordSetValue(&ipp_txt, "pdl", (uint8_t)strlen(formats), formats);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7245:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TXTRecordSetValue(&ipp_txt, "UUID", (uint8_t)strlen(value) - 9, value + 9);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7250:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TXTRecordSetValue(&ipp_txt, "URF", (uint8_t)strlen(urf), urf);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7388:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7412:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7478:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(message);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:7880:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ippSetOctetString(printer->attrs, &input_tray, i, tray_str, (int)strlen(tray_str));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8238:93:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          ippSetOctetString(printer->attrs, &supply, ippGetCount(supply), supply_text, (int)strlen(supply_text));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveprinter.c:8240:107:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          supply = ippAddOctetString(printer->attrs, IPP_TAG_PRINTER, "printer-supply", supply_text, (int)strlen(supply_text));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:575:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  bytes = read(fd, buffer, sizeof(buffer));
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:603:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((bytes = read(fd, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:625:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((bytes = read(fd, bufend, sizeof(buffer) - (size_t)bytes)) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:656:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if ((bytes = read(fd, buffer, sizeof(buffer))) <= 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippeveps.c:756:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((bytes = read(fd, buffer, sizeof(buffer))) > 0)
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2026:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  tptr += strlen(tptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2335:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      for (i = 1, count = ippGetCount(attr), ptr = preasons + strlen(preasons),
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2338:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
           i ++, ptr += strlen(ptr))
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2591:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  value = service->host + strlen(service->host) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ippfind.c:2666:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  value = service->host + strlen(service->host) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:447:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	        value = name + strlen(name);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:689:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep((useconds_t)interval);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:698:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep((useconds_t)interval);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:794:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((ptr = ahost + strlen(ahost) - 1) > ahost && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:797:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((ptr = bhost + strlen(bhost) - 1) > bhost && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1025:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(data->delay);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1263:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (status_message && strlen(status_message) > 255)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1264:111:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  add_stringf(data->errors, "status-message (text(255)) has bad length %d (RFC 2911 section 3.1.6.2).", (int)strlen(status_message));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1288:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (detailed_status_message && strlen(detailed_status_message) > 1023)
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1292:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      (int)strlen(detailed_status_message));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:1751:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      widths[i] = strlen(data->displayed[i]);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2028:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (*src == '<' && src[strlen(src) - 1] == '>')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2035:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dstptr = dst + strlen(dst) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2112:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ptr = buffer + strlen(buffer) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2150:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((ptr = hostname + strlen(hostname) - 1) >= hostname && *ptr == '.')
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2290:3:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  read(tty, &key, 1);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:2678:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  print_ippserver_string(data, s, strlen(s));
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3846:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr = temp + strlen(temp);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3852:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ptr      += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3863:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  ptr += strlen(ptr);
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:3889:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr = value + strlen(value) - 1;
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4889:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((withlen = (int)strlen(value)) & 1 || withlen > (int)(2 * (sizeof(withdata) + 1)))
data/cups-2.3.3op1~106-ga72b0140e/tools/ipptool.c:4930:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            withlen = (int)strlen(value);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:42:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read	        _read
data/cups-2.3.3op1~106-ga72b0140e/vcnet/config.h:72:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(X)	Sleep((X)/1000)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/engine.c:91:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		stop = start + strlen(start);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:93:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		subs[0].rm_eo = strlen(argv[optind]) - endoff;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:145:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		inbuf[strlen(inbuf)-1] = '\0';	/* get rid of stupid \n */
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:167:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strcmp(erbuf, badpat) != 0 || ne != strlen(badpat)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:174:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						ne != strlen(badpat)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:180:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strcmp(erbuf, bpname) != 0 || ne != strlen(bpname)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:191:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (ne != strlen(erbuf)+1) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:227:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	re.re_endp = (opts&REG_PEND) ? f0copy + strlen(f0copy) : NULL;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:440:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (sub.rm_eo > strlen(str)) {
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:447:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	shlen = (int)strlen(should);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:467:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	shlen = strlen(at);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/main.c:506:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	assert(strlen(efbuf) < sizeof(efbuf));
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:111:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen((char *)pattern);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:745:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (u = cp->multis; *u != '\0'; u += strlen(u) + 1)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1158:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cs->smultis += strlen(cp) + 1;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1182:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	register size_t len = strlen(fp);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regcomp.c:1224:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (p = cs->multis; *p != '\0'; p += strlen(p) + 1)
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:88:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			assert(strlen(convbuf) < sizeof(convbuf));
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:94:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(s) + 1;
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/regerror.c:99:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			(void) strncpy(errbuf, s, errbuf_size-1);
data/cups-2.3.3op1~106-ga72b0140e/vcnet/regex/split.c:173:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buf[strlen(buf)-1] = '\0';	/* stomp newline */

ANALYSIS SUMMARY:

Hits = 2946
Lines analyzed = 256691 in approximately 6.82 seconds (37612 lines/second)
Physical Source Lines of Code (SLOC) = 164287
Hits@level = [0] 2920 [1] 791 [2] 1685 [3] 250 [4] 213 [5]   7
Hits@level+ = [0+] 5866 [1+] 2946 [2+] 2155 [3+] 470 [4+] 220 [5+]   7
Hits/KSLOC@level+ = [0+] 35.7058 [1+] 17.932 [2+] 13.1173 [3+] 2.86085 [4+] 1.33912 [5+] 0.0426084
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.