Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ddcutil-0.9.9/src/public/ddcutil_status_codes.h Examining data/ddcutil-0.9.9/src/public/ddcutil_types.h Examining data/ddcutil-0.9.9/src/public/ddcutil_c_api.h Examining data/ddcutil-0.9.9/src/public/temp/ddcutil_c_api.h Examining data/ddcutil-0.9.9/src/app_ddcutil/main.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_capabilities.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_probe.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dynamic_features.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_getvcp.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.h Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dynamic_features.h Examining data/ddcutil-0.9.9/src/app_ddcutil/app_getvcp.h Examining data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.h Examining data/ddcutil-0.9.9/src/app_ddcutil/app_capabilities.h Examining data/ddcutil-0.9.9/src/app_ddcutil/app_probe.h Examining data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.h Examining data/ddcutil-0.9.9/src/libmain/api_base.c Examining data/ddcutil-0.9.9/src/libmain/api_displays.c Examining data/ddcutil-0.9.9/src/libmain/api_metadata.c Examining data/ddcutil-0.9.9/src/libmain/api_feature_access.c Examining data/ddcutil-0.9.9/src/libmain/api_capabilities.c Examining data/ddcutil-0.9.9/src/libmain/api_capabilities_internal.h Examining data/ddcutil-0.9.9/src/libmain/api_displays_internal.h Examining data/ddcutil-0.9.9/src/libmain/api_feature_access_internal.h Examining data/ddcutil-0.9.9/src/libmain/api_metadata_internal.h Examining data/ddcutil-0.9.9/src/libmain/api_base_internal.h Examining data/ddcutil-0.9.9/src/util/data_structures.c Examining data/ddcutil-0.9.9/src/util/debug_util.c Examining data/ddcutil-0.9.9/src/util/device_id_util.c Examining data/ddcutil-0.9.9/src/util/edid.c Examining data/ddcutil-0.9.9/src/util/error_info.c Examining data/ddcutil-0.9.9/src/util/file_util.c Examining data/ddcutil-0.9.9/src/util/glib_util.c Examining data/ddcutil-0.9.9/src/util/glib_string_util.c Examining data/ddcutil-0.9.9/src/util/i2c_util.c Examining data/ddcutil-0.9.9/src/util/multi_level_map.c Examining data/ddcutil-0.9.9/src/util/output_sink.c Examining data/ddcutil-0.9.9/src/util/report_util.c Examining data/ddcutil-0.9.9/src/util/string_util.c Examining data/ddcutil-0.9.9/src/util/sysfs_util.c Examining data/ddcutil-0.9.9/src/util/subprocess_util.c Examining data/ddcutil-0.9.9/src/util/timestamp.c Examining data/ddcutil-0.9.9/src/util/udev_i2c_util.c Examining data/ddcutil-0.9.9/src/util/udev_usb_util.c Examining data/ddcutil-0.9.9/src/util/udev_util.c Examining data/ddcutil-0.9.9/src/util/utilrpt.c Examining data/ddcutil-0.9.9/src/util/failsim.c Examining data/ddcutil-0.9.9/src/util/x11_util.c Examining data/ddcutil-0.9.9/src/util/libdrm_util.c Examining data/ddcutil-0.9.9/src/util/coredefs.h Examining data/ddcutil-0.9.9/src/util/libdrm_util.h Examining data/ddcutil-0.9.9/src/util/systemd_util.h Examining data/ddcutil-0.9.9/src/util/device_id_util.h Examining data/ddcutil-0.9.9/src/util/multi_level_map.h Examining data/ddcutil-0.9.9/src/util/output_sink.h Examining data/ddcutil-0.9.9/src/util/utilrpt.h Examining data/ddcutil-0.9.9/src/util/x11_util.h Examining data/ddcutil-0.9.9/src/util/udev_util.h Examining data/ddcutil-0.9.9/src/util/report_util.h Examining data/ddcutil-0.9.9/src/util/timestamp.h Examining data/ddcutil-0.9.9/src/util/udev_i2c_util.h Examining data/ddcutil-0.9.9/src/util/glib_string_util.h Examining data/ddcutil-0.9.9/src/util/udev_usb_util.h Examining data/ddcutil-0.9.9/src/util/data_structures.h Examining data/ddcutil-0.9.9/src/util/debug_util.h Examining data/ddcutil-0.9.9/src/util/edid.h Examining data/ddcutil-0.9.9/src/util/error_info.h Examining data/ddcutil-0.9.9/src/util/failsim.h Examining data/ddcutil-0.9.9/src/util/file_util.h Examining data/ddcutil-0.9.9/src/util/glib_util.h Examining data/ddcutil-0.9.9/src/util/i2c_util.h Examining data/ddcutil-0.9.9/src/util/string_util.h Examining data/ddcutil-0.9.9/src/util/subprocess_util.h Examining data/ddcutil-0.9.9/src/util/sysfs_util.h Examining data/ddcutil-0.9.9/src/usb_util/usb_hid_common.c Examining data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c Examining data/ddcutil-0.9.9/src/usb_util/hiddev_util.c Examining data/ddcutil-0.9.9/src/usb_util/hidraw_util.c Examining data/ddcutil-0.9.9/src/usb_util/libusb_reports.c Examining data/ddcutil-0.9.9/src/usb_util/libusb_util.c Examining data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c Examining data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c Examining data/ddcutil-0.9.9/src/usb_util/hidraw_util.h Examining data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.h Examining data/ddcutil-0.9.9/src/usb_util/libusb_reports.h Examining data/ddcutil-0.9.9/src/usb_util/usb_hid_common.h Examining data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.h Examining data/ddcutil-0.9.9/src/usb_util/hiddev_reports.h Examining data/ddcutil-0.9.9/src/usb_util/libusb_util.h Examining data/ddcutil-0.9.9/src/usb_util/hiddev_util.h Examining data/ddcutil-0.9.9/src/base/base_init.c Examining data/ddcutil-0.9.9/src/base/build_info.c Examining data/ddcutil-0.9.9/src/base/core.c Examining data/ddcutil-0.9.9/src/base/ddc_errno.c Examining data/ddcutil-0.9.9/src/base/ddc_packets.c Examining data/ddcutil-0.9.9/src/base/dynamic_features.c Examining data/ddcutil-0.9.9/src/base/dynamic_sleep.c Examining data/ddcutil-0.9.9/src/base/displays.c Examining data/ddcutil-0.9.9/src/base/execution_stats.c Examining data/ddcutil-0.9.9/src/base/feature_lists.c Examining data/ddcutil-0.9.9/src/base/feature_metadata.c Examining data/ddcutil-0.9.9/src/base/feature_sets.c Examining data/ddcutil-0.9.9/src/base/last_io_event.c Examining data/ddcutil-0.9.9/src/base/linux_errno.c Examining data/ddcutil-0.9.9/src/base/monitor_model_key.c Examining data/ddcutil-0.9.9/src/base/per_thread_data.c Examining data/ddcutil-0.9.9/src/base/rtti.c Examining data/ddcutil-0.9.9/src/base/sleep.c Examining data/ddcutil-0.9.9/src/base/thread_retry_data.c Examining data/ddcutil-0.9.9/src/base/thread_sleep_data.c Examining data/ddcutil-0.9.9/src/base/tuned_sleep.c Examining data/ddcutil-0.9.9/src/base/status_code_mgt.c Examining data/ddcutil-0.9.9/src/base/vcp_version.c Examining data/ddcutil-0.9.9/src/base/old/error_detail.h Examining data/ddcutil-0.9.9/src/base/new/retry.h Examining data/ddcutil-0.9.9/src/base/new/dynamic_features_yaml.h Examining data/ddcutil-0.9.9/src/base/temp/tuned_sleep.h Examining data/ddcutil-0.9.9/src/base/adl_errors.h Examining data/ddcutil-0.9.9/src/base/base_init.h Examining data/ddcutil-0.9.9/src/base/build_info.h Examining data/ddcutil-0.9.9/src/base/ddc_errno.h Examining data/ddcutil-0.9.9/src/base/feature_metadata.h Examining data/ddcutil-0.9.9/src/base/feature_sets.h Examining data/ddcutil-0.9.9/src/base/linux_errno.h Examining data/ddcutil-0.9.9/src/base/monitor_model_key.h Examining data/ddcutil-0.9.9/src/base/rtti.h Examining data/ddcutil-0.9.9/src/base/vcp_version.h Examining data/ddcutil-0.9.9/src/base/core.h Examining data/ddcutil-0.9.9/src/base/ddc_packets.h Examining data/ddcutil-0.9.9/src/base/displays.h Examining data/ddcutil-0.9.9/src/base/dynamic_features.h Examining data/ddcutil-0.9.9/src/base/dynamic_sleep.h Examining data/ddcutil-0.9.9/src/base/execution_stats.h Examining data/ddcutil-0.9.9/src/base/feature_lists.h Examining data/ddcutil-0.9.9/src/base/last_io_event.h Examining data/ddcutil-0.9.9/src/base/parms.h Examining data/ddcutil-0.9.9/src/base/per_thread_data.h Examining data/ddcutil-0.9.9/src/base/sleep.h Examining data/ddcutil-0.9.9/src/base/status_code_mgt.h Examining data/ddcutil-0.9.9/src/base/thread_retry_data.h Examining data/ddcutil-0.9.9/src/base/thread_sleep_data.h Examining data/ddcutil-0.9.9/src/base/tuned_sleep.h Examining data/ddcutil-0.9.9/src/vcp/ddc_command_codes.c Examining data/ddcutil-0.9.9/src/vcp/parse_capabilities.c Examining data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c Examining data/ddcutil-0.9.9/src/vcp/ddc_command_codes.h Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_values.h Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_set.h Examining data/ddcutil-0.9.9/src/vcp/parse_capabilities.h Examining data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.h Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.h Examining data/ddcutil-0.9.9/src/i2c/i2c_execute.c Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c Examining data/ddcutil-0.9.9/src/i2c/i2c_strategy_dispatcher.c Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_core.h Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.h Examining data/ddcutil-0.9.9/src/i2c/i2c_execute.h Examining data/ddcutil-0.9.9/src/i2c/i2c_strategy_dispatcher.h Examining data/ddcutil-0.9.9/src/i2c/wrap_i2c-dev.h Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_aux_intf.c Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_errors.c Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_shim.c Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_aux_intf.h Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_friendly.h Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.h Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_sdk_includes.h Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_wrapmccs.h Examining data/ddcutil-0.9.9/src/adl/adl_mock_impl/adl_mock_shim.c Examining data/ddcutil-0.9.9/src/adl/adl_mock_impl/adl_mock_errors.c Examining data/ddcutil-0.9.9/src/adl/adl_shim.h Examining data/ddcutil-0.9.9/src/usb/usb_base.c Examining data/ddcutil-0.9.9/src/usb/usb_edid.c Examining data/ddcutil-0.9.9/src/usb/usb_displays.c Examining data/ddcutil-0.9.9/src/usb/usb_vcp.c Examining data/ddcutil-0.9.9/src/usb/usb_edid.h Examining data/ddcutil-0.9.9/src/usb/usb_base.h Examining data/ddcutil-0.9.9/src/usb/usb_vcp.h Examining data/ddcutil-0.9.9/src/usb/usb_displays.h Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.c Examining data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_codes.c Examining data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.c Examining data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.h Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.h Examining data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.h Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_codes.h Examining data/ddcutil-0.9.9/src/ddc/ddc_async.c Examining data/ddcutil-0.9.9/src/ddc/ddc_displays.c Examining data/ddcutil-0.9.9/src/ddc/ddc_display_lock.c Examining data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c Examining data/ddcutil-0.9.9/src/ddc/ddc_multi_part_io.c Examining data/ddcutil-0.9.9/src/ddc/ddc_output.c Examining data/ddcutil-0.9.9/src/ddc/ddc_packet_io.c Examining data/ddcutil-0.9.9/src/ddc/ddc_read_capabilities.c Examining data/ddcutil-0.9.9/src/ddc/ddc_services.c Examining data/ddcutil-0.9.9/src/ddc/ddc_strategy.c Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp.c Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp_version.c Examining data/ddcutil-0.9.9/src/ddc/ddc_try_stats.c Examining data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c Examining data/ddcutil-0.9.9/src/ddc/old/ddc_vcp.h Examining data/ddcutil-0.9.9/src/ddc/old/ddc_output.h Examining data/ddcutil-0.9.9/src/ddc/new/ddc_try_stats_new.h Examining data/ddcutil-0.9.9/src/ddc/ddc_async.h Examining data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h Examining data/ddcutil-0.9.9/src/ddc/ddc_read_capabilities.h Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp.h Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp_version.h Examining data/ddcutil-0.9.9/src/ddc/ddc_display_lock.h Examining data/ddcutil-0.9.9/src/ddc/ddc_displays.h Examining data/ddcutil-0.9.9/src/ddc/ddc_multi_part_io.h Examining data/ddcutil-0.9.9/src/ddc/ddc_output.h Examining data/ddcutil-0.9.9/src/ddc/ddc_packet_io.h Examining data/ddcutil-0.9.9/src/ddc/ddc_services.h Examining data/ddcutil-0.9.9/src/ddc/ddc_strategy.h Examining data/ddcutil-0.9.9/src/ddc/ddc_try_stats.h Examining data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.h Examining data/ddcutil-0.9.9/src/test/ddc/ddc_capabilities_tests.c Examining data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c Examining data/ddcutil-0.9.9/src/test/ddc/ddc_capabilities_tests.h Examining data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.h Examining data/ddcutil-0.9.9/src/test/i2c/i2c_testutil.c Examining data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.c Examining data/ddcutil-0.9.9/src/test/i2c/i2c_io_old.c Examining data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.h Examining data/ddcutil-0.9.9/src/test/i2c/i2c_testutil.h Examining data/ddcutil-0.9.9/src/test/i2c/i2c_io_old.h Examining data/ddcutil-0.9.9/src/test/testcase_table.c Examining data/ddcutil-0.9.9/src/test/testcases.c Examining data/ddcutil-0.9.9/src/test/testcase_table.h Examining data/ddcutil-0.9.9/src/test/testcases.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_logs.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_logs.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.h Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.h Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser_aux.c Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c Examining data/ddcutil-0.9.9/src/cmdline/parsed_cmd.c Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser.h Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser_aux.h Examining data/ddcutil-0.9.9/src/cmdline/parsed_cmd.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_structs.c Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_cont_response.c Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_context.c Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_handle.c Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_identifier.c Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_ref.c Examining data/ddcutil-0.9.9/src/gobject_api/gomain.c Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_ref.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_identifier.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_context.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_handle.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_gobjects.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_structs.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_types.h Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_cont_response.h Examining data/ddcutil-0.9.9/src/swig/ddc_swig.c Examining data/ddcutil-0.9.9/src/swig/ddc_swig.h Examining data/ddcutil-0.9.9/src/cython/cyddc.c Examining data/ddcutil-0.9.9/src/cffi/cffi_c_lib_demo/testcffi.h Examining data/ddcutil-0.9.9/src/cffi/_ddccffi_callback.h Examining data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_c_api.h Examining data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h Examining data/ddcutil-0.9.9/src/sample_clients/demo_capabilities.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_display_selection.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_feature_list.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_get_set_vcp.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_global_settings.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_profile_features.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_redirection.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_vcpinfo.c Examining data/ddcutil-0.9.9/src/sample_clients/demo_watch_displays.c Examining data/ddcutil-0.9.9/src/sample_clients/clmain.c Examining data/ddcutil-0.9.9/src/private/ddcutil_c_api_private.h Examining data/ddcutil-0.9.9/src/private/ddcutil_types_private.h FINAL RESULTS: data/ddcutil-0.9.9/src/util/file_util.c:428:17: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. ssize_t ct = readlink(workbuf, result, PATH_MAX); data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:129:53: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. snprintf(fqfn, PATH_MAX, "/home/%s/%s/%s", getlogin(), USER_VCP_DATA_DIR, simple_fn_buf); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:268:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(workbuf, interpret_ddca_version_feature_flags_readwrite(vflags)); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:270:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(workbuf, interpret_ddca_version_feature_flags_type(vflags)); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:276:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(workbuf, s); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:156:56: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. printf("(%s) getlogin() returned |%s|\n", __func__, getlogin()); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:215:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = access(fnbuf, R_OK|W_OK); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:434:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(result, cur->driver_name); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:48:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. rc = access(fnbuf, R_OK|W_OK); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_logs.c:54:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ( access(log_fn, R_OK) < 0 ) { data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:54:25: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. int piece_ct = sscanf(curline, "%s %d %d %s %s %s", data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:106:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirbuf, dn_gpus); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:107:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dirbuf, ep->d_name); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:391:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cur_dir_name, "%s/%s", dirname, fn); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:584:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cur_dir_name, "%s/%s", dirname, fn); data/ddcutil-0.9.9/src/base/core.c:471:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp, bname); data/ddcutil-0.9.9/src/base/core.c:709:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, 200, format, args); data/ddcutil-0.9.9/src/base/core.c:783:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, 200, format, args); data/ddcutil-0.9.9/src/base/core.c:915:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, 200, format, args); data/ddcutil-0.9.9/src/base/displays.c:367:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pIdent->mfg_id, mfg_id); data/ddcutil-0.9.9/src/base/displays.c:371:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pIdent->model_name, model_name); data/ddcutil-0.9.9/src/base/displays.c:375:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pIdent->serial_ascii, serial_ascii); data/ddcutil-0.9.9/src/base/displays.c:717:31: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). dref->usb_hiddev_name = strcpy(dref->usb_hiddev_name, old->usb_hiddev_name); data/ddcutil-0.9.9/src/base/dynamic_features.c:104:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, string_value); data/ddcutil-0.9.9/src/base/dynamic_features.c:281:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(detail, 200, fmt, args); data/ddcutil-0.9.9/src/base/feature_lists.c:183:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf + strlen(buf), "%s%02x%s", value_prefix, ndx, sepstr); data/ddcutil-0.9.9/src/base/per_thread_data.c:237:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf,ptd->description); data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:858:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newval, a1); data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:859:19: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newval, a2); data/ddcutil-0.9.9/src/cython/cyddc.c:597:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c); data/ddcutil-0.9.9/src/ddc/ddc_output.c:709:16: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(*formatted_value_loc, strlen(formatted_data) + 49, data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.c:209:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(fqnamebuf, R_OK) == 0) { data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:159:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "System: %s, Unit: ", systems[sys]); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:167:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf+strlen(buf), "%s", units[sys][i]); data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:210:17: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. curpos += sprintf(curpos, #_bitname "|") data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:326:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(usage_buffer, sizeof(usage_buffer), data/ddcutil-0.9.9/src/util/device_id_util.c:228:16: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. int ct = sscanf(a_line, "%s %hx %m[^\n]", data/ddcutil-0.9.9/src/util/device_id_util.c:289:19: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. int ct = sscanf(a_line+tabct, "%s %4hx %m[^\n]", data/ddcutil-0.9.9/src/util/device_id_util.c:400:22: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. int ct = sscanf(a_line, "%s %m[^\n]", data/ddcutil-0.9.9/src/util/device_id_util.c:410:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(segment_tag, atag); data/ddcutil-0.9.9/src/util/output_sink.c:115:15: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rc = vfprintf(psink->fp, format, args); data/ddcutil-0.9.9/src/util/output_sink.c:123:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. rc = vsnprintf(psink->workbuf, psink->cur_max_chars, format, args); data/ddcutil-0.9.9/src/util/output_sink.c:210:13: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int rc = vfprintf(vcp_file_emitter_fp, format, args); data/ddcutil-0.9.9/src/util/output_sink.c:222:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, 400, format, args); data/ddcutil-0.9.9/src/util/report_util.c:295:20: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int reqd_size = vsnprintf(buffer, buffer_size, format, args); data/ddcutil-0.9.9/src/util/report_util.c:301:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, reqd_size+1, format, args); data/ddcutil-0.9.9/src/util/report_util.c:687:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, val_to_append); data/ddcutil-0.9.9/src/util/string_util.c:355:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(end, sepstr); data/ddcutil-0.9.9/src/util/string_util.c:358:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(end, pieces[ndx]); data/ddcutil-0.9.9/src/util/string_util.c:754:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, s1); data/ddcutil-0.9.9/src/util/string_util.c:755:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result+strlen(s1), s2); data/ddcutil-0.9.9/src/util/string_util.c:805:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, sepstr); data/ddcutil-0.9.9/src/util/string_util.c:806:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, nextval); data/ddcutil-0.9.9/src/util/string_util.c:1129:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer+i*incr1, pattern, bytes[i]); data/ddcutil-0.9.9/src/util/string_util.c:1131:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, sepstr); data/ddcutil-0.9.9/src/util/string_util.c:1199:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf+strlen(buf), pattern, bytes[i]); data/ddcutil-0.9.9/src/util/string_util.c:1204:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, sepstr); data/ddcutil-0.9.9/src/util/string_util.c:1370:12: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rc = vfprintf(stream, format, args); data/ddcutil-0.9.9/src/util/string_util.c:1390:12: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. rc = vfprintf(stream, format, ap); data/ddcutil-0.9.9/src/util/string_util.h:46:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buf, bufsz, fmt, __VA_ARGS__ ); \ data/ddcutil-0.9.9/src/util/subprocess_util.c:44:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(cmdbuf, "r"); data/ddcutil-0.9.9/src/util/subprocess_util.c:138:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fp = popen(cmdbuf, "r"); data/ddcutil-0.9.9/src/util/subprocess_util.c:235:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(full_cmd, cmd); data/ddcutil-0.9.9/src/util/subprocess_util.c:238:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int rc = system(full_cmd); data/ddcutil-0.9.9/src/util/sysfs_util.c:39:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/%s", dirname, attrname); data/ddcutil-0.9.9/src/util/sysfs_util.c:61:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/%s", dirname, attrname); data/ddcutil-0.9.9/src/util/sysfs_util.c:78:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/%s", dirname, attrname); data/ddcutil-0.9.9/src/util/sysfs_util.c:112:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/%s", dirname, attrname); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:74:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, val); data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:176:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, buf0); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:431:22: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. char * rpath = realpath(workfn, resolved_path); data/ddcutil-0.9.9/src/util/sysfs_util.c:191:19: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. char * rpath = realpath(workbuf, resolved_path); data/ddcutil-0.9.9/src/adl/adl_impl/adl_errors.c:68:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char workbuf[WORKBUF_SIZE]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_errors.c:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf2[20]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:374:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strPartNumber[ADL_MAX_PATH]; ///< Part number. data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:375:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strVersion[ADL_MAX_PATH]; ///< Version number. data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:376:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strDate[ADL_MAX_PATH]; ///< BIOS date in yyyy/mm/dd hh:mm format. data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:430:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xrandrname[100] = {0}; data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:638:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pIdInfo->edid_bytes, pEdid->bytes, 128); data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:770:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_recs[ndx].marker, DISPLAY_INFO_MARKER, 4); data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:57:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfg_id[4]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:58:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model_name[14]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:59:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_ascii[14]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:60:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xrandr_name[16]; // what is correct maximum size? data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strUDID[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:208:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strAdapterName[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strDisplayName[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strDriverPath[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strDriverPathExt[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strPNPString[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:239:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strXScreenConfigName[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:336:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strDisplayName[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:339:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strDisplayManufacturerName[ADL_MAX_PATH]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cEDIDData[ADL_MAX_EDIDDATA_SIZE]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:562:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cDisplayName[ADL_MAX_DISPLAY_NAME]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:599:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parsedMfgId[4]; data/ddcutil-0.9.9/src/adl/adl_impl/adl_shim.c:200:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(orec->marker, ADL_DISPLAY_DETAIL_MARKER, 4); data/ddcutil-0.9.9/src/adl/adl_shim.h:144:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "ADTD" data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:70:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp_text[30]; data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:113:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqfn[PATH_MAX] = {0}; data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:123:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char simple_fn_buf[NAME_MAX+1]; data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:137:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * output_fp = fopen(filename, "w+"); data/ddcutil-0.9.9/src/app_ddcutil/app_probe.c:45:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interpreted[200]; data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:54:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:81:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:82:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[234]; data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:173:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(version_name_buf, "2.0"); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:176:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(version_name_buf, ", "); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:177:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(version_name_buf, "2.1"); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:181:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(version_name_buf, ", "); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:182:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(version_name_buf, "3.0"); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:186:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(version_name_buf, ", "); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:187:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(version_name_buf, "2.2"); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:265:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(workbuf, "Deprecated, "); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:269:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(workbuf, ", "); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:272:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:275:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(workbuf, ", "); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:291:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[200]; data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:314:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[200]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv.c:384:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[80]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:205:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnbuf[20]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:139:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqfn[PATH_MAX+2]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:172:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf0[80]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:197:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accum->marker, ENV_ACCUMULATOR_MARKER, 4); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:433:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result, ", "); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.h:49:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c:94:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c:106:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c:108:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int chassis_type_i = atoi(chassis_type_s); // TODO: use something safer? data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:199:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char busid2[30] = ""; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:352:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connector_name[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:631:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(devname,O_RDWR | O_CLOEXEC); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:42:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnbuf[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:123:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ddc_response_bytes[12]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:300:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(first_edid, buf0->bytes, 128); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:47:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modules_builtin_fn[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:54:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[200]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:74:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ko_name[40]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:79:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * terms[2]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:119:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char module_name_ko[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:122:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirname[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:48:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mod_name[32]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:51:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mod_dependencies[500]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:52:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mod_load_state[10]; // one of: Live Loading Unloading data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:53:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mod_addr[30]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:105:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dirbuf[400]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:271:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_dir[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:390:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_dir_name[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:427:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workfn[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:429:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolved_path[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:452:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver_module_dir[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:583:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_dir_name[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:586:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[106]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:669:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[100]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:687:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dnbuf[90]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:689:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cardname[cardname_sz]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:721:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_dir_name[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c:88:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqfn[PATH_MAX]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c:206:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev_summary[200]; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.c:142:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xref->marker, DEVICE_ID_XREF_MARKER, 4); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.c:143:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xref->raw_edid, raw_edid, 128); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.h:19:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/core.c:472:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(temp, ".c"); data/ddcutil-0.9.9/src/base/core.c:706:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/ddcutil-0.9.9/src/base/core.c:779:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/ddcutil-0.9.9/src/base/core.c:780:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[250]; data/ddcutil-0.9.9/src/base/core.c:830:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char elapsed_prefix[15] = ""; data/ddcutil-0.9.9/src/base/core.c:834:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char thread_prefix[15] = ""; data/ddcutil-0.9.9/src/base/core.c:912:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/ddcutil-0.9.9/src/base/core.c:919:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[250]; data/ddcutil-0.9.9/src/base/core.c:973:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->marker, DDCA_ERROR_DETAIL_MARKER, 4); data/ddcutil-0.9.9/src/base/core.c:1008:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->marker, DDCA_ERROR_DETAIL_MARKER, 4); data/ddcutil-0.9.9/src/base/ddc_packets.c:412:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data_bytes+4, bytes_to_write, bytect); data/ddcutil-0.9.9/src/base/ddc_packets.c:677:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aux_data->bytes, read_data_start, read_data_length); // CHANGED data/ddcutil-0.9.9/src/base/ddc_packets.c:1099:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, packet->parsed.nontable_response, sizeof(Parsed_Nontable_Vcp_Response)); data/ddcutil-0.9.9/src/base/ddc_packets.h:107:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[MAX_DDC_TAG+1]; ///* debug string describing packet, +1 for \0 data/ddcutil-0.9.9/src/base/displays.c:125:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newrec->marker, DISPLAY_ASYNC_REC_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:254:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pIdent->marker, DISPLAY_IDENTIFIER_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:334:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pIdent->edidbytes, edidbytes, 128); data/ddcutil-0.9.9/src/base/displays.c:446:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edidbuf[257]; data/ddcutil-0.9.9/src/base/displays.c:527:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsel->marker, DISPLAY_SELECTOR_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:624:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dref->marker, DISPLAY_REF_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:715:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dref, old, sizeof(Display_Ref)); data/ddcutil-0.9.9/src/base/displays.c:902:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[80]; data/ddcutil-0.9.9/src/base/displays.c:923:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Display_Ref[NULL]"); data/ddcutil-0.9.9/src/base/displays.c:943:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dh->marker, DISPLAY_HANDLE_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:966:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dh->marker, DISPLAY_HANDLE_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:991:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dh->marker, DISPLAY_HANDLE_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.c:1088:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Display_Handle[NULL]"); data/ddcutil-0.9.9/src/base/displays.c:1135:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(card_info->marker, VIDEO_CARD_INFO_MARKER, 4); data/ddcutil-0.9.9/src/base/displays.h:69:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/displays.h:102:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; // always "DPID" data/ddcutil-0.9.9/src/base/displays.h:108:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfg_id[EDID_MFG_ID_FIELD_SIZE]; data/ddcutil-0.9.9/src/base/displays.h:109:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model_name[EDID_MODEL_NAME_FIELD_SIZE]; data/ddcutil-0.9.9/src/base/displays.h:110:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_ascii[EDID_SERIAL_ASCII_FIELD_SIZE]; data/ddcutil-0.9.9/src/base/displays.h:133:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; // always "DSEL" data/ddcutil-0.9.9/src/base/displays.h:185:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/displays.h:229:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/displays.h:249:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/dynamic_features.c:54:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result.word, s, wordlen); data/ddcutil-0.9.9/src/base/dynamic_features.c:225:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frec->marker, DYNAMIC_FEATURES_REC_MARKER, 4); data/ddcutil-0.9.9/src/base/dynamic_features.c:276:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char detail[200]; data/ddcutil-0.9.9/src/base/dynamic_features.c:277:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xdetail[300]; data/ddcutil-0.9.9/src/base/dynamic_features.c:521:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_feature_metadata->marker, DDCA_FEATURE_METADATA_MARKER, 4); data/ddcutil-0.9.9/src/base/dynamic_features.h:33:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/execution_stats.c:53:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/execution_stats.c:212:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ddcutil-0.9.9/src/base/execution_stats.c:275:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pcounts->marker, STATUS_CODE_COUNTS_MARKER, 4); data/ddcutil-0.9.9/src/base/feature_metadata.c:352:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->marker, DISPLAY_FEATURE_METADATA_MARKER, 4); data/ddcutil-0.9.9/src/base/feature_metadata.c:394:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ddca_meta->marker, DDCA_FEATURE_METADATA_MARKER, 4); data/ddcutil-0.9.9/src/base/feature_metadata.h:116:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/last_io_event.c:69:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ts->marker, IO_EVENT_TIMESTAMP_MARKER, 4); data/ddcutil-0.9.9/src/base/last_io_event.h:17:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/linux_errno.c:156:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char workbuf[WORKBUF_SIZE]; data/ddcutil-0.9.9/src/base/linux_errno.c:157:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char dummy_errno_description[WORKBUF_SIZE]; data/ddcutil-0.9.9/src/base/monitor_model_key.c:176:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[100]; data/ddcutil-0.9.9/src/base/monitor_model_key.c:178:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "[Undefined]"); data/ddcutil-0.9.9/src/base/old/error_detail.h:34:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always EINF data/ddcutil-0.9.9/src/base/old/error_detail.h:50:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/per_thread_data.c:420:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[100]; data/ddcutil-0.9.9/src/base/thread_retry_data.c:106:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/base/thread_retry_data.c:148:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args.marker, GLOBAL_MAXTRIES_MARKER, 4); data/ddcutil-0.9.9/src/base/tuned_sleep.c:269:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_buf[100]; data/ddcutil-0.9.9/src/base/vcp_version.c:165:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(private_buffer, "Unknown"); // will coverity flag this? data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:112:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "DDIN" data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:202:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; /**< equals VCP_VERSION_SPECIFIC_FEATURE_INFO_MARKER */ data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:222:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; /**< Always DDCA_CAP_VCP_MARKER */ data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:232:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; /**< always DDCA_CAPABILITIES_MARKER */ data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:573:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trimmed_piece[10]; data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:803:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * thisarg = (char *) cmd_and_args[argctr]; data/ddcutil-0.9.9/src/cmdline/parsed_cmd.c:49:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parsed_cmd->marker, PARSED_CMD_MARKER, 4); data/ddcutil-0.9.9/src/cmdline/parsed_cmd.c:104:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ddcutil-0.9.9/src/cmdline/parsed_cmd.h:76:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; // always PCMD data/ddcutil-0.9.9/src/cmdline/parsed_cmd.h:79:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * args[MAX_ARGS]; data/ddcutil-0.9.9/src/cython/cyddc.c:550:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_chars[128]; data/ddcutil-0.9.9/src/cython/cyddc.c:10948:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctversion[4], rtversion[4]; data/ddcutil-0.9.9/src/cython/cyddc.c:10952:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/ddcutil-0.9.9/src/ddc/ddc_async.c:26:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/ddc/ddc_display_lock.c:42:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/ddc/ddc_display_lock.c:140:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_desc->marker, DISTINCT_DISPLAY_DESC_MARKER, 4); data/ddcutil-0.9.9/src/ddc/ddc_displays.c:332:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(version, "Unspecified"); data/ddcutil-0.9.9/src/ddc/ddc_displays.c:335:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(version, "DDC communication failed"); data/ddcutil-0.9.9/src/ddc/ddc_displays.c:696:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[40]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:131:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s0[32], s1[257], s2[16]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:592:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[400]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:603:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexbuf[257]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:624:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp_buf[30]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:627:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[400]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:721:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dumped_data->edidbytes, edid->bytes, 128); data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:774:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[300]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:785:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexbuf[257]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:801:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:35:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edidstr[257]; ///< 128 byte EDID as hex string (for future use) data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:36:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfg_id[4]; ///< 3 character manufacturer id (from EDID) data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:37:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[14]; ///< model string (from EDID) data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:38:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_ascii[14]; ///< serial number string (from EDID) data/ddcutil-0.9.9/src/ddc/ddc_output.c:289:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/ddcutil-0.9.9/src/ddc/ddc_output.c:298:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/ddc/ddc_output.c:419:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/ddc/ddc_output.c:663:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:57:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char procfn[20]; data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:74:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dnbuf[90]; data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:76:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cardname[cardname_sz]; data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:111:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_dir_name[PATH_MAX]; data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:455:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->marker, WATCH_DISPLAYS_DATA_MARKER, 4); data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.h:35:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.c:205:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fqnamebuf[PATH_MAX]; data/ddcutil-0.9.9/src/dynvcp/dyn_feature_codes.c:394:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[200]; data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.c:147:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fset->marker, DYN_FEATURE_SET_MARKER, 4); data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.c:290:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->marker, DYN_FEATURE_SET_MARKER, 4); data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.h:31:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:47:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgamma1[10]; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:142:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_native_gamma[10]; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:178:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(specific_gammas, bytes+3, specific_gamma_ct); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:249:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sglower[10]; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:250:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgupper[10]; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:261:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[300] = "\0"; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:262:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bgamma[10]; data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:272:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[100]; data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:86:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[20]; data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:92:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ( fd = open(filename, (callopts & CALLOPT_RDONLY) ? O_RDONLY : O_RDWR) ) data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:147:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[80]; data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:267:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[100]; data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:598:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(businfo->marker, I2C_BUS_INFO_MARKER, 4); data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:818:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[PATH_MAX]; // yes, PATH_MAX is dangerous, but not as used here data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:819:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/sys/bus/i2c/devices/i2c-%d/name", businfo->busno); data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:858:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[20]; data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:861:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(namebuf, "/dev/i2c-%d", busno); data/ddcutil-0.9.9/src/i2c/i2c_bus_core.h:67:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "BINF" data/ddcutil-0.9.9/src/libmain/api_capabilities.c:149:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->marker, DDCA_CAPABILITIES_MARKER, 4); data/ddcutil-0.9.9/src/libmain/api_capabilities.c:157:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->cmd_codes, bva_bytes(bva), result->cmd_ct); data/ddcutil-0.9.9/src/libmain/api_capabilities.c:167:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_cap_vcp->marker, DDCA_CAP_VCP_MARKER, 4); data/ddcutil-0.9.9/src/libmain/api_capabilities.c:184:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur_cap_vcp->values, bva_bytes(bva), cur_cap_vcp->value_ct); data/ddcutil-0.9.9/src/libmain/api_displays.c:667:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curinfo->marker, DDCA_DISPLAY_INFO_MARKER, 4); data/ddcutil-0.9.9/src/libmain/api_displays.c:694:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curinfo->edid_bytes, dref->pedid->bytes, 128); data/ddcutil-0.9.9/src/libmain/api_feature_access.c:137:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tv->bytes, p_table_bytes->bytes, len); data/ddcutil-0.9.9/src/libmain/api_metadata.c:145:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p_feature_list, &result, 32); data/ddcutil-0.9.9/src/libmain/api_metadata.c:236:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(feature_list_loc, &result, 32); data/ddcutil-0.9.9/src/private/ddcutil_types_private.h:70:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfg_id[DDCA_EDID_MFG_ID_FIELD_SIZE]; data/ddcutil-0.9.9/src/private/ddcutil_types_private.h:71:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model_name[DDCA_EDID_MODEL_NAME_FIELD_SIZE]; data/ddcutil-0.9.9/src/public/ddcutil_types.h:86:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< Always "EDTL" data/ddcutil-0.9.9/src/public/ddcutil_types.h:350:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "DDIN" data/ddcutil-0.9.9/src/public/ddcutil_types.h:355:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfg_id[ DDCA_EDID_MFG_ID_FIELD_SIZE ]; ///< 3 character mfg id from EDID data/ddcutil-0.9.9/src/public/ddcutil_types.h:356:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model_name[DDCA_EDID_MODEL_NAME_FIELD_SIZE]; ///< model name from EDID, 13 char max data/ddcutil-0.9.9/src/public/ddcutil_types.h:357:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sn[ DDCA_EDID_SN_ASCII_FIELD_SIZE ]; ///< "serial number" from EDID, 13 char max data/ddcutil-0.9.9/src/public/ddcutil_types.h:457:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; /**< always "FMET" */ data/ddcutil-0.9.9/src/public/ddcutil_types.h:476:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; /**< Always DDCA_CAP_VCP_MARKER */ data/ddcutil-0.9.9/src/public/ddcutil_types.h:486:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; /**< always DDCA_CAPABILITIES_MARKER */ data/ddcutil-0.9.9/src/sample_clients/demo_get_set_vcp.c:382:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). which_test = atoi(argv[1]); // live dangerously, it's test code data/ddcutil-0.9.9/src/swig/ddc_swig.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char error_msg[256]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:80:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[12]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:83:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fh = open(devname, O_RDWR); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:139:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ddc_response_bytes[12]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:318:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[12]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:321:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fh = open(devname, O_NONBLOCK|O_RDWR); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:345:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zeroBytes[4] = {0}; // 0x00; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:469:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[12]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:472:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fh = open(devname, O_RDWR); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:485:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char readbuf[256]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:588:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname[12]; data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:591:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fh = open(devname, O_NONBLOCK|O_RDWR); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:615:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zeroBytes[5] = {0}; // 0x00; data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.c:54:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[128] = {0}; data/ddcutil-0.9.9/src/usb/usb_base.c:64:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ( file = open(hiddev_devname, mode) ) data/ddcutil-0.9.9/src/usb/usb_base.c:134:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[300]; data/ddcutil-0.9.9/src/usb/usb_displays.c:213:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vcprec->marker, USB_MONITOR_VCP_REC_MARKER, 4); data/ddcutil-0.9.9/src/usb/usb_displays.c:220:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(infoptr, &rinfo, sizeof(struct hiddev_report_info)); data/ddcutil-0.9.9/src/usb/usb_displays.c:223:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fptr, &finfo, sizeof(struct hiddev_field_info)); data/ddcutil-0.9.9/src/usb/usb_displays.c:226:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uptr, &uref, sizeof(struct hiddev_usage_ref)); data/ddcutil-0.9.9/src/usb/usb_displays.c:257:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/ddcutil-0.9.9/src/usb/usb_displays.c:258:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf,"(vcp("); data/ddcutil-0.9.9/src/usb/usb_displays.c:269:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf+curlen, "%02x", feature_code); data/ddcutil-0.9.9/src/usb/usb_displays.c:273:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf+curlen, "))"); data/ddcutil-0.9.9/src/usb/usb_displays.c:449:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(moninfo->marker, USB_MONITOR_INFO_MARKER, 4); data/ddcutil-0.9.9/src/usb/usb_displays.c:587:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_recs[ndx].marker, DISPLAY_INFO_MARKER, 4); data/ddcutil-0.9.9/src/usb/usb_displays.c:589:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_list.info_recs, info_recs, (usb_monitors->len)*sizeof(Display_Info)); data/ddcutil-0.9.9/src/usb/usb_displays.c:739:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vname[80] = {'\0'}; data/ddcutil-0.9.9/src/usb/usb_displays.c:740:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dname[80] = {'\0'}; data/ddcutil-0.9.9/src/usb/usb_displays.c:812:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(device_name, O_RDONLY); data/ddcutil-0.9.9/src/usb/usb_displays.h:55:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/usb/usb_displays.h:71:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/usb/usb_edid.c:186:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->sn, modelsn->bytes,8); data/ddcutil-0.9.9/src/usb/usb_edid.c:188:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->model, modelsn->bytes+8, 8); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:56:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char b1[80]; data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:57:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char b2[80]; data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:66:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *systems[5] = { "None", "SI Linear", "SI Rotation", data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:69:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *units[5][8] = { data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:128:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *systems[5] = { "None", "SI Linear", "SI Rotation", data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:131:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *units[5][8] = { data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:154:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "System: Vendor defined, Unit: (unknown)"); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:156:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "System: Reserved, Unit: (unknown)"); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:174:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf+strlen(buf), "^%d", val); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:180:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "(None)"); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:187:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[80]; data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:247:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cur->raw_bytes, b+i, 1+cur->bsize_bytect); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:320:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *types[4] = { "Main", "Global", "Local", "reserved" }; data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:322:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char databuf[80]; data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:324:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(databuf, "none"); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:328:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawbuf[16]; data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:331:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[9]; // 2 chars/byte + 1 for terminating null data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c:156:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c:612:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *types[4] = { "Main", "Global", "Local", "reserved" }; data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c:632:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char datastr[20]; data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:212:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char field_bits_buffer[200]; data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:271:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char report_id_buffer[100]; data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:274:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(report_id_buffer, "HID_REPORT_ID_UNKNOWN"); data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:277:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(report_id_buffer, "HID_REPORT_ID_FIRST|"); data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:279:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(report_id_buffer, "HID_REPORT_ID_NEXT|"); data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:280:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(report_id_buffer + strlen(report_id_buffer), data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:298:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char usage_buffer[100]; data/ddcutil-0.9.9/src/usb_util/hiddev_util.c:564:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, &finfo, sizeof(struct hiddev_field_info)); data/ddcutil-0.9.9/src/usb_util/hiddev_util.c:941:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[blen]; data/ddcutil-0.9.9/src/usb_util/hidraw_util.c:109:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(devname, O_RDWR|O_NONBLOCK); data/ddcutil-0.9.9/src/usb_util/hidraw_util.c:304:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(devname, O_RDWR|O_NONBLOCK); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:182:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char libusb_string_buffer[LIBUSB_STRING_BUFFER_SIZE]; data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:192:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(libusb_string_buffer, "<Unknown string>"); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:207:1: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t libusb_string_buffer_wide[LIBUSB_STRING_BUFFER_SIZE]; data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:218:9: [2] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. wcscpy(libusb_string_buffer_wide, L"<Unknown string>"); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:885:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(end, "%u", path[ndx]); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:887:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(end, ".%u", path[ndx]); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:947:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /* uint8_t */ unsigned char path[8]; data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:949:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ddcutil-0.9.9/src/usb_util/libusb_util.c:35:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[64]; data/ddcutil-0.9.9/src/util/data_structures.c:306:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; // always BBFG data/ddcutil-0.9.9/src/util/data_structures.c:307:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char byte[BYTE_BIT_BYTE_CT]; data/ddcutil-0.9.9/src/util/data_structures.c:314:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(flags->marker, BYTE_BIT_MARKER, 4); data/ddcutil-0.9.9/src/util/data_structures.c:430:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer + strlen(buffer), "%02x", flags->byte[flagndx]); data/ddcutil-0.9.9/src/util/data_structures.c:501:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pos, "%02x", flg); data/ddcutil-0.9.9/src/util/data_structures.c:562:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/util/data_structures.c:576:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result->marker, BBF_ITER_MARKER, 4); data/ddcutil-0.9.9/src/util/data_structures.c:699:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, start, len); data/ddcutil-0.9.9/src/util/data_structures.c:719:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2]; data/ddcutil-0.9.9/src/util/data_structures.c:786:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->marker, BUFFER_MARKER, 4); data/ddcutil-0.9.9/src/util/data_structures.c:913:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->bytes, bytes, bytect); data/ddcutil-0.9.9/src/util/data_structures.c:951:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->bytes+offset, bytes, bytect); data/ddcutil-0.9.9/src/util/data_structures.c:983:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer->bytes + buffer->len, bytes, bytect); data/ddcutil-0.9.9/src/util/data_structures.h:95:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "BUFR" data/ddcutil-0.9.9/src/util/debug_util.c:55:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, start, len); data/ddcutil-0.9.9/src/util/device_id_util.c:78:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fnbuf[MAX_PATH]; data/ddcutil-0.9.9/src/util/device_id_util.c:225:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char atag[40]; data/ddcutil-0.9.9/src/util/device_id_util.c:287:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cur_tag[40]; data/ddcutil-0.9.9/src/util/device_id_util.c:398:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char atag[40]; data/ddcutil-0.9.9/src/util/device_id_util.c:609:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tagbuf[MAX_TAG_SIZE]; data/ddcutil-0.9.9/src/util/device_id_util.c:923:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char resultbuf[12] = {0}; data/ddcutil-0.9.9/src/util/edid.c:226:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parsed_edid->marker, EDID_MARKER_NAME, 4); data/ddcutil-0.9.9/src/util/edid.c:227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(parsed_edid->bytes, edidbytes, 128); data/ddcutil-0.9.9/src/util/edid.c:338:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char explbuf[100]; data/ddcutil-0.9.9/src/util/edid.c:341:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(explbuf, "Digital Input"); data/ddcutil-0.9.9/src/util/edid.c:345:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (Digital interface not defined)"); data/ddcutil-0.9.9/src/util/edid.c:348:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (DVI)"); data/ddcutil-0.9.9/src/util/edid.c:351:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (HDMI-a)"); data/ddcutil-0.9.9/src/util/edid.c:354:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (HDMI-b"); data/ddcutil-0.9.9/src/util/edid.c:357:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (MDDI)"); data/ddcutil-0.9.9/src/util/edid.c:360:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (DisplayPort)"); data/ddcutil-0.9.9/src/util/edid.c:363:19: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(explbuf, " (Invalid DVI standard)"); data/ddcutil-0.9.9/src/util/edid.c:368:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(explbuf, "Analog Input"); data/ddcutil-0.9.9/src/util/edid.h:51:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "EDID" data/ddcutil-0.9.9/src/util/edid.h:53:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mfg_id[EDID_MFG_ID_FIELD_SIZE]; ///< 3 character mfg id, null terminated data/ddcutil-0.9.9/src/util/edid.h:55:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model_name[EDID_MODEL_NAME_FIELD_SIZE]; ///< model name (tag 0xfc) data/ddcutil-0.9.9/src/util/edid.h:57:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_ascii[EDID_SERIAL_ASCII_FIELD_SIZE]; ///< serial number string (tag 0xff) data/ddcutil-0.9.9/src/util/edid.h:58:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra_descriptor_string[EDID_EXTRA_STRING_FIELD_SIZE]; ///< (tag 0xfe) data/ddcutil-0.9.9/src/util/edid.h:75:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edid_source[EDID_SOURCE_FIELD_SIZE]; ///< describes source of EDID data/ddcutil-0.9.9/src/util/error_info.c:234:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_causes, parent->causes, parent->cause_ct * sizeof(Error_Info *) ); data/ddcutil-0.9.9/src/util/error_info.c:247:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_causes, parent->causes, parent->max_causes * sizeof(Error_Info *) ); data/ddcutil-0.9.9/src/util/error_info.c:287:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(erec->marker, ERROR_INFO_MARKER, 4); data/ddcutil-0.9.9/src/util/error_info.c:555:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ddcutil-0.9.9/src/util/error_info.c:648:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ddcutil-0.9.9/src/util/error_info.c:702:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ddcutil-0.9.9/src/util/error_info.h:27:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always EINF data/ddcutil-0.9.9/src/util/failsim.c:62:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/util/failsim.c:156:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(frec->marker, FSIM_FUNC_REC_MARKER, 4); data/ddcutil-0.9.9/src/util/file_util.c:44:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(fn, "r"); data/ddcutil-0.9.9/src/util/file_util.c:185:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(fn, "r"); data/ddcutil-0.9.9/src/util/file_util.c:253:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(fn, "r"); data/ddcutil-0.9.9/src/util/file_util.c:305:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(fn, "r"))) { data/ddcutil-0.9.9/src/util/file_util.c:386:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/ddcutil-0.9.9/src/util/file_util.c:425:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[40]; data/ddcutil-0.9.9/src/util/libdrm_util.c:136:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char property_flags_string[150]; data/ddcutil-0.9.9/src/util/libdrm_util.c:262:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b2[20]; data/ddcutil-0.9.9/src/util/libdrm_util.c:278:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; int bufsz=200; data/ddcutil-0.9.9/src/util/libdrm_util.c:315:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[DRM_DISPLAY_MODE_LEN]; data/ddcutil-0.9.9/src/util/libdrm_util.c:430:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; int bufsz=200; data/ddcutil-0.9.9/src/util/libdrm_util.c:489:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[DRM_PROP_NAME_LEN]; data/ddcutil-0.9.9/src/util/libdrm_util.c:541:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200] = ""; int bufsz=200; data/ddcutil-0.9.9/src/util/multi_level_map.c:65:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((Byte*) &mlm->level_detail, level_detail, levels*sizeof(MLM_Level)); data/ddcutil-0.9.9/src/util/multi_level_map.h:40:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * names[MLT_MAX_LEVELS]; data/ddcutil-0.9.9/src/util/output_sink.c:44:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/util/output_sink.c:59:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psink->marker, OUTPUT_SINK_MARKER, 4); data/ddcutil-0.9.9/src/util/output_sink.c:73:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psink->marker, OUTPUT_SINK_MARKER, 4); data/ddcutil-0.9.9/src/util/output_sink.c:88:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psink->marker, OUTPUT_SINK_MARKER, 4); data/ddcutil-0.9.9/src/util/output_sink.c:221:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[400]; data/ddcutil-0.9.9/src/util/report_util.c:291:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[buffer_size]; data/ddcutil-0.9.9/src/util/report_util.c:447:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char infobuf[100]; data/ddcutil-0.9.9/src/util/report_util.c:493:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/ddcutil-0.9.9/src/util/report_util.c:513:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/ddcutil-0.9.9/src/util/report_util.c:536:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ddcutil-0.9.9/src/util/report_util.c:558:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ddcutil-0.9.9/src/util/report_util.c:584:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/ddcutil-0.9.9/src/util/report_util.c:743:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/ddcutil-0.9.9/src/util/string_util.c:251:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, s+startpos, tlen); data/ddcutil-0.9.9/src/util/string_util.c:420:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, workstruct, (piecect+1)*sizeof(char*) ); data/ddcutil-0.9.9/src/util/string_util.c:773:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strbuf, start, len); data/ddcutil-0.9.9/src/util/string_util.c:810:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "..."); data/ddcutil-0.9.9/src/util/string_util.c:812:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf+(maxchars-3), "..."); data/ddcutil-0.9.9/src/util/string_util.c:992:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hhs[3]; data/ddcutil-0.9.9/src/util/string_util.c:1251:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[10]; // was 8, compiler complains that too small data/ddcutil-0.9.9/src/util/string_util.c:1252:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/ddcutil-0.9.9/src/util/string_util.c:1254:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indentation[100]; data/ddcutil-0.9.9/src/util/string_util.c:1277:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "+%04x", i); data/ddcutil-0.9.9/src/util/string_util.c:1278:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, temp, 5); data/ddcutil-0.9.9/src/util/string_util.c:1282:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%02x", 0xff & data[i]); data/ddcutil-0.9.9/src/util/string_util.c:1283:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 8 + (j * 3), temp, 2); data/ddcutil-0.9.9/src/util/subprocess_util.c:212:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shell_cmd[100]; data/ddcutil-0.9.9/src/util/subprocess_util.c:236:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(full_cmd, ">/dev/null 2>&1"); data/ddcutil-0.9.9/src/util/sysfs_util.c:38:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[PATH_MAX]; data/ddcutil-0.9.9/src/util/sysfs_util.c:60:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[PATH_MAX]; data/ddcutil-0.9.9/src/util/sysfs_util.c:77:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[PATH_MAX]; data/ddcutil-0.9.9/src/util/sysfs_util.c:111:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[PATH_MAX]; data/ddcutil-0.9.9/src/util/sysfs_util.c:130:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char module_fn[100]; data/ddcutil-0.9.9/src/util/sysfs_util.c:166:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[50]; data/ddcutil-0.9.9/src/util/sysfs_util.c:187:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[100]; data/ddcutil-0.9.9/src/util/sysfs_util.c:190:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resolved_path[PATH_MAX]; data/ddcutil-0.9.9/src/util/sysfs_util.c:215:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[50]; data/ddcutil-0.9.9/src/util/udev_i2c_util.c:33:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/util/udev_i2c_util.c:168:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devname [10]; data/ddcutil-0.9.9/src/util/udev_usb_util.c:25:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devsum->marker, UDEV_DETAILED_DEVICE_SUMMARY_MARKER, 4); data/ddcutil-0.9.9/src/util/udev_usb_util.c:437:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result->busno = atoi(sbusnum); data/ddcutil-0.9.9/src/util/udev_usb_util.c:438:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). result->devno = atoi(sdevnum); data/ddcutil-0.9.9/src/util/udev_usb_util.h:48:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "UDDS" data/ddcutil-0.9.9/src/util/udev_util.c:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(summary->marker, UDEV_DEVICE_SUMMARY_MARKER, 4); data/ddcutil-0.9.9/src/util/udev_util.h:41:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "UDSM" data/ddcutil-0.9.9/src/util/x11_util.c:219:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(edidrec->edidbytes, data, 128); data/ddcutil-0.9.9/src/util/x11_util.c:221:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(edidrec->output_name, output_info->name, output_info->nameLen); data/ddcutil-0.9.9/src/vcp/parse_capabilities.c:770:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pcaps->marker, PARSED_CAPABILITIES_MARKER, 4); data/ddcutil-0.9.9/src/vcp/parse_capabilities.h:28:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; // always "CAPA" data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c:74:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vfr->marker, CAPABILITIES_FEATURE_MARKER, 4); data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c:80:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vfr->value_string, value_string_start, value_string_len); data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c:114:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[768]; data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.h:27:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; ///< always "VCPF" data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:73:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, ", "); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:238:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:240:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Undefined"); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:828:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char workbuf[200]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:904:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pentry->marker, VCP_FEATURE_TABLE_ENTRY_MARKER, 4); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1133:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1585:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf0[100]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1647:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char formatted_sh_sl[20]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1668:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgamma[10]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1669:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sgamma2[10]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:4211:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:4246:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufsz]; data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:4356:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( vcp_code_table[ndx].marker, VCP_FEATURE_TABLE_ENTRY_MARKER, 4); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.h:142:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:68:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fset->marker, VCP_FEATURE_SET_MARKER, 4); data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:119:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fset->marker, VCP_FEATURE_SET_MARKER, 4); data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:269:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fset->marker, VCP_FEATURE_SET_MARKER, 4); data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:470:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/ddcutil-0.9.9/src/vcp/vcp_feature_set.h:26:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char marker[4]; data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:179:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buffer, "..."); data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:285:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(valrec->val.t.bytes, bytes, bytect); data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:397:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(anyval->val.t.bytes, valrec->val.t.bytes, valrec->val.t.bytect); data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:946:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( mfg_id && strlen(mfg_id) > 0) { data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:952:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( model && strlen(model) > 0) { data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:958:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( sn && strlen(sn) > 0) { data/ddcutil-0.9.9/src/app_ddcutil/app_getvcp.c:467:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t ct = read(fd, &uref, sizeof(uref)); data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:63:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (*(string_value + strlen(string_value)-1) == 'H') { data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:64:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newlen = strlen(string_value)-1; data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:114:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(new_value && strlen(new_value) > 0); data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:150:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(new_value) > 1); data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:271:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(new_value && strlen(new_value) > 0); data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:306:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(new_value) > 1); data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:175:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(version_name_buf) > 0) data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:180:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(version_name_buf) > 0) data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:185:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(version_name_buf) > 0) data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:274:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s && strlen(s) > 0) { data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:152:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc, strlen(username)); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:143:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(fqfn,"/"); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:144:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(fqfn) + strlen(simple_fn) <= PATH_MAX); // for Coverity data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:144:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(fqfn) + strlen(simple_fn) <= PATH_MAX); // for Coverity data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:145:4: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(fqfn,simple_fn, sizeof(fqfn)-(strlen(fqfn)+1)); // use strncat to make Coverity happy data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:145:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(fqfn,simple_fn, sizeof(fqfn)-(strlen(fqfn)+1)); // use strncat to make Coverity happy data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:422:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). reqd_sz += strlen(cur->driver_name); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:437:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(result) == reqd_sz-1); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:91:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(fn); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:243:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(busid2) > 0) { data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:649:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(ent->d_name, "card", strlen("card")); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:80:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(50000); // doesn't help data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:91:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(50000); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:121:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(50000); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:126:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fh, ddc_response_bytes+1, readct); data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:223:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufsz = strlen(grep_terms) + 100; data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c:100:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf("(%s) strlen(d_name) = %ld\n", __func__, strlen(ep->d_name)); data/ddcutil-0.9.9/src/base/core.c:469:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newsz = strlen(bname) + 2 + 1; data/ddcutil-0.9.9/src/base/core.c:542:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (buf && (strlen(buf) > 0)) ? buf : "none"); data/ddcutil-0.9.9/src/base/core.c:555:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (buf && (strlen(buf) > 0)) ? buf : "none"); data/ddcutil-0.9.9/src/base/core.c:605:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(buf) == 0) ? "none" : buf); data/ddcutil-0.9.9/src/base/core.c:841:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buf2sz = 15+15+4 + strlen(funcname) + strlen(buffer) + 10; data/ddcutil-0.9.9/src/base/core.c:841:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buf2sz = 15+15+4 + strlen(funcname) + strlen(buffer) + 10; data/ddcutil-0.9.9/src/base/core.c:847:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(buf2) < buf2sz); data/ddcutil-0.9.9/src/base/displays.c:361:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(!mfg_id || strlen(mfg_id) < EDID_MFG_ID_FIELD_SIZE); data/ddcutil-0.9.9/src/base/displays.c:362:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(!model_name || strlen(model_name) < EDID_MODEL_NAME_FIELD_SIZE); data/ddcutil-0.9.9/src/base/displays.c:363:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(!serial_ascii || strlen(serial_ascii) < EDID_SERIAL_ASCII_FIELD_SIZE); data/ddcutil-0.9.9/src/base/displays.c:379:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(pIdent->mfg_id) + strlen(pIdent->model_name) + strlen(pIdent->serial_ascii) > 0); data/ddcutil-0.9.9/src/base/displays.c:379:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(pIdent->mfg_id) + strlen(pIdent->model_name) + strlen(pIdent->serial_ascii) > 0); data/ddcutil-0.9.9/src/base/displays.c:379:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert( strlen(pIdent->mfg_id) + strlen(pIdent->model_name) + strlen(pIdent->serial_ascii) > 0); data/ddcutil-0.9.9/src/base/displays.c:1152:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = p + strlen("hiddev"); data/ddcutil-0.9.9/src/base/displays.c:1153:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) > 0) { data/ddcutil-0.9.9/src/base/dynamic_features.c:90:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufsz = strlen(string_value) + 1 + 1; // 1 for possible increased length, 1 for terminating null data/ddcutil-0.9.9/src/base/dynamic_features.c:96:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (*(string_value + strlen(string_value)-1) == 'H' || data/ddcutil-0.9.9/src/base/dynamic_features.c:97:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(string_value + strlen(string_value)-1) == 'h' ) data/ddcutil-0.9.9/src/base/dynamic_features.c:100:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newlen = strlen(string_value)-1; data/ddcutil-0.9.9/src/base/execution_stats.c:130:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int curval = strlen(io_event_stats[ndx].name); data/ddcutil-0.9.9/src/base/execution_stats.c:517:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(sleep_event_names[ndx]) > result) data/ddcutil-0.9.9/src/base/execution_stats.c:518:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = strlen(sleep_event_names[ndx]); data/ddcutil-0.9.9/src/base/feature_lists.c:166:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int vsize = strlen(value_prefix) + 2 + strlen(sepstr); data/ddcutil-0.9.9/src/base/feature_lists.c:166:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int vsize = strlen(value_prefix) + 2 + strlen(sepstr); data/ddcutil-0.9.9/src/base/feature_lists.c:183:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf + strlen(buf), "%s%02x%s", value_prefix, ndx, sepstr); data/ddcutil-0.9.9/src/base/feature_lists.c:186:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[ strlen(buf)-strlen(sepstr)] = '\0'; data/ddcutil-0.9.9/src/base/feature_lists.c:186:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[ strlen(buf)-strlen(sepstr)] = '\0'; data/ddcutil-0.9.9/src/base/feature_metadata.c:71:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buffer) > 0) data/ddcutil-0.9.9/src/base/feature_metadata.c:72:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer[strlen(buffer)-2] = '\0'; data/ddcutil-0.9.9/src/base/linux_errno.c:254:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dummy_errno_description, s, sz); data/ddcutil-0.9.9/src/base/monitor_model_key.c:29:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(mfg_id && strlen(mfg_id) < EDID_MFG_ID_FIELD_SIZE); data/ddcutil-0.9.9/src/base/monitor_model_key.c:30:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(model_name && strlen(model_name) < EDID_MODEL_NAME_FIELD_SIZE); data/ddcutil-0.9.9/src/base/monitor_model_key.c:70:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(mfg_id && strlen(mfg_id) < EDID_MFG_ID_FIELD_SIZE); data/ddcutil-0.9.9/src/base/monitor_model_key.c:71:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(model_name && strlen(model_name) < EDID_MODEL_NAME_FIELD_SIZE); data/ddcutil-0.9.9/src/base/monitor_model_key.c:118:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int ndx = 0; ndx < strlen(model_name2); ndx++) { data/ddcutil-0.9.9/src/base/per_thread_data.c:236:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * buf = get_thread_dynamic_buffer(&x_key, &x_len_key, strlen(ptd->description)+1); data/ddcutil-0.9.9/src/base/per_thread_data.c:249:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). next = strlen(buf); data/ddcutil-0.9.9/src/base/per_thread_data.c:423:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int hdrlen = strlen(header); data/ddcutil-0.9.9/src/base/per_thread_data.c:435:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(header) > 0) { data/ddcutil-0.9.9/src/base/per_thread_data.c:437:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(header, ""); data/ddcutil-0.9.9/src/base/sleep.c:90:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(milliseconds*1000); // usleep takes microseconds, not milliseconds data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:525:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(edidwork) != 256) { data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:577:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(token) > 0 && !streq(token,".")) { data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:857:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * newval = calloc(1, 1 + strlen(a2) + 1); data/ddcutil-0.9.9/src/cython/cyddc.c:481:87: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s)) data/ddcutil-0.9.9/src/cython/cyddc.c:595:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c)); data/ddcutil-0.9.9/src/cython/cyddc.c:1469:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 48, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:1994:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_3 = __Pyx_decode_c_string(__pyx_t_2, 0, strlen(__pyx_t_2), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 91, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:2060:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_3 = __Pyx_decode_c_string(__pyx_t_2, 0, strlen(__pyx_t_2), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 94, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:4518:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 431, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:4828:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 458, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:6059:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 567, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:6226:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __pyx_t_2 = __Pyx_decode_c_string(__pyx_v_s, 0, strlen(__pyx_v_s), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 576, __pyx_L1_error) data/ddcutil-0.9.9/src/cython/cyddc.c:8214:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(cstring); data/ddcutil-0.9.9/src/cython/cyddc.c:10994:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str)); data/ddcutil-0.9.9/src/ddc/ddc_displays.c:731:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (criteria->mfg_id && (strlen(criteria->mfg_id) > 0) && data/ddcutil-0.9.9/src/ddc/ddc_displays.c:735:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (criteria->model_name && (strlen(criteria->model_name) > 0) && data/ddcutil-0.9.9/src/ddc/ddc_displays.c:739:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (criteria->serial_ascii && (strlen(criteria->serial_ascii) > 0) && data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:141:12: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ct = sscanf(head, "%31s %256s %15s", s0, s1, s2); data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:153:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rest = head + strlen(s0);; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:155:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * last = rest + strlen(rest) - 1; data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:423:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( strlen(pdata->mfg_id) + strlen(pdata->model) + strlen(pdata->serial_ascii) == 0) { data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:423:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( strlen(pdata->mfg_id) + strlen(pdata->model) + strlen(pdata->serial_ascii) == 0) { data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:423:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ( strlen(pdata->mfg_id) + strlen(pdata->model) + strlen(pdata->serial_ascii) == 0) { data/ddcutil-0.9.9/src/ddc/ddc_output.c:708:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *formatted_value_loc = calloc(1, strlen(formatted_data) + 50); data/ddcutil-0.9.9/src/ddc/ddc_output.c:709:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(*formatted_value_loc, strlen(formatted_data) + 49, data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:253:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(3000*1000); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:50:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lsub(sgamma1, strlen(sgamma1)-2), data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:51:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). substr(sgamma1, strlen(sgamma1)-2, 2)); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:584:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfr = new_capabilities_feature(0x72, vstring, strlen(vstring)); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:587:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfr = new_capabilities_feature(0x72, vstring, strlen(vstring)); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:590:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfr = new_capabilities_feature(0x72, vstring, strlen(vstring)); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:594:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfr = new_capabilities_feature(0x72, vstring, strlen(vstring)); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:598:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfr = new_capabilities_feature(0x72, vstring, strlen(vstring)); data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:601:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cfr = new_capabilities_feature(0x72, vstring, strlen(vstring)); data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:389:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ( rc = read(fd, &rawedid->bytes[ndx], 1) ) data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:404:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ( rc = read(fd, rawedid->bytes, 128) ) data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:623:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, readbuf, 4); data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:109:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sel->mfg_id && strlen(sel->mfg_id) > 0) { data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:110:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!edid) || strlen(edid->mfg_id) == 0 || !streq(sel->mfg_id, edid->mfg_id) ) { data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:116:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sel->model_name && strlen(sel->model_name) > 0) { data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:117:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!edid) || strlen(edid->model_name) == 0 || !streq(sel->model_name, edid->model_name) ) { data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:123:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sel->serial_ascii && strlen(sel->serial_ascii) > 0) { data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:124:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((!edid) || strlen(edid->serial_ascii) == 0 || !streq(sel->serial_ascii, edid->serial_ascii) ) { data/ddcutil-0.9.9/src/i2c/i2c_execute.c:172:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ( rc = read(fd, readbuf+ndx, 1) ) data/ddcutil-0.9.9/src/i2c/i2c_execute.c:227:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ( rc = read(fd, readbuf, bytect) ) data/ddcutil-0.9.9/src/libmain/api_displays.c:127:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( ( !mfg_id || strlen(mfg_id) == 0) && data/ddcutil-0.9.9/src/libmain/api_displays.c:128:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ( !model_name || strlen(model_name) == 0) && data/ddcutil-0.9.9/src/libmain/api_displays.c:129:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ( !serial_ascii || strlen(serial_ascii) == 0) data/ddcutil-0.9.9/src/libmain/api_displays.c:135:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (model_name && strlen(model_name) >= EDID_MODEL_NAME_FIELD_SIZE) || data/ddcutil-0.9.9/src/libmain/api_displays.c:136:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (mfg_id && strlen(mfg_id) >= EDID_MFG_ID_FIELD_SIZE) || data/ddcutil-0.9.9/src/libmain/api_displays.c:137:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (serial_ascii && strlen(serial_ascii) >= EDID_SERIAL_ASCII_FIELD_SIZE) data/ddcutil-0.9.9/src/libmain/api_displays.c:569:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mfg_id && strlen(mfg_id) < DDCA_EDID_MFG_ID_FIELD_SIZE && data/ddcutil-0.9.9/src/libmain/api_displays.c:570:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). model_name && strlen(model_name) < DDCA_EDID_MODEL_NAME_FIELD_SIZE) data/ddcutil-0.9.9/src/sample_clients/demo_vcpinfo.c:97:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buffer) > 0) data/ddcutil-0.9.9/src/sample_clients/demo_vcpinfo.c:98:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer[strlen(buffer)-2] = '\0'; data/ddcutil-0.9.9/src/sample_clients/demo_watch_displays.c:21:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(60 * 1000*1000); // some long interval, just to keep alive data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:105:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(50000); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:137:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(50000); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:142:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fh, ddc_response_bytes+1, readct); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:336:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fh, readbuf+1, 11); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:381:4: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(500000); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:416:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fh, readbuf+1, 11); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:606:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fh, readbuf+1, 1); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:631:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(500000); data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:645:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(500000); data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.c:77:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, edidbuf, 128); data/ddcutil-0.9.9/src/usb/usb_displays.c:266:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf+curlen, " "); data/ddcutil-0.9.9/src/usb/usb_displays.c:627:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mfg_id && strlen(mfg_id) > 0) { data/ddcutil-0.9.9/src/usb/usb_displays.c:634:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (model && strlen(model) > 0) { data/ddcutil-0.9.9/src/usb/usb_displays.c:641:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sn && strlen(sn) > 0) { data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:166:16: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "*"); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:167:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf+strlen(buf), "%s", units[sys][i]); data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:174:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf+strlen(buf), "^%d", val); data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:280:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(report_id_buffer + strlen(report_id_buffer), data/ddcutil-0.9.9/src/usb_util/hiddev_util.c:73:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(ent->d_name, "hiddev", strlen("hiddev")); data/ddcutil-0.9.9/src/usb_util/hidraw_util.c:45:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncmp(ent->d_name, "hidraw", strlen("hidraw")); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:197:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (rc != strlen(libusb_string_buffer)) { data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:199:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __func__, rc, LIBUSB_STRING_BUFFER_SIZE, strlen(libusb_string_buffer), libusb_string_buffer ); data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:882:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end = buf + strlen(buf); data/ddcutil-0.9.9/src/util/data_structures.c:217:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sepsz = strlen(sep); data/ddcutil-0.9.9/src/util/data_structures.c:223:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%02x", cursep, bytes[ndx]); data/ddcutil-0.9.9/src/util/data_structures.c:223:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%02x", cursep, bytes[ndx]); data/ddcutil-0.9.9/src/util/data_structures.c:225:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%d", cursep, bytes[ndx]); data/ddcutil-0.9.9/src/util/data_structures.c:225:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%d", cursep, bytes[ndx]); data/ddcutil-0.9.9/src/util/data_structures.c:430:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buffer + strlen(buffer), "%02x", flags->byte[flagndx]); data/ddcutil-0.9.9/src/util/data_structures.c:708:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ln = strlen(nexttok); data/ddcutil-0.9.9/src/util/data_structures.c:1002:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(buffer, (Byte *) str, strlen(str)+1); data/ddcutil-0.9.9/src/util/data_structures.c:1007:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_append(buffer, (Byte *) str, strlen(str) + 1); data/ddcutil-0.9.9/src/util/debug_util.c:48:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = bt_line + strlen(bt_line); data/ddcutil-0.9.9/src/util/device_id_util.c:220:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(a_line) == 0 || a_line[0] == '#') { data/ddcutil-0.9.9/src/util/device_id_util.c:283:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rtrim_in_place(a_line+tabct)) == 0 || a_line[tabct] == '#') data/ddcutil-0.9.9/src/util/device_id_util.c:394:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a_line+tabct) == 0 || a_line[tabct] == '#') data/ddcutil-0.9.9/src/util/device_id_util.c:461:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rtrim_in_place(a_line+tabct)) == 0 || a_line[tabct] == '#') data/ddcutil-0.9.9/src/util/edid.c:155:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(namebuf, ""); data/ddcutil-0.9.9/src/util/edid.c:156:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(snbuf, ""); data/ddcutil-0.9.9/src/util/edid.c:157:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(otherbuf, ""); data/ddcutil-0.9.9/src/util/error_info.c:796:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int required_size = strlen(buf1) + 1; data/ddcutil-0.9.9/src/util/failsim.c:300:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc_string = rc_string + strlen("modulated:"); data/ddcutil-0.9.9/src/util/failsim.c:304:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc_string = rc_string + strlen("base:"); data/ddcutil-0.9.9/src/util/failsim.c:306:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rc_string) == 0) data/ddcutil-0.9.9/src/util/failsim.c:371:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(trimmed_line) > 0 && trimmed_line[0] != '#' && trimmed_line[0] != '*') { data/ddcutil-0.9.9/src/util/failsim.c:391:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(occdef) == 0) data/ddcutil-0.9.9/src/util/file_util.c:261:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/ddcutil-0.9.9/src/util/file_util.c:269:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(single_line) > 0) data/ddcutil-0.9.9/src/util/file_util.c:270:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). single_line[strlen(single_line)-1] = '\0'; data/ddcutil-0.9.9/src/util/glib_string_util.c:47:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). __func__, strlen(catenated), catenated, catenated); data/ddcutil-0.9.9/src/util/glib_string_util.c:86:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int required_size = strlen(catenated) + 1; data/ddcutil-0.9.9/src/util/glib_string_util.c:88:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, catenated, required_size); data/ddcutil-0.9.9/src/util/i2c_util.c:115:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int hdrlen = strlen(header); data/ddcutil-0.9.9/src/util/i2c_util.c:125:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(header) > 0) data/ddcutil-0.9.9/src/util/libdrm_util.c:160:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufsz = strlen(buf) + 100; data/ddcutil-0.9.9/src/util/libdrm_util.c:165:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0) data/ddcutil-0.9.9/src/util/libdrm_util.c:175:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0) data/ddcutil-0.9.9/src/util/libdrm_util.c:260:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, " -> ", bufsz); data/ddcutil-0.9.9/src/util/libdrm_util.c:441:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buf, " -> ", 100); data/ddcutil-0.9.9/src/util/libdrm_util.c:443:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), 100-strlen(buf), "%d ", p->encoders[ndx]); data/ddcutil-0.9.9/src/util/libdrm_util.c:443:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(buf+strlen(buf), 100-strlen(buf), "%d ", p->encoders[ndx]); data/ddcutil-0.9.9/src/util/report_util.c:686:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(buffer) + strlen(val_to_append) < bufsize); data/ddcutil-0.9.9/src/util/report_util.c:686:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(buffer) + strlen(val_to_append) < bufsize); data/ddcutil-0.9.9/src/util/string_util.c:80:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int vlen = strlen(value); data/ddcutil-0.9.9/src/util/string_util.c:82:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vlen <= strlen(longname) && data/ddcutil-0.9.9/src/util/string_util.c:106:71: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return value_to_test && prefix && is_abbrev(prefix, value_to_test, strlen(prefix)); data/ddcutil-0.9.9/src/util/string_util.c:122:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int value_len = strlen(value_to_test); data/ddcutil-0.9.9/src/util/string_util.c:123:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int end_part_len = strlen(suffix); data/ddcutil-0.9.9/src/util/string_util.c:137:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int seglen = strlen(segment); data/ddcutil-0.9.9/src/util/string_util.c:138:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int laststart = strlen(value_to_test) - seglen; data/ddcutil-0.9.9/src/util/string_util.c:158:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int ndx = 0; ndx < strlen(s); ndx++) { data/ddcutil-0.9.9/src/util/string_util.c:237:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(s); data/ddcutil-0.9.9/src/util/string_util.c:268:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s); data/ddcutil-0.9.9/src/util/string_util.c:286:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufsz = strlen(s)+1; data/ddcutil-0.9.9/src/util/string_util.c:304:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (startpos + ct > strlen(s)) data/ddcutil-0.9.9/src/util/string_util.c:305:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ct = strlen(s) - startpos; data/ddcutil-0.9.9/src/util/string_util.c:307:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(result, s+startpos, ct); data/ddcutil-0.9.9/src/util/string_util.c:339:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int seplen = (sepstr) ? strlen(sepstr) : 0; // sepstr may be null data/ddcutil-0.9.9/src/util/string_util.c:343:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total_length += strlen(pieces[ndx]); data/ddcutil-0.9.9/src/util/string_util.c:356:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end += strlen(sepstr); data/ddcutil-0.9.9/src/util/string_util.c:359:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end += strlen(pieces[ndx]); data/ddcutil-0.9.9/src/util/string_util.c:397:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int max_pieces = (strlen(str_to_split)+1); data/ddcutil-0.9.9/src/util/string_util.c:412:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(token) > 0) data/ddcutil-0.9.9/src/util/string_util.c:466:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * str_to_split2_end = str_to_split2 + strlen(str_to_split); data/ddcutil-0.9.9/src/util/string_util.c:494:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = start + strlen(piece); data/ddcutil-0.9.9/src/util/string_util.c:753:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * result = malloc(strlen(s1) + strlen(s2) + 1); data/ddcutil-0.9.9/src/util/string_util.c:753:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * result = malloc(strlen(s1) + strlen(s2) + 1); data/ddcutil-0.9.9/src/util/string_util.c:755:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(result+strlen(s1), s2); data/ddcutil-0.9.9/src/util/string_util.c:798:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int seplen = (sepstr) ? strlen(sepstr) : 0; data/ddcutil-0.9.9/src/util/string_util.c:800:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int newlen = ( strlen(buf) == 0 ) data/ddcutil-0.9.9/src/util/string_util.c:801:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ? strlen(nextval) data/ddcutil-0.9.9/src/util/string_util.c:802:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : ( strlen(buf) + seplen + strlen(nextval)); data/ddcutil-0.9.9/src/util/string_util.c:802:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). : ( strlen(buf) + seplen + strlen(nextval)); data/ddcutil-0.9.9/src/util/string_util.c:804:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0 && sepstr) data/ddcutil-0.9.9/src/util/string_util.c:809:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(buf) < (maxchars-3) ) data/ddcutil-0.9.9/src/util/string_util.c:930:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) != 2) data/ddcutil-0.9.9/src/util/string_util.c:973:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(suc+strlen(suc)-1) = '\0'; data/ddcutil-0.9.9/src/util/string_util.c:1013:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(hhs) % 2) // if odd number of characters data/ddcutil-0.9.9/src/util/string_util.c:1016:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bytect = strlen(hhs)/2; data/ddcutil-0.9.9/src/util/string_util.c:1102:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sepsize = strlen(sepstr); data/ddcutil-0.9.9/src/util/string_util.c:1135:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(buffer) == required_size-1); data/ddcutil-0.9.9/src/util/string_util.c:1180:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sepsize = strlen(sepstr); data/ddcutil-0.9.9/src/util/string_util.c:1199:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(buf+strlen(buf), pattern, bytes[i]); data/ddcutil-0.9.9/src/util/string_util.c:1208:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(buf) <= required_size-1); data/ddcutil-0.9.9/src/util/string_util.h:36:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, src, (buflen) ); \ data/ddcutil-0.9.9/src/util/subprocess_util.c:40:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufsz = strlen(shell_cmd) + 50; data/ddcutil-0.9.9/src/util/subprocess_util.c:56:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a_line) > 0) { data/ddcutil-0.9.9/src/util/subprocess_util.c:58:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ch = a_line[strlen(a_line)-1]; data/ddcutil-0.9.9/src/util/subprocess_util.c:65:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a_line[strlen(a_line)-1] = '\0'; data/ddcutil-0.9.9/src/util/subprocess_util.c:134:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int bufsz = strlen(shell_cmd) + 50; data/ddcutil-0.9.9/src/util/subprocess_util.c:150:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(a_line) > 0) data/ddcutil-0.9.9/src/util/subprocess_util.c:151:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). a_line[strlen(a_line)-1] = '\0'; data/ddcutil-0.9.9/src/util/subprocess_util.c:234:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char * full_cmd = calloc(1, strlen(cmd) + 20); data/ddcutil-0.9.9/src/util/udev_util.c:276:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rpt_vstring(d2, "%*s %s", (int) strlen(attr_name) + 3, " ", ntsa[ndx]); data/ddcutil-0.9.9/src/vcp/parse_capabilities.c:915:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return parse_capabilities(caps, strlen(caps)); data/ddcutil-0.9.9/src/vcp/parse_capabilities.c:995:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(text); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:70:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cursz = strlen(buf); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:71:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(cursz + 2 + strlen(val) + 1 <= bufsz); data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1671:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int slen = strlen(sgamma); data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:174:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int space_remaining = bufsz - strlen(buffer); data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:175:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( strlen(buf0) < space_remaining ) data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:178:16: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(buffer, buf0, space_remaining-4); ANALYSIS SUMMARY: Hits = 771 Lines analyzed = 94268 in approximately 2.40 seconds (39244 lines/second) Physical Source Lines of Code (SLOC) = 58372 Hits@level = [0] 949 [1] 250 [2] 449 [3] 2 [4] 69 [5] 1 Hits@level+ = [0+] 1720 [1+] 771 [2+] 521 [3+] 72 [4+] 70 [5+] 1 Hits/KSLOC@level+ = [0+] 29.4662 [1+] 13.2084 [2+] 8.92551 [3+] 1.23347 [4+] 1.19921 [5+] 0.0171315 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.