Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ddcutil-0.9.9/src/public/ddcutil_status_codes.h
Examining data/ddcutil-0.9.9/src/public/ddcutil_types.h
Examining data/ddcutil-0.9.9/src/public/ddcutil_c_api.h
Examining data/ddcutil-0.9.9/src/public/temp/ddcutil_c_api.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/main.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_capabilities.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_probe.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dynamic_features.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_getvcp.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_dynamic_features.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_getvcp.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_capabilities.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_probe.h
Examining data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.h
Examining data/ddcutil-0.9.9/src/libmain/api_base.c
Examining data/ddcutil-0.9.9/src/libmain/api_displays.c
Examining data/ddcutil-0.9.9/src/libmain/api_metadata.c
Examining data/ddcutil-0.9.9/src/libmain/api_feature_access.c
Examining data/ddcutil-0.9.9/src/libmain/api_capabilities.c
Examining data/ddcutil-0.9.9/src/libmain/api_capabilities_internal.h
Examining data/ddcutil-0.9.9/src/libmain/api_displays_internal.h
Examining data/ddcutil-0.9.9/src/libmain/api_feature_access_internal.h
Examining data/ddcutil-0.9.9/src/libmain/api_metadata_internal.h
Examining data/ddcutil-0.9.9/src/libmain/api_base_internal.h
Examining data/ddcutil-0.9.9/src/util/data_structures.c
Examining data/ddcutil-0.9.9/src/util/debug_util.c
Examining data/ddcutil-0.9.9/src/util/device_id_util.c
Examining data/ddcutil-0.9.9/src/util/edid.c
Examining data/ddcutil-0.9.9/src/util/error_info.c
Examining data/ddcutil-0.9.9/src/util/file_util.c
Examining data/ddcutil-0.9.9/src/util/glib_util.c
Examining data/ddcutil-0.9.9/src/util/glib_string_util.c
Examining data/ddcutil-0.9.9/src/util/i2c_util.c
Examining data/ddcutil-0.9.9/src/util/multi_level_map.c
Examining data/ddcutil-0.9.9/src/util/output_sink.c
Examining data/ddcutil-0.9.9/src/util/report_util.c
Examining data/ddcutil-0.9.9/src/util/string_util.c
Examining data/ddcutil-0.9.9/src/util/sysfs_util.c
Examining data/ddcutil-0.9.9/src/util/subprocess_util.c
Examining data/ddcutil-0.9.9/src/util/timestamp.c
Examining data/ddcutil-0.9.9/src/util/udev_i2c_util.c
Examining data/ddcutil-0.9.9/src/util/udev_usb_util.c
Examining data/ddcutil-0.9.9/src/util/udev_util.c
Examining data/ddcutil-0.9.9/src/util/utilrpt.c
Examining data/ddcutil-0.9.9/src/util/failsim.c
Examining data/ddcutil-0.9.9/src/util/x11_util.c
Examining data/ddcutil-0.9.9/src/util/libdrm_util.c
Examining data/ddcutil-0.9.9/src/util/coredefs.h
Examining data/ddcutil-0.9.9/src/util/libdrm_util.h
Examining data/ddcutil-0.9.9/src/util/systemd_util.h
Examining data/ddcutil-0.9.9/src/util/device_id_util.h
Examining data/ddcutil-0.9.9/src/util/multi_level_map.h
Examining data/ddcutil-0.9.9/src/util/output_sink.h
Examining data/ddcutil-0.9.9/src/util/utilrpt.h
Examining data/ddcutil-0.9.9/src/util/x11_util.h
Examining data/ddcutil-0.9.9/src/util/udev_util.h
Examining data/ddcutil-0.9.9/src/util/report_util.h
Examining data/ddcutil-0.9.9/src/util/timestamp.h
Examining data/ddcutil-0.9.9/src/util/udev_i2c_util.h
Examining data/ddcutil-0.9.9/src/util/glib_string_util.h
Examining data/ddcutil-0.9.9/src/util/udev_usb_util.h
Examining data/ddcutil-0.9.9/src/util/data_structures.h
Examining data/ddcutil-0.9.9/src/util/debug_util.h
Examining data/ddcutil-0.9.9/src/util/edid.h
Examining data/ddcutil-0.9.9/src/util/error_info.h
Examining data/ddcutil-0.9.9/src/util/failsim.h
Examining data/ddcutil-0.9.9/src/util/file_util.h
Examining data/ddcutil-0.9.9/src/util/glib_util.h
Examining data/ddcutil-0.9.9/src/util/i2c_util.h
Examining data/ddcutil-0.9.9/src/util/string_util.h
Examining data/ddcutil-0.9.9/src/util/subprocess_util.h
Examining data/ddcutil-0.9.9/src/util/sysfs_util.h
Examining data/ddcutil-0.9.9/src/usb_util/usb_hid_common.c
Examining data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c
Examining data/ddcutil-0.9.9/src/usb_util/hiddev_util.c
Examining data/ddcutil-0.9.9/src/usb_util/hidraw_util.c
Examining data/ddcutil-0.9.9/src/usb_util/libusb_reports.c
Examining data/ddcutil-0.9.9/src/usb_util/libusb_util.c
Examining data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c
Examining data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c
Examining data/ddcutil-0.9.9/src/usb_util/hidraw_util.h
Examining data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.h
Examining data/ddcutil-0.9.9/src/usb_util/libusb_reports.h
Examining data/ddcutil-0.9.9/src/usb_util/usb_hid_common.h
Examining data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.h
Examining data/ddcutil-0.9.9/src/usb_util/hiddev_reports.h
Examining data/ddcutil-0.9.9/src/usb_util/libusb_util.h
Examining data/ddcutil-0.9.9/src/usb_util/hiddev_util.h
Examining data/ddcutil-0.9.9/src/base/base_init.c
Examining data/ddcutil-0.9.9/src/base/build_info.c
Examining data/ddcutil-0.9.9/src/base/core.c
Examining data/ddcutil-0.9.9/src/base/ddc_errno.c
Examining data/ddcutil-0.9.9/src/base/ddc_packets.c
Examining data/ddcutil-0.9.9/src/base/dynamic_features.c
Examining data/ddcutil-0.9.9/src/base/dynamic_sleep.c
Examining data/ddcutil-0.9.9/src/base/displays.c
Examining data/ddcutil-0.9.9/src/base/execution_stats.c
Examining data/ddcutil-0.9.9/src/base/feature_lists.c
Examining data/ddcutil-0.9.9/src/base/feature_metadata.c
Examining data/ddcutil-0.9.9/src/base/feature_sets.c
Examining data/ddcutil-0.9.9/src/base/last_io_event.c
Examining data/ddcutil-0.9.9/src/base/linux_errno.c
Examining data/ddcutil-0.9.9/src/base/monitor_model_key.c
Examining data/ddcutil-0.9.9/src/base/per_thread_data.c
Examining data/ddcutil-0.9.9/src/base/rtti.c
Examining data/ddcutil-0.9.9/src/base/sleep.c
Examining data/ddcutil-0.9.9/src/base/thread_retry_data.c
Examining data/ddcutil-0.9.9/src/base/thread_sleep_data.c
Examining data/ddcutil-0.9.9/src/base/tuned_sleep.c
Examining data/ddcutil-0.9.9/src/base/status_code_mgt.c
Examining data/ddcutil-0.9.9/src/base/vcp_version.c
Examining data/ddcutil-0.9.9/src/base/old/error_detail.h
Examining data/ddcutil-0.9.9/src/base/new/retry.h
Examining data/ddcutil-0.9.9/src/base/new/dynamic_features_yaml.h
Examining data/ddcutil-0.9.9/src/base/temp/tuned_sleep.h
Examining data/ddcutil-0.9.9/src/base/adl_errors.h
Examining data/ddcutil-0.9.9/src/base/base_init.h
Examining data/ddcutil-0.9.9/src/base/build_info.h
Examining data/ddcutil-0.9.9/src/base/ddc_errno.h
Examining data/ddcutil-0.9.9/src/base/feature_metadata.h
Examining data/ddcutil-0.9.9/src/base/feature_sets.h
Examining data/ddcutil-0.9.9/src/base/linux_errno.h
Examining data/ddcutil-0.9.9/src/base/monitor_model_key.h
Examining data/ddcutil-0.9.9/src/base/rtti.h
Examining data/ddcutil-0.9.9/src/base/vcp_version.h
Examining data/ddcutil-0.9.9/src/base/core.h
Examining data/ddcutil-0.9.9/src/base/ddc_packets.h
Examining data/ddcutil-0.9.9/src/base/displays.h
Examining data/ddcutil-0.9.9/src/base/dynamic_features.h
Examining data/ddcutil-0.9.9/src/base/dynamic_sleep.h
Examining data/ddcutil-0.9.9/src/base/execution_stats.h
Examining data/ddcutil-0.9.9/src/base/feature_lists.h
Examining data/ddcutil-0.9.9/src/base/last_io_event.h
Examining data/ddcutil-0.9.9/src/base/parms.h
Examining data/ddcutil-0.9.9/src/base/per_thread_data.h
Examining data/ddcutil-0.9.9/src/base/sleep.h
Examining data/ddcutil-0.9.9/src/base/status_code_mgt.h
Examining data/ddcutil-0.9.9/src/base/thread_retry_data.h
Examining data/ddcutil-0.9.9/src/base/thread_sleep_data.h
Examining data/ddcutil-0.9.9/src/base/tuned_sleep.h
Examining data/ddcutil-0.9.9/src/vcp/ddc_command_codes.c
Examining data/ddcutil-0.9.9/src/vcp/parse_capabilities.c
Examining data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c
Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c
Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c
Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c
Examining data/ddcutil-0.9.9/src/vcp/ddc_command_codes.h
Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_values.h
Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_set.h
Examining data/ddcutil-0.9.9/src/vcp/parse_capabilities.h
Examining data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.h
Examining data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.h
Examining data/ddcutil-0.9.9/src/i2c/i2c_execute.c
Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c
Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c
Examining data/ddcutil-0.9.9/src/i2c/i2c_strategy_dispatcher.c
Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_core.h
Examining data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.h
Examining data/ddcutil-0.9.9/src/i2c/i2c_execute.h
Examining data/ddcutil-0.9.9/src/i2c/i2c_strategy_dispatcher.h
Examining data/ddcutil-0.9.9/src/i2c/wrap_i2c-dev.h
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_aux_intf.c
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_errors.c
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_shim.c
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_aux_intf.h
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_friendly.h
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.h
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_sdk_includes.h
Examining data/ddcutil-0.9.9/src/adl/adl_impl/adl_wrapmccs.h
Examining data/ddcutil-0.9.9/src/adl/adl_mock_impl/adl_mock_shim.c
Examining data/ddcutil-0.9.9/src/adl/adl_mock_impl/adl_mock_errors.c
Examining data/ddcutil-0.9.9/src/adl/adl_shim.h
Examining data/ddcutil-0.9.9/src/usb/usb_base.c
Examining data/ddcutil-0.9.9/src/usb/usb_edid.c
Examining data/ddcutil-0.9.9/src/usb/usb_displays.c
Examining data/ddcutil-0.9.9/src/usb/usb_vcp.c
Examining data/ddcutil-0.9.9/src/usb/usb_edid.h
Examining data/ddcutil-0.9.9/src/usb/usb_base.h
Examining data/ddcutil-0.9.9/src/usb/usb_vcp.h
Examining data/ddcutil-0.9.9/src/usb/usb_displays.h
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.c
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_codes.c
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.c
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.h
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.h
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.h
Examining data/ddcutil-0.9.9/src/dynvcp/dyn_feature_codes.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_async.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_displays.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_display_lock.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_multi_part_io.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_output.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_packet_io.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_read_capabilities.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_services.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_strategy.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp_version.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_try_stats.c
Examining data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c
Examining data/ddcutil-0.9.9/src/ddc/old/ddc_vcp.h
Examining data/ddcutil-0.9.9/src/ddc/old/ddc_output.h
Examining data/ddcutil-0.9.9/src/ddc/new/ddc_try_stats_new.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_async.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_read_capabilities.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_vcp_version.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_display_lock.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_displays.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_multi_part_io.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_output.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_packet_io.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_services.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_strategy.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_try_stats.h
Examining data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.h
Examining data/ddcutil-0.9.9/src/test/ddc/ddc_capabilities_tests.c
Examining data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c
Examining data/ddcutil-0.9.9/src/test/ddc/ddc_capabilities_tests.h
Examining data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.h
Examining data/ddcutil-0.9.9/src/test/i2c/i2c_testutil.c
Examining data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.c
Examining data/ddcutil-0.9.9/src/test/i2c/i2c_io_old.c
Examining data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.h
Examining data/ddcutil-0.9.9/src/test/i2c/i2c_testutil.h
Examining data/ddcutil-0.9.9/src/test/i2c/i2c_io_old.h
Examining data/ddcutil-0.9.9/src/test/testcase_table.c
Examining data/ddcutil-0.9.9/src/test/testcases.c
Examining data/ddcutil-0.9.9/src/test/testcase_table.h
Examining data/ddcutil-0.9.9/src/test/testcases.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_logs.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_logs.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.h
Examining data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.h
Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser_aux.c
Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c
Examining data/ddcutil-0.9.9/src/cmdline/parsed_cmd.c
Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser.h
Examining data/ddcutil-0.9.9/src/cmdline/cmd_parser_aux.h
Examining data/ddcutil-0.9.9/src/cmdline/parsed_cmd.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_structs.c
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_cont_response.c
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_context.c
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_handle.c
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_identifier.c
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_ref.c
Examining data/ddcutil-0.9.9/src/gobject_api/gomain.c
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_ref.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_identifier.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_context.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_display_handle.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_gobjects.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_structs.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_types.h
Examining data/ddcutil-0.9.9/src/gobject_api/ddcg_cont_response.h
Examining data/ddcutil-0.9.9/src/swig/ddc_swig.c
Examining data/ddcutil-0.9.9/src/swig/ddc_swig.h
Examining data/ddcutil-0.9.9/src/cython/cyddc.c
Examining data/ddcutil-0.9.9/src/cffi/cffi_c_lib_demo/testcffi.h
Examining data/ddcutil-0.9.9/src/cffi/_ddccffi_callback.h
Examining data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_c_api.h
Examining data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h
Examining data/ddcutil-0.9.9/src/sample_clients/demo_capabilities.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_display_selection.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_feature_list.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_get_set_vcp.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_global_settings.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_profile_features.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_redirection.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_vcpinfo.c
Examining data/ddcutil-0.9.9/src/sample_clients/demo_watch_displays.c
Examining data/ddcutil-0.9.9/src/sample_clients/clmain.c
Examining data/ddcutil-0.9.9/src/private/ddcutil_c_api_private.h
Examining data/ddcutil-0.9.9/src/private/ddcutil_types_private.h
FINAL RESULTS:
data/ddcutil-0.9.9/src/util/file_util.c:428:17: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
ssize_t ct = readlink(workbuf, result, PATH_MAX);
data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:129:53: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
snprintf(fqfn, PATH_MAX, "/home/%s/%s/%s", getlogin(), USER_VCP_DATA_DIR, simple_fn_buf);
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:268:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(workbuf, interpret_ddca_version_feature_flags_readwrite(vflags));
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:270:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(workbuf, interpret_ddca_version_feature_flags_type(vflags));
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:276:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(workbuf, s);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:156:56: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
printf("(%s) getlogin() returned |%s|\n", __func__, getlogin());
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:215:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
rc = access(fnbuf, R_OK|W_OK);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:434:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, cur->driver_name);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:48:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
rc = access(fnbuf, R_OK|W_OK);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_logs.c:54:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ( access(log_fn, R_OK) < 0 ) {
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:54:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int piece_ct = sscanf(curline, "%s %d %d %s %s %s",
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:106:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirbuf, dn_gpus);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:107:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dirbuf, ep->d_name);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:391:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cur_dir_name, "%s/%s", dirname, fn);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:584:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cur_dir_name, "%s/%s", dirname, fn);
data/ddcutil-0.9.9/src/base/core.c:471:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, bname);
data/ddcutil-0.9.9/src/base/core.c:709:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, 200, format, args);
data/ddcutil-0.9.9/src/base/core.c:783:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, 200, format, args);
data/ddcutil-0.9.9/src/base/core.c:915:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, 200, format, args);
data/ddcutil-0.9.9/src/base/displays.c:367:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pIdent->mfg_id, mfg_id);
data/ddcutil-0.9.9/src/base/displays.c:371:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pIdent->model_name, model_name);
data/ddcutil-0.9.9/src/base/displays.c:375:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pIdent->serial_ascii, serial_ascii);
data/ddcutil-0.9.9/src/base/displays.c:717:31: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
dref->usb_hiddev_name = strcpy(dref->usb_hiddev_name, old->usb_hiddev_name);
data/ddcutil-0.9.9/src/base/dynamic_features.c:104:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, string_value);
data/ddcutil-0.9.9/src/base/dynamic_features.c:281:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(detail, 200, fmt, args);
data/ddcutil-0.9.9/src/base/feature_lists.c:183:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), "%s%02x%s", value_prefix, ndx, sepstr);
data/ddcutil-0.9.9/src/base/per_thread_data.c:237:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,ptd->description);
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:858:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newval, a1);
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:859:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newval, a2);
data/ddcutil-0.9.9/src/cython/cyddc.c:597:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(__PYX_DEFAULT_STRING_ENCODING, default_encoding_c);
data/ddcutil-0.9.9/src/ddc/ddc_output.c:709:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(*formatted_value_loc, strlen(formatted_data) + 49,
data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.c:209:11: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fqnamebuf, R_OK) == 0) {
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:159:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "System: %s, Unit: ", systems[sys]);
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:167:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf+strlen(buf), "%s", units[sys][i]);
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:210:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
curpos += sprintf(curpos, #_bitname "|")
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:326:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(usage_buffer, sizeof(usage_buffer),
data/ddcutil-0.9.9/src/util/device_id_util.c:228:16: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int ct = sscanf(a_line, "%s %hx %m[^\n]",
data/ddcutil-0.9.9/src/util/device_id_util.c:289:19: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int ct = sscanf(a_line+tabct, "%s %4hx %m[^\n]",
data/ddcutil-0.9.9/src/util/device_id_util.c:400:22: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int ct = sscanf(a_line, "%s %m[^\n]",
data/ddcutil-0.9.9/src/util/device_id_util.c:410:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(segment_tag, atag);
data/ddcutil-0.9.9/src/util/output_sink.c:115:15: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rc = vfprintf(psink->fp, format, args);
data/ddcutil-0.9.9/src/util/output_sink.c:123:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
rc = vsnprintf(psink->workbuf, psink->cur_max_chars, format, args);
data/ddcutil-0.9.9/src/util/output_sink.c:210:13: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int rc = vfprintf(vcp_file_emitter_fp, format, args);
data/ddcutil-0.9.9/src/util/output_sink.c:222:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, 400, format, args);
data/ddcutil-0.9.9/src/util/report_util.c:295:20: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int reqd_size = vsnprintf(buffer, buffer_size, format, args);
data/ddcutil-0.9.9/src/util/report_util.c:301:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, reqd_size+1, format, args);
data/ddcutil-0.9.9/src/util/report_util.c:687:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, val_to_append);
data/ddcutil-0.9.9/src/util/string_util.c:355:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(end, sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:358:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(end, pieces[ndx]);
data/ddcutil-0.9.9/src/util/string_util.c:754:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, s1);
data/ddcutil-0.9.9/src/util/string_util.c:755:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result+strlen(s1), s2);
data/ddcutil-0.9.9/src/util/string_util.c:805:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:806:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, nextval);
data/ddcutil-0.9.9/src/util/string_util.c:1129:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer+i*incr1, pattern, bytes[i]);
data/ddcutil-0.9.9/src/util/string_util.c:1131:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:1199:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf+strlen(buf), pattern, bytes[i]);
data/ddcutil-0.9.9/src/util/string_util.c:1204:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:1370:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rc = vfprintf(stream, format, args);
data/ddcutil-0.9.9/src/util/string_util.c:1390:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rc = vfprintf(stream, format, ap);
data/ddcutil-0.9.9/src/util/string_util.h:46:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, bufsz, fmt, __VA_ARGS__ ); \
data/ddcutil-0.9.9/src/util/subprocess_util.c:44:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(cmdbuf, "r");
data/ddcutil-0.9.9/src/util/subprocess_util.c:138:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fp = popen(cmdbuf, "r");
data/ddcutil-0.9.9/src/util/subprocess_util.c:235:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_cmd, cmd);
data/ddcutil-0.9.9/src/util/subprocess_util.c:238:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int rc = system(full_cmd);
data/ddcutil-0.9.9/src/util/sysfs_util.c:39:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", dirname, attrname);
data/ddcutil-0.9.9/src/util/sysfs_util.c:61:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", dirname, attrname);
data/ddcutil-0.9.9/src/util/sysfs_util.c:78:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", dirname, attrname);
data/ddcutil-0.9.9/src/util/sysfs_util.c:112:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "%s/%s", dirname, attrname);
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:74:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, val);
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:176:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, buf0);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:431:22: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char * rpath = realpath(workfn, resolved_path);
data/ddcutil-0.9.9/src/util/sysfs_util.c:191:19: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char * rpath = realpath(workbuf, resolved_path);
data/ddcutil-0.9.9/src/adl/adl_impl/adl_errors.c:68:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char workbuf[WORKBUF_SIZE];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_errors.c:70:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf2[20];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:374:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strPartNumber[ADL_MAX_PATH]; ///< Part number.
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:375:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strVersion[ADL_MAX_PATH]; ///< Version number.
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:376:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDate[ADL_MAX_PATH]; ///< BIOS date in yyyy/mm/dd hh:mm format.
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:430:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xrandrname[100] = {0};
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:638:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIdInfo->edid_bytes, pEdid->bytes, 128);
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:770:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_recs[ndx].marker, DISPLAY_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_id[4];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[14];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:59:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_ascii[14];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.h:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xrandr_name[16]; // what is correct maximum size?
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strUDID[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strAdapterName[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDisplayName[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDriverPath[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDriverPathExt[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:225:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strPNPString[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strXScreenConfigName[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:336:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDisplayName[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDisplayManufacturerName[ADL_MAX_PATH];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cEDIDData[ADL_MAX_EDIDDATA_SIZE];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cDisplayName[ADL_MAX_DISPLAY_NAME];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_report.c:599:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parsedMfgId[4];
data/ddcutil-0.9.9/src/adl/adl_impl/adl_shim.c:200:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orec->marker, ADL_DISPLAY_DETAIL_MARKER, 4);
data/ddcutil-0.9.9/src/adl/adl_shim.h:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "ADTD"
data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_text[30];
data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:113:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqfn[PATH_MAX] = {0};
data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:123:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char simple_fn_buf[NAME_MAX+1];
data/ddcutil-0.9.9/src/app_ddcutil/app_dumpload.c:137:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * output_fp = fopen(filename, "w+");
data/ddcutil-0.9.9/src/app_ddcutil/app_probe.c:45:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interpreted[200];
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:82:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[234];
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:173:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(version_name_buf, "2.0");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:176:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version_name_buf, ", ");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:177:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version_name_buf, "2.1");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:181:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version_name_buf, ", ");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:182:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version_name_buf, "3.0");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:186:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version_name_buf, ", ");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:187:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version_name_buf, "2.2");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:265:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(workbuf, "Deprecated, ");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:269:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(workbuf, ", ");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:272:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:275:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(workbuf, ", ");
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[200];
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:314:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[200];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv.c:384:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[80];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:205:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnbuf[20];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:139:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqfn[PATH_MAX+2];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf0[80];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:197:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(accum->marker, ENV_ACCUMULATOR_MARKER, 4);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:433:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, ", ");
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.h:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c:94:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_dmidecode.c:108:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int chassis_type_i = atoi(chassis_type_s); // TODO: use something safer?
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:199:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char busid2[30] = "";
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:352:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char connector_name[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:631:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(devname,O_RDWR | O_CLOEXEC);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnbuf[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:123:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ddc_response_bytes[12];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:300:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(first_edid, buf0->bytes, 128);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modules_builtin_fn[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[200];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ko_name[40];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * terms[2];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:119:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module_name_ko[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:122:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:48:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_name[32];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:51:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_dependencies[500];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:52:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_load_state[10]; // one of: Live Loading Unloading
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:53:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mod_addr[30];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_procfs.c:105:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirbuf[400];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:271:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_dir[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:390:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_dir_name[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:427:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workfn[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:429:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_path[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:452:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char driver_module_dir[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:583:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_dir_name[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:586:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[106];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:669:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char n[100];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnbuf[90];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:689:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cardname[cardname_sz];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_sysfs.c:721:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_dir_name[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c:88:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqfn[PATH_MAX];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c:206:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_summary[200];
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.c:142:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xref->marker, DEVICE_ID_XREF_MARKER, 4);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.c:143:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xref->raw_edid, raw_edid, 128);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_xref.h:19:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/core.c:472:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp, ".c");
data/ddcutil-0.9.9/src/base/core.c:706:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/ddcutil-0.9.9/src/base/core.c:779:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/ddcutil-0.9.9/src/base/core.c:780:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[250];
data/ddcutil-0.9.9/src/base/core.c:830:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elapsed_prefix[15] = "";
data/ddcutil-0.9.9/src/base/core.c:834:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thread_prefix[15] = "";
data/ddcutil-0.9.9/src/base/core.c:912:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/ddcutil-0.9.9/src/base/core.c:919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[250];
data/ddcutil-0.9.9/src/base/core.c:973:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->marker, DDCA_ERROR_DETAIL_MARKER, 4);
data/ddcutil-0.9.9/src/base/core.c:1008:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->marker, DDCA_ERROR_DETAIL_MARKER, 4);
data/ddcutil-0.9.9/src/base/ddc_packets.c:412:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_bytes+4, bytes_to_write, bytect);
data/ddcutil-0.9.9/src/base/ddc_packets.c:677:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(aux_data->bytes, read_data_start, read_data_length); // CHANGED
data/ddcutil-0.9.9/src/base/ddc_packets.c:1099:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, packet->parsed.nontable_response, sizeof(Parsed_Nontable_Vcp_Response));
data/ddcutil-0.9.9/src/base/ddc_packets.h:107:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[MAX_DDC_TAG+1]; ///* debug string describing packet, +1 for \0
data/ddcutil-0.9.9/src/base/displays.c:125:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newrec->marker, DISPLAY_ASYNC_REC_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:254:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIdent->marker, DISPLAY_IDENTIFIER_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:334:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pIdent->edidbytes, edidbytes, 128);
data/ddcutil-0.9.9/src/base/displays.c:446:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edidbuf[257];
data/ddcutil-0.9.9/src/base/displays.c:527:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsel->marker, DISPLAY_SELECTOR_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:624:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dref->marker, DISPLAY_REF_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:715:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dref, old, sizeof(Display_Ref));
data/ddcutil-0.9.9/src/base/displays.c:902:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[80];
data/ddcutil-0.9.9/src/base/displays.c:923:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Display_Ref[NULL]");
data/ddcutil-0.9.9/src/base/displays.c:943:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dh->marker, DISPLAY_HANDLE_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:966:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dh->marker, DISPLAY_HANDLE_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:991:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dh->marker, DISPLAY_HANDLE_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.c:1088:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Display_Handle[NULL]");
data/ddcutil-0.9.9/src/base/displays.c:1135:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(card_info->marker, VIDEO_CARD_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/base/displays.h:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/displays.h:102:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; // always "DPID"
data/ddcutil-0.9.9/src/base/displays.h:108:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_id[EDID_MFG_ID_FIELD_SIZE];
data/ddcutil-0.9.9/src/base/displays.h:109:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[EDID_MODEL_NAME_FIELD_SIZE];
data/ddcutil-0.9.9/src/base/displays.h:110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_ascii[EDID_SERIAL_ASCII_FIELD_SIZE];
data/ddcutil-0.9.9/src/base/displays.h:133:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; // always "DSEL"
data/ddcutil-0.9.9/src/base/displays.h:185:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/displays.h:229:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/displays.h:249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/dynamic_features.c:54:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result.word, s, wordlen);
data/ddcutil-0.9.9/src/base/dynamic_features.c:225:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frec->marker, DYNAMIC_FEATURES_REC_MARKER, 4);
data/ddcutil-0.9.9/src/base/dynamic_features.c:276:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char detail[200];
data/ddcutil-0.9.9/src/base/dynamic_features.c:277:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xdetail[300];
data/ddcutil-0.9.9/src/base/dynamic_features.c:521:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_feature_metadata->marker, DDCA_FEATURE_METADATA_MARKER, 4);
data/ddcutil-0.9.9/src/base/dynamic_features.h:33:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/execution_stats.c:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/execution_stats.c:212:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ddcutil-0.9.9/src/base/execution_stats.c:275:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcounts->marker, STATUS_CODE_COUNTS_MARKER, 4);
data/ddcutil-0.9.9/src/base/feature_metadata.c:352:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->marker, DISPLAY_FEATURE_METADATA_MARKER, 4);
data/ddcutil-0.9.9/src/base/feature_metadata.c:394:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ddca_meta->marker, DDCA_FEATURE_METADATA_MARKER, 4);
data/ddcutil-0.9.9/src/base/feature_metadata.h:116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/last_io_event.c:69:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ts->marker, IO_EVENT_TIMESTAMP_MARKER, 4);
data/ddcutil-0.9.9/src/base/last_io_event.h:17:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/linux_errno.c:156:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char workbuf[WORKBUF_SIZE];
data/ddcutil-0.9.9/src/base/linux_errno.c:157:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dummy_errno_description[WORKBUF_SIZE];
data/ddcutil-0.9.9/src/base/monitor_model_key.c:176:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[100];
data/ddcutil-0.9.9/src/base/monitor_model_key.c:178:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "[Undefined]");
data/ddcutil-0.9.9/src/base/old/error_detail.h:34:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always EINF
data/ddcutil-0.9.9/src/base/old/error_detail.h:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/per_thread_data.c:420:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[100];
data/ddcutil-0.9.9/src/base/thread_retry_data.c:106:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/base/thread_retry_data.c:148:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args.marker, GLOBAL_MAXTRIES_MARKER, 4);
data/ddcutil-0.9.9/src/base/tuned_sleep.c:269:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_buf[100];
data/ddcutil-0.9.9/src/base/vcp_version.c:165:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(private_buffer, "Unknown"); // will coverity flag this?
data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:112:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "DDIN"
data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:202:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; /**< equals VCP_VERSION_SPECIFIC_FEATURE_INFO_MARKER */
data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:222:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; /**< Always DDCA_CAP_VCP_MARKER */
data/ddcutil-0.9.9/src/cffi/_ddccffi_cdef_types.h:232:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; /**< always DDCA_CAPABILITIES_MARKER */
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:573:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trimmed_piece[10];
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:803:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * thisarg = (char *) cmd_and_args[argctr];
data/ddcutil-0.9.9/src/cmdline/parsed_cmd.c:49:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parsed_cmd->marker, PARSED_CMD_MARKER, 4);
data/ddcutil-0.9.9/src/cmdline/parsed_cmd.c:104:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ddcutil-0.9.9/src/cmdline/parsed_cmd.h:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; // always PCMD
data/ddcutil-0.9.9/src/cmdline/parsed_cmd.h:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * args[MAX_ARGS];
data/ddcutil-0.9.9/src/cython/cyddc.c:550:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii_chars[128];
data/ddcutil-0.9.9/src/cython/cyddc.c:10948:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctversion[4], rtversion[4];
data/ddcutil-0.9.9/src/cython/cyddc.c:10952:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/ddcutil-0.9.9/src/ddc/ddc_async.c:26:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/ddc/ddc_display_lock.c:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/ddc/ddc_display_lock.c:140:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_desc->marker, DISTINCT_DISPLAY_DESC_MARKER, 4);
data/ddcutil-0.9.9/src/ddc/ddc_displays.c:332:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(version, "Unspecified");
data/ddcutil-0.9.9/src/ddc/ddc_displays.c:335:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(version, "DDC communication failed");
data/ddcutil-0.9.9/src/ddc/ddc_displays.c:696:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:131:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s0[32], s1[257], s2[16];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:592:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:603:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[257];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:624:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp_buf[30];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:627:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:721:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dumped_data->edidbytes, edid->bytes, 128);
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:774:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:785:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[257];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:801:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:35:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edidstr[257]; ///< 128 byte EDID as hex string (for future use)
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:36:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_id[4]; ///< 3 character manufacturer id (from EDID)
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:37:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[14]; ///< model string (from EDID)
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.h:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_ascii[14]; ///< serial number string (from EDID)
data/ddcutil-0.9.9/src/ddc/ddc_output.c:289:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[100];
data/ddcutil-0.9.9/src/ddc/ddc_output.c:298:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/ddc/ddc_output.c:419:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/ddc/ddc_output.c:663:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char procfn[20];
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:74:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dnbuf[90];
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cardname[cardname_sz];
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:111:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_dir_name[PATH_MAX];
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:455:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->marker, WATCH_DISPLAYS_DATA_MARKER, 4);
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.h:35:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/dynvcp/dyn_dynamic_features.c:205:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fqnamebuf[PATH_MAX];
data/ddcutil-0.9.9/src/dynvcp/dyn_feature_codes.c:394:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[200];
data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.c:147:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fset->marker, DYN_FEATURE_SET_MARKER, 4);
data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.c:290:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->marker, DYN_FEATURE_SET_MARKER, 4);
data/ddcutil-0.9.9/src/dynvcp/dyn_feature_set.h:31:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgamma1[10];
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_native_gamma[10];
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:178:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(specific_gammas, bytes+3, specific_gamma_ct);
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:249:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sglower[10];
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:250:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgupper[10];
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:261:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[300] = "\0";
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:262:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bgamma[10];
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:272:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[100];
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[20];
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:92:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
( fd = open(filename, (callopts & CALLOPT_RDONLY) ? O_RDONLY : O_RDWR) )
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[80];
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:267:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[100];
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:598:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(businfo->marker, I2C_BUS_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:818:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX]; // yes, PATH_MAX is dangerous, but not as used here
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:819:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "/sys/bus/i2c/devices/i2c-%d/name", businfo->busno);
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:858:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[20];
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:861:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(namebuf, "/dev/i2c-%d", busno);
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.h:67:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "BINF"
data/ddcutil-0.9.9/src/libmain/api_capabilities.c:149:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->marker, DDCA_CAPABILITIES_MARKER, 4);
data/ddcutil-0.9.9/src/libmain/api_capabilities.c:157:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->cmd_codes, bva_bytes(bva), result->cmd_ct);
data/ddcutil-0.9.9/src/libmain/api_capabilities.c:167:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_cap_vcp->marker, DDCA_CAP_VCP_MARKER, 4);
data/ddcutil-0.9.9/src/libmain/api_capabilities.c:184:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur_cap_vcp->values, bva_bytes(bva), cur_cap_vcp->value_ct);
data/ddcutil-0.9.9/src/libmain/api_displays.c:667:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curinfo->marker, DDCA_DISPLAY_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/libmain/api_displays.c:694:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curinfo->edid_bytes, dref->pedid->bytes, 128);
data/ddcutil-0.9.9/src/libmain/api_feature_access.c:137:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tv->bytes, p_table_bytes->bytes, len);
data/ddcutil-0.9.9/src/libmain/api_metadata.c:145:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p_feature_list, &result, 32);
data/ddcutil-0.9.9/src/libmain/api_metadata.c:236:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(feature_list_loc, &result, 32);
data/ddcutil-0.9.9/src/private/ddcutil_types_private.h:70:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_id[DDCA_EDID_MFG_ID_FIELD_SIZE];
data/ddcutil-0.9.9/src/private/ddcutil_types_private.h:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[DDCA_EDID_MODEL_NAME_FIELD_SIZE];
data/ddcutil-0.9.9/src/public/ddcutil_types.h:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< Always "EDTL"
data/ddcutil-0.9.9/src/public/ddcutil_types.h:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "DDIN"
data/ddcutil-0.9.9/src/public/ddcutil_types.h:355:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_id[ DDCA_EDID_MFG_ID_FIELD_SIZE ]; ///< 3 character mfg id from EDID
data/ddcutil-0.9.9/src/public/ddcutil_types.h:356:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[DDCA_EDID_MODEL_NAME_FIELD_SIZE]; ///< model name from EDID, 13 char max
data/ddcutil-0.9.9/src/public/ddcutil_types.h:357:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sn[ DDCA_EDID_SN_ASCII_FIELD_SIZE ]; ///< "serial number" from EDID, 13 char max
data/ddcutil-0.9.9/src/public/ddcutil_types.h:457:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; /**< always "FMET" */
data/ddcutil-0.9.9/src/public/ddcutil_types.h:476:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; /**< Always DDCA_CAP_VCP_MARKER */
data/ddcutil-0.9.9/src/public/ddcutil_types.h:486:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; /**< always DDCA_CAPABILITIES_MARKER */
data/ddcutil-0.9.9/src/sample_clients/demo_get_set_vcp.c:382:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
which_test = atoi(argv[1]); // live dangerously, it's test code
data/ddcutil-0.9.9/src/swig/ddc_swig.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char error_msg[256];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[12];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:83:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fh = open(devname, O_RDWR);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:139:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ddc_response_bytes[12];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:318:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[12];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:321:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fh = open(devname, O_NONBLOCK|O_RDWR);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:345:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroBytes[4] = {0}; // 0x00;
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:469:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[12];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:472:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fh = open(devname, O_RDWR);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:485:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readbuf[256];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:588:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname[12];
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:591:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fh = open(devname, O_NONBLOCK|O_RDWR);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:615:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroBytes[5] = {0}; // 0x00;
data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.c:54:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[128] = {0};
data/ddcutil-0.9.9/src/usb/usb_base.c:64:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
( file = open(hiddev_devname, mode) )
data/ddcutil-0.9.9/src/usb/usb_base.c:134:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[300];
data/ddcutil-0.9.9/src/usb/usb_displays.c:213:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vcprec->marker, USB_MONITOR_VCP_REC_MARKER, 4);
data/ddcutil-0.9.9/src/usb/usb_displays.c:220:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(infoptr, &rinfo, sizeof(struct hiddev_report_info));
data/ddcutil-0.9.9/src/usb/usb_displays.c:223:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fptr, &finfo, sizeof(struct hiddev_field_info));
data/ddcutil-0.9.9/src/usb/usb_displays.c:226:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uptr, &uref, sizeof(struct hiddev_usage_ref));
data/ddcutil-0.9.9/src/usb/usb_displays.c:257:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/ddcutil-0.9.9/src/usb/usb_displays.c:258:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf,"(vcp(");
data/ddcutil-0.9.9/src/usb/usb_displays.c:269:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+curlen, "%02x", feature_code);
data/ddcutil-0.9.9/src/usb/usb_displays.c:273:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+curlen, "))");
data/ddcutil-0.9.9/src/usb/usb_displays.c:449:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(moninfo->marker, USB_MONITOR_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/usb/usb_displays.c:587:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_recs[ndx].marker, DISPLAY_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/usb/usb_displays.c:589:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info_list.info_recs, info_recs, (usb_monitors->len)*sizeof(Display_Info));
data/ddcutil-0.9.9/src/usb/usb_displays.c:739:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vname[80] = {'\0'};
data/ddcutil-0.9.9/src/usb/usb_displays.c:740:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[80] = {'\0'};
data/ddcutil-0.9.9/src/usb/usb_displays.c:812:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(device_name, O_RDONLY);
data/ddcutil-0.9.9/src/usb/usb_displays.h:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/usb/usb_displays.h:71:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/usb/usb_edid.c:186:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->sn, modelsn->bytes,8);
data/ddcutil-0.9.9/src/usb/usb_edid.c:188:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->model, modelsn->bytes+8, 8);
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:56:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b1[80];
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char b2[80];
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *systems[5] = { "None", "SI Linear", "SI Rotation",
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:69:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *units[5][8] = {
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:128:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *systems[5] = { "None", "SI Linear", "SI Rotation",
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:131:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *units[5][8] = {
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:154:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "System: Vendor defined, Unit: (unknown)");
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:156:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "System: Reserved, Unit: (unknown)");
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:174:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf+strlen(buf), "^%d", val);
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:180:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "(None)");
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:187:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:247:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cur->raw_bytes, b+i, 1+cur->bsize_bytect);
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:320:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *types[4] = { "Main", "Global", "Local", "reserved" };
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:322:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char databuf[80];
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:324:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(databuf, "none");
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:328:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawbuf[16];
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:331:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[9]; // 2 chars/byte + 1 for terminating null
data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c:156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c:612:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *types[4] = { "Main", "Global", "Local", "reserved" };
data/ddcutil-0.9.9/src/usb_util/hid_report_descriptor.c:632:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datastr[20];
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:212:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char field_bits_buffer[200];
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:271:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char report_id_buffer[100];
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:274:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(report_id_buffer, "HID_REPORT_ID_UNKNOWN");
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:277:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(report_id_buffer, "HID_REPORT_ID_FIRST|");
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:279:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(report_id_buffer, "HID_REPORT_ID_NEXT|");
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:280:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(report_id_buffer + strlen(report_id_buffer),
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:298:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char usage_buffer[100];
data/ddcutil-0.9.9/src/usb_util/hiddev_util.c:564:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, &finfo, sizeof(struct hiddev_field_info));
data/ddcutil-0.9.9/src/usb_util/hiddev_util.c:941:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[blen];
data/ddcutil-0.9.9/src/usb_util/hidraw_util.c:109:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(devname, O_RDWR|O_NONBLOCK);
data/ddcutil-0.9.9/src/usb_util/hidraw_util.c:304:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(devname, O_RDWR|O_NONBLOCK);
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:182:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char libusb_string_buffer[LIBUSB_STRING_BUFFER_SIZE];
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:192:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(libusb_string_buffer, "<Unknown string>");
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:207:1: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t libusb_string_buffer_wide[LIBUSB_STRING_BUFFER_SIZE];
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:218:9: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(libusb_string_buffer_wide, L"<Unknown string>");
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:885:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(end, "%u", path[ndx]);
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:887:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(end, ".%u", path[ndx]);
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:947:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
/* uint8_t */ unsigned char path[8];
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:949:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ddcutil-0.9.9/src/usb_util/libusb_util.c:35:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/ddcutil-0.9.9/src/util/data_structures.c:306:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; // always BBFG
data/ddcutil-0.9.9/src/util/data_structures.c:307:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char byte[BYTE_BIT_BYTE_CT];
data/ddcutil-0.9.9/src/util/data_structures.c:314:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flags->marker, BYTE_BIT_MARKER, 4);
data/ddcutil-0.9.9/src/util/data_structures.c:430:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + strlen(buffer), "%02x", flags->byte[flagndx]);
data/ddcutil-0.9.9/src/util/data_structures.c:501:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%02x", flg);
data/ddcutil-0.9.9/src/util/data_structures.c:562:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/util/data_structures.c:576:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->marker, BBF_ITER_MARKER, 4);
data/ddcutil-0.9.9/src/util/data_structures.c:699:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, start, len);
data/ddcutil-0.9.9/src/util/data_structures.c:719:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/ddcutil-0.9.9/src/util/data_structures.c:786:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->marker, BUFFER_MARKER, 4);
data/ddcutil-0.9.9/src/util/data_structures.c:913:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->bytes, bytes, bytect);
data/ddcutil-0.9.9/src/util/data_structures.c:951:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->bytes+offset, bytes, bytect);
data/ddcutil-0.9.9/src/util/data_structures.c:983:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer->bytes + buffer->len, bytes, bytect);
data/ddcutil-0.9.9/src/util/data_structures.h:95:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "BUFR"
data/ddcutil-0.9.9/src/util/debug_util.c:55:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, start, len);
data/ddcutil-0.9.9/src/util/device_id_util.c:78:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnbuf[MAX_PATH];
data/ddcutil-0.9.9/src/util/device_id_util.c:225:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atag[40];
data/ddcutil-0.9.9/src/util/device_id_util.c:287:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_tag[40];
data/ddcutil-0.9.9/src/util/device_id_util.c:398:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atag[40];
data/ddcutil-0.9.9/src/util/device_id_util.c:609:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagbuf[MAX_TAG_SIZE];
data/ddcutil-0.9.9/src/util/device_id_util.c:923:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultbuf[12] = {0};
data/ddcutil-0.9.9/src/util/edid.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parsed_edid->marker, EDID_MARKER_NAME, 4);
data/ddcutil-0.9.9/src/util/edid.c:227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parsed_edid->bytes, edidbytes, 128);
data/ddcutil-0.9.9/src/util/edid.c:338:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char explbuf[100];
data/ddcutil-0.9.9/src/util/edid.c:341:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(explbuf, "Digital Input");
data/ddcutil-0.9.9/src/util/edid.c:345:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (Digital interface not defined)");
data/ddcutil-0.9.9/src/util/edid.c:348:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (DVI)");
data/ddcutil-0.9.9/src/util/edid.c:351:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (HDMI-a)");
data/ddcutil-0.9.9/src/util/edid.c:354:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (HDMI-b");
data/ddcutil-0.9.9/src/util/edid.c:357:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (MDDI)");
data/ddcutil-0.9.9/src/util/edid.c:360:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (DisplayPort)");
data/ddcutil-0.9.9/src/util/edid.c:363:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(explbuf, " (Invalid DVI standard)");
data/ddcutil-0.9.9/src/util/edid.c:368:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(explbuf, "Analog Input");
data/ddcutil-0.9.9/src/util/edid.h:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "EDID"
data/ddcutil-0.9.9/src/util/edid.h:53:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfg_id[EDID_MFG_ID_FIELD_SIZE]; ///< 3 character mfg id, null terminated
data/ddcutil-0.9.9/src/util/edid.h:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[EDID_MODEL_NAME_FIELD_SIZE]; ///< model name (tag 0xfc)
data/ddcutil-0.9.9/src/util/edid.h:57:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char serial_ascii[EDID_SERIAL_ASCII_FIELD_SIZE]; ///< serial number string (tag 0xff)
data/ddcutil-0.9.9/src/util/edid.h:58:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra_descriptor_string[EDID_EXTRA_STRING_FIELD_SIZE]; ///< (tag 0xfe)
data/ddcutil-0.9.9/src/util/edid.h:75:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char edid_source[EDID_SOURCE_FIELD_SIZE]; ///< describes source of EDID
data/ddcutil-0.9.9/src/util/error_info.c:234:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_causes, parent->causes, parent->cause_ct * sizeof(Error_Info *) );
data/ddcutil-0.9.9/src/util/error_info.c:247:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_causes, parent->causes, parent->max_causes * sizeof(Error_Info *) );
data/ddcutil-0.9.9/src/util/error_info.c:287:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(erec->marker, ERROR_INFO_MARKER, 4);
data/ddcutil-0.9.9/src/util/error_info.c:555:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ddcutil-0.9.9/src/util/error_info.c:648:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ddcutil-0.9.9/src/util/error_info.c:702:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ddcutil-0.9.9/src/util/error_info.h:27:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always EINF
data/ddcutil-0.9.9/src/util/failsim.c:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/util/failsim.c:156:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frec->marker, FSIM_FUNC_REC_MARKER, 4);
data/ddcutil-0.9.9/src/util/file_util.c:44:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fn, "r");
data/ddcutil-0.9.9/src/util/file_util.c:185:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fn, "r");
data/ddcutil-0.9.9/src/util/file_util.c:253:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(fn, "r");
data/ddcutil-0.9.9/src/util/file_util.c:305:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(fn, "r"))) {
data/ddcutil-0.9.9/src/util/file_util.c:386:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX];
data/ddcutil-0.9.9/src/util/file_util.c:425:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[40];
data/ddcutil-0.9.9/src/util/libdrm_util.c:136:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char property_flags_string[150];
data/ddcutil-0.9.9/src/util/libdrm_util.c:262:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b2[20];
data/ddcutil-0.9.9/src/util/libdrm_util.c:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200]; int bufsz=200;
data/ddcutil-0.9.9/src/util/libdrm_util.c:315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DRM_DISPLAY_MODE_LEN];
data/ddcutil-0.9.9/src/util/libdrm_util.c:430:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200]; int bufsz=200;
data/ddcutil-0.9.9/src/util/libdrm_util.c:489:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[DRM_PROP_NAME_LEN];
data/ddcutil-0.9.9/src/util/libdrm_util.c:541:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200] = ""; int bufsz=200;
data/ddcutil-0.9.9/src/util/multi_level_map.c:65:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((Byte*) &mlm->level_detail, level_detail, levels*sizeof(MLM_Level));
data/ddcutil-0.9.9/src/util/multi_level_map.h:40:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * names[MLT_MAX_LEVELS];
data/ddcutil-0.9.9/src/util/output_sink.c:44:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/util/output_sink.c:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psink->marker, OUTPUT_SINK_MARKER, 4);
data/ddcutil-0.9.9/src/util/output_sink.c:73:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psink->marker, OUTPUT_SINK_MARKER, 4);
data/ddcutil-0.9.9/src/util/output_sink.c:88:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psink->marker, OUTPUT_SINK_MARKER, 4);
data/ddcutil-0.9.9/src/util/output_sink.c:221:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/ddcutil-0.9.9/src/util/report_util.c:291:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[buffer_size];
data/ddcutil-0.9.9/src/util/report_util.c:447:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infobuf[100];
data/ddcutil-0.9.9/src/util/report_util.c:493:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/ddcutil-0.9.9/src/util/report_util.c:513:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/ddcutil-0.9.9/src/util/report_util.c:536:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/ddcutil-0.9.9/src/util/report_util.c:558:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/ddcutil-0.9.9/src/util/report_util.c:584:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ddcutil-0.9.9/src/util/report_util.c:743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/ddcutil-0.9.9/src/util/string_util.c:251:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s+startpos, tlen);
data/ddcutil-0.9.9/src/util/string_util.c:420:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, workstruct, (piecect+1)*sizeof(char*) );
data/ddcutil-0.9.9/src/util/string_util.c:773:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strbuf, start, len);
data/ddcutil-0.9.9/src/util/string_util.c:810:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "...");
data/ddcutil-0.9.9/src/util/string_util.c:812:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf+(maxchars-3), "...");
data/ddcutil-0.9.9/src/util/string_util.c:992:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hhs[3];
data/ddcutil-0.9.9/src/util/string_util.c:1251:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10]; // was 8, compiler complains that too small
data/ddcutil-0.9.9/src/util/string_util.c:1252:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ddcutil-0.9.9/src/util/string_util.c:1254:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indentation[100];
data/ddcutil-0.9.9/src/util/string_util.c:1277:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "+%04x", i);
data/ddcutil-0.9.9/src/util/string_util.c:1278:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, temp, 5);
data/ddcutil-0.9.9/src/util/string_util.c:1282:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%02x", 0xff & data[i]);
data/ddcutil-0.9.9/src/util/string_util.c:1283:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 8 + (j * 3), temp, 2);
data/ddcutil-0.9.9/src/util/subprocess_util.c:212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shell_cmd[100];
data/ddcutil-0.9.9/src/util/subprocess_util.c:236:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(full_cmd, ">/dev/null 2>&1");
data/ddcutil-0.9.9/src/util/sysfs_util.c:38:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/ddcutil-0.9.9/src/util/sysfs_util.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/ddcutil-0.9.9/src/util/sysfs_util.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/ddcutil-0.9.9/src/util/sysfs_util.c:111:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[PATH_MAX];
data/ddcutil-0.9.9/src/util/sysfs_util.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char module_fn[100];
data/ddcutil-0.9.9/src/util/sysfs_util.c:166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[50];
data/ddcutil-0.9.9/src/util/sysfs_util.c:187:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[100];
data/ddcutil-0.9.9/src/util/sysfs_util.c:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_path[PATH_MAX];
data/ddcutil-0.9.9/src/util/sysfs_util.c:215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[50];
data/ddcutil-0.9.9/src/util/udev_i2c_util.c:33:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/util/udev_i2c_util.c:168:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char devname [10];
data/ddcutil-0.9.9/src/util/udev_usb_util.c:25:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(devsum->marker, UDEV_DETAILED_DEVICE_SUMMARY_MARKER, 4);
data/ddcutil-0.9.9/src/util/udev_usb_util.c:437:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result->busno = atoi(sbusnum);
data/ddcutil-0.9.9/src/util/udev_usb_util.c:438:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result->devno = atoi(sdevnum);
data/ddcutil-0.9.9/src/util/udev_usb_util.h:48:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "UDDS"
data/ddcutil-0.9.9/src/util/udev_util.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(summary->marker, UDEV_DEVICE_SUMMARY_MARKER, 4);
data/ddcutil-0.9.9/src/util/udev_util.h:41:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "UDSM"
data/ddcutil-0.9.9/src/util/x11_util.c:219:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edidrec->edidbytes, data, 128);
data/ddcutil-0.9.9/src/util/x11_util.c:221:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(edidrec->output_name, output_info->name, output_info->nameLen);
data/ddcutil-0.9.9/src/vcp/parse_capabilities.c:770:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcaps->marker, PARSED_CAPABILITIES_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/parse_capabilities.h:28:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; // always "CAPA"
data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c:74:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vfr->marker, CAPABILITIES_FEATURE_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c:80:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vfr->value_string, value_string_start, value_string_len);
data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.c:114:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[768];
data/ddcutil-0.9.9/src/vcp/parsed_capabilities_feature.h:27:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4]; ///< always "VCPF"
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:73:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ", ");
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:238:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:240:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Undefined");
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:828:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuf[200];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:904:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pentry->marker, VCP_FEATURE_TABLE_ENTRY_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1133:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1585:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf0[100];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1647:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formatted_sh_sl[20];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1668:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgamma[10];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1669:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sgamma2[10];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:4211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:4246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufsz];
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:4356:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( vcp_code_table[ndx].marker, VCP_FEATURE_TABLE_ENTRY_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.h:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:68:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fset->marker, VCP_FEATURE_SET_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fset->marker, VCP_FEATURE_SET_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:269:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fset->marker, VCP_FEATURE_SET_MARKER, 4);
data/ddcutil-0.9.9/src/vcp/vcp_feature_set.c:470:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/ddcutil-0.9.9/src/vcp/vcp_feature_set.h:26:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[4];
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:179:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "...");
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:285:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(valrec->val.t.bytes, bytes, bytect);
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:397:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(anyval->val.t.bytes, valrec->val.t.bytes, valrec->val.t.bytect);
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:946:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( mfg_id && strlen(mfg_id) > 0) {
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:952:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( model && strlen(model) > 0) {
data/ddcutil-0.9.9/src/adl/adl_impl/adl_intf.c:958:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( sn && strlen(sn) > 0) {
data/ddcutil-0.9.9/src/app_ddcutil/app_getvcp.c:467:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ct = read(fd, &uref, sizeof(uref));
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:63:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (*(string_value + strlen(string_value)-1) == 'H') {
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:64:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(string_value)-1;
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:114:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(new_value && strlen(new_value) > 0);
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:150:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(new_value) > 1);
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:271:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(new_value && strlen(new_value) > 0);
data/ddcutil-0.9.9/src/app_ddcutil/app_setvcp.c:306:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(new_value) > 1);
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(version_name_buf) > 0)
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:180:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(version_name_buf) > 0)
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:185:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(version_name_buf) > 0)
data/ddcutil-0.9.9/src/app_ddcutil/app_vcpinfo.c:274:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && strlen(s) > 0) {
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_access.c:152:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc, strlen(username));
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:143:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fqfn,"/");
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:144:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(fqfn) + strlen(simple_fn) <= PATH_MAX); // for Coverity
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:144:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(fqfn) + strlen(simple_fn) <= PATH_MAX); // for Coverity
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:145:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(fqfn,simple_fn, sizeof(fqfn)-(strlen(fqfn)+1)); // use strncat to make Coverity happy
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:145:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(fqfn,simple_fn, sizeof(fqfn)-(strlen(fqfn)+1)); // use strncat to make Coverity happy
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:422:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqd_sz += strlen(cur->driver_name);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_base.c:437:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(result) == reqd_sz-1);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:91:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(fn);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:243:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(busid2) > 0) {
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_drm.c:649:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(ent->d_name, "card", strlen("card"));
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:80:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000); // doesn't help
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:91:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:121:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_i2c.c:126:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fh, ddc_response_bytes+1, readct);
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_modules.c:223:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufsz = strlen(grep_terms) + 100;
data/ddcutil-0.9.9/src/app_sysenv/query_sysenv_usb.c:100:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("(%s) strlen(d_name) = %ld\n", __func__, strlen(ep->d_name));
data/ddcutil-0.9.9/src/base/core.c:469:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newsz = strlen(bname) + 2 + 1;
data/ddcutil-0.9.9/src/base/core.c:542:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(buf && (strlen(buf) > 0)) ? buf : "none");
data/ddcutil-0.9.9/src/base/core.c:555:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(buf && (strlen(buf) > 0)) ? buf : "none");
data/ddcutil-0.9.9/src/base/core.c:605:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(buf) == 0) ? "none" : buf);
data/ddcutil-0.9.9/src/base/core.c:841:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buf2sz = 15+15+4 + strlen(funcname) + strlen(buffer) + 10;
data/ddcutil-0.9.9/src/base/core.c:841:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buf2sz = 15+15+4 + strlen(funcname) + strlen(buffer) + 10;
data/ddcutil-0.9.9/src/base/core.c:847:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(buf2) < buf2sz);
data/ddcutil-0.9.9/src/base/displays.c:361:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!mfg_id || strlen(mfg_id) < EDID_MFG_ID_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/displays.c:362:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!model_name || strlen(model_name) < EDID_MODEL_NAME_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/displays.c:363:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!serial_ascii || strlen(serial_ascii) < EDID_SERIAL_ASCII_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/displays.c:379:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(pIdent->mfg_id) + strlen(pIdent->model_name) + strlen(pIdent->serial_ascii) > 0);
data/ddcutil-0.9.9/src/base/displays.c:379:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(pIdent->mfg_id) + strlen(pIdent->model_name) + strlen(pIdent->serial_ascii) > 0);
data/ddcutil-0.9.9/src/base/displays.c:379:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert( strlen(pIdent->mfg_id) + strlen(pIdent->model_name) + strlen(pIdent->serial_ascii) > 0);
data/ddcutil-0.9.9/src/base/displays.c:1152:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + strlen("hiddev");
data/ddcutil-0.9.9/src/base/displays.c:1153:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > 0) {
data/ddcutil-0.9.9/src/base/dynamic_features.c:90:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufsz = strlen(string_value) + 1 + 1; // 1 for possible increased length, 1 for terminating null
data/ddcutil-0.9.9/src/base/dynamic_features.c:96:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (*(string_value + strlen(string_value)-1) == 'H' ||
data/ddcutil-0.9.9/src/base/dynamic_features.c:97:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(string_value + strlen(string_value)-1) == 'h' )
data/ddcutil-0.9.9/src/base/dynamic_features.c:100:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = strlen(string_value)-1;
data/ddcutil-0.9.9/src/base/execution_stats.c:130:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curval = strlen(io_event_stats[ndx].name);
data/ddcutil-0.9.9/src/base/execution_stats.c:517:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sleep_event_names[ndx]) > result)
data/ddcutil-0.9.9/src/base/execution_stats.c:518:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = strlen(sleep_event_names[ndx]);
data/ddcutil-0.9.9/src/base/feature_lists.c:166:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vsize = strlen(value_prefix) + 2 + strlen(sepstr);
data/ddcutil-0.9.9/src/base/feature_lists.c:166:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vsize = strlen(value_prefix) + 2 + strlen(sepstr);
data/ddcutil-0.9.9/src/base/feature_lists.c:183:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "%s%02x%s", value_prefix, ndx, sepstr);
data/ddcutil-0.9.9/src/base/feature_lists.c:186:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[ strlen(buf)-strlen(sepstr)] = '\0';
data/ddcutil-0.9.9/src/base/feature_lists.c:186:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[ strlen(buf)-strlen(sepstr)] = '\0';
data/ddcutil-0.9.9/src/base/feature_metadata.c:71:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0)
data/ddcutil-0.9.9/src/base/feature_metadata.c:72:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-2] = '\0';
data/ddcutil-0.9.9/src/base/linux_errno.c:254:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dummy_errno_description, s, sz);
data/ddcutil-0.9.9/src/base/monitor_model_key.c:29:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(mfg_id && strlen(mfg_id) < EDID_MFG_ID_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/monitor_model_key.c:30:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(model_name && strlen(model_name) < EDID_MODEL_NAME_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/monitor_model_key.c:70:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(mfg_id && strlen(mfg_id) < EDID_MFG_ID_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/monitor_model_key.c:71:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(model_name && strlen(model_name) < EDID_MODEL_NAME_FIELD_SIZE);
data/ddcutil-0.9.9/src/base/monitor_model_key.c:118:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int ndx = 0; ndx < strlen(model_name2); ndx++) {
data/ddcutil-0.9.9/src/base/per_thread_data.c:236:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * buf = get_thread_dynamic_buffer(&x_key, &x_len_key, strlen(ptd->description)+1);
data/ddcutil-0.9.9/src/base/per_thread_data.c:249:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
next = strlen(buf);
data/ddcutil-0.9.9/src/base/per_thread_data.c:423:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hdrlen = strlen(header);
data/ddcutil-0.9.9/src/base/per_thread_data.c:435:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(header) > 0) {
data/ddcutil-0.9.9/src/base/per_thread_data.c:437:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(header, "");
data/ddcutil-0.9.9/src/base/sleep.c:90:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(milliseconds*1000); // usleep takes microseconds, not milliseconds
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:525:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(edidwork) != 256) {
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:577:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > 0 && !streq(token,".")) {
data/ddcutil-0.9.9/src/cmdline/cmd_parser_goption.c:857:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * newval = calloc(1, 1 + strlen(a2) + 1);
data/ddcutil-0.9.9/src/cython/cyddc.c:481:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define __Pyx_PyByteArray_FromString(s) PyByteArray_FromStringAndSize((const char*)s, strlen((const char*)s))
data/ddcutil-0.9.9/src/cython/cyddc.c:595:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__PYX_DEFAULT_STRING_ENCODING = (char*) malloc(strlen(default_encoding_c));
data/ddcutil-0.9.9/src/cython/cyddc.c:1469:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 48, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:1994:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_3 = __Pyx_decode_c_string(__pyx_t_2, 0, strlen(__pyx_t_2), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 91, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:2060:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_3 = __Pyx_decode_c_string(__pyx_t_2, 0, strlen(__pyx_t_2), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_3)) __PYX_ERR(0, 94, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:4518:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 431, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:4828:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 458, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:6059:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_t_1, 0, strlen(__pyx_t_1), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 567, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:6226:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__pyx_t_2 = __Pyx_decode_c_string(__pyx_v_s, 0, strlen(__pyx_v_s), NULL, NULL, PyUnicode_DecodeUTF8); if (unlikely(!__pyx_t_2)) __PYX_ERR(0, 576, __pyx_L1_error)
data/ddcutil-0.9.9/src/cython/cyddc.c:8214:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(cstring);
data/ddcutil-0.9.9/src/cython/cyddc.c:10994:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return __Pyx_PyUnicode_FromStringAndSize(c_str, (Py_ssize_t)strlen(c_str));
data/ddcutil-0.9.9/src/ddc/ddc_displays.c:731:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (criteria->mfg_id && (strlen(criteria->mfg_id) > 0) &&
data/ddcutil-0.9.9/src/ddc/ddc_displays.c:735:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (criteria->model_name && (strlen(criteria->model_name) > 0) &&
data/ddcutil-0.9.9/src/ddc/ddc_displays.c:739:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (criteria->serial_ascii && (strlen(criteria->serial_ascii) > 0) &&
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:141:12: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
ct = sscanf(head, "%31s %256s %15s", s0, s1, s2);
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:153:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rest = head + strlen(s0);;
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:155:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * last = rest + strlen(rest) - 1;
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:423:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen(pdata->mfg_id) + strlen(pdata->model) + strlen(pdata->serial_ascii) == 0) {
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:423:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen(pdata->mfg_id) + strlen(pdata->model) + strlen(pdata->serial_ascii) == 0) {
data/ddcutil-0.9.9/src/ddc/ddc_dumpload.c:423:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ( strlen(pdata->mfg_id) + strlen(pdata->model) + strlen(pdata->serial_ascii) == 0) {
data/ddcutil-0.9.9/src/ddc/ddc_output.c:708:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*formatted_value_loc = calloc(1, strlen(formatted_data) + 50);
data/ddcutil-0.9.9/src/ddc/ddc_output.c:709:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(*formatted_value_loc, strlen(formatted_data) + 49,
data/ddcutil-0.9.9/src/ddc/ddc_watch_displays.c:253:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(3000*1000);
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:50:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lsub(sgamma1, strlen(sgamma1)-2),
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:51:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
substr(sgamma1, strlen(sgamma1)-2, 2));
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:584:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfr = new_capabilities_feature(0x72, vstring, strlen(vstring));
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:587:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfr = new_capabilities_feature(0x72, vstring, strlen(vstring));
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:590:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfr = new_capabilities_feature(0x72, vstring, strlen(vstring));
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:594:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfr = new_capabilities_feature(0x72, vstring, strlen(vstring));
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:598:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfr = new_capabilities_feature(0x72, vstring, strlen(vstring));
data/ddcutil-0.9.9/src/dynvcp/dyn_parsed_capabilities.c:601:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfr = new_capabilities_feature(0x72, vstring, strlen(vstring));
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:389:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
( rc = read(fd, &rawedid->bytes[ndx], 1) )
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:404:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
( rc = read(fd, rawedid->bytes, 128) )
data/ddcutil-0.9.9/src/i2c/i2c_bus_core.c:623:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, readbuf, 4);
data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:109:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sel->mfg_id && strlen(sel->mfg_id) > 0) {
data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:110:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!edid) || strlen(edid->mfg_id) == 0 || !streq(sel->mfg_id, edid->mfg_id) ) {
data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:116:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sel->model_name && strlen(sel->model_name) > 0) {
data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:117:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!edid) || strlen(edid->model_name) == 0 || !streq(sel->model_name, edid->model_name) ) {
data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:123:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sel->serial_ascii && strlen(sel->serial_ascii) > 0) {
data/ddcutil-0.9.9/src/i2c/i2c_bus_selector.c:124:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((!edid) || strlen(edid->serial_ascii) == 0 || !streq(sel->serial_ascii, edid->serial_ascii) ) {
data/ddcutil-0.9.9/src/i2c/i2c_execute.c:172:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
( rc = read(fd, readbuf+ndx, 1) )
data/ddcutil-0.9.9/src/i2c/i2c_execute.c:227:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
( rc = read(fd, readbuf, bytect) )
data/ddcutil-0.9.9/src/libmain/api_displays.c:127:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( ( !mfg_id || strlen(mfg_id) == 0) &&
data/ddcutil-0.9.9/src/libmain/api_displays.c:128:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( !model_name || strlen(model_name) == 0) &&
data/ddcutil-0.9.9/src/libmain/api_displays.c:129:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( !serial_ascii || strlen(serial_ascii) == 0)
data/ddcutil-0.9.9/src/libmain/api_displays.c:135:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(model_name && strlen(model_name) >= EDID_MODEL_NAME_FIELD_SIZE) ||
data/ddcutil-0.9.9/src/libmain/api_displays.c:136:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(mfg_id && strlen(mfg_id) >= EDID_MFG_ID_FIELD_SIZE) ||
data/ddcutil-0.9.9/src/libmain/api_displays.c:137:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(serial_ascii && strlen(serial_ascii) >= EDID_SERIAL_ASCII_FIELD_SIZE)
data/ddcutil-0.9.9/src/libmain/api_displays.c:569:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mfg_id && strlen(mfg_id) < DDCA_EDID_MFG_ID_FIELD_SIZE &&
data/ddcutil-0.9.9/src/libmain/api_displays.c:570:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
model_name && strlen(model_name) < DDCA_EDID_MODEL_NAME_FIELD_SIZE)
data/ddcutil-0.9.9/src/sample_clients/demo_vcpinfo.c:97:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) > 0)
data/ddcutil-0.9.9/src/sample_clients/demo_vcpinfo.c:98:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-2] = '\0';
data/ddcutil-0.9.9/src/sample_clients/demo_watch_displays.c:21:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(60 * 1000*1000); // some long interval, just to keep alive
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:105:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:137:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:142:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fh, ddc_response_bytes+1, readct);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:336:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fh, readbuf+1, 11);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:381:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:416:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fh, readbuf+1, 11);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:606:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fh, readbuf+1, 1);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:631:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/ddcutil-0.9.9/src/test/ddc/ddc_vcp_tests.c:645:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(500000);
data/ddcutil-0.9.9/src/test/i2c/i2c_edid_tests.c:77:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, edidbuf, 128);
data/ddcutil-0.9.9/src/usb/usb_displays.c:266:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf+curlen, " ");
data/ddcutil-0.9.9/src/usb/usb_displays.c:627:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mfg_id && strlen(mfg_id) > 0) {
data/ddcutil-0.9.9/src/usb/usb_displays.c:634:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (model && strlen(model) > 0) {
data/ddcutil-0.9.9/src/usb/usb_displays.c:641:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sn && strlen(sn) > 0) {
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:166:16: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "*");
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:167:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), "%s", units[sys][i]);
data/ddcutil-0.9.9/src/usb_util/base_hid_report_descriptor.c:174:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), "^%d", val);
data/ddcutil-0.9.9/src/usb_util/hiddev_reports.c:280:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(report_id_buffer + strlen(report_id_buffer),
data/ddcutil-0.9.9/src/usb_util/hiddev_util.c:73:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(ent->d_name, "hiddev", strlen("hiddev"));
data/ddcutil-0.9.9/src/usb_util/hidraw_util.c:45:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(ent->d_name, "hidraw", strlen("hidraw"));
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:197:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (rc != strlen(libusb_string_buffer)) {
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:199:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__func__, rc, LIBUSB_STRING_BUFFER_SIZE, strlen(libusb_string_buffer), libusb_string_buffer );
data/ddcutil-0.9.9/src/usb_util/libusb_reports.c:882:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *end = buf + strlen(buf);
data/ddcutil-0.9.9/src/util/data_structures.c:217:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sepsz = strlen(sep);
data/ddcutil-0.9.9/src/util/data_structures.c:223:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%02x", cursep, bytes[ndx]);
data/ddcutil-0.9.9/src/util/data_structures.c:223:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%02x", cursep, bytes[ndx]);
data/ddcutil-0.9.9/src/util/data_structures.c:225:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%d", cursep, bytes[ndx]);
data/ddcutil-0.9.9/src/util/data_structures.c:225:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf + strlen(buf), alloc_sz-strlen(buf), "%s%d", cursep, bytes[ndx]);
data/ddcutil-0.9.9/src/util/data_structures.c:430:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buffer + strlen(buffer), "%02x", flags->byte[flagndx]);
data/ddcutil-0.9.9/src/util/data_structures.c:708:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ln = strlen(nexttok);
data/ddcutil-0.9.9/src/util/data_structures.c:1002:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_append(buffer, (Byte *) str, strlen(str)+1);
data/ddcutil-0.9.9/src/util/data_structures.c:1007:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_append(buffer, (Byte *) str, strlen(str) + 1);
data/ddcutil-0.9.9/src/util/debug_util.c:48:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = bt_line + strlen(bt_line);
data/ddcutil-0.9.9/src/util/device_id_util.c:220:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(a_line) == 0 || a_line[0] == '#') {
data/ddcutil-0.9.9/src/util/device_id_util.c:283:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rtrim_in_place(a_line+tabct)) == 0 || a_line[tabct] == '#')
data/ddcutil-0.9.9/src/util/device_id_util.c:394:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_line+tabct) == 0 || a_line[tabct] == '#')
data/ddcutil-0.9.9/src/util/device_id_util.c:461:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rtrim_in_place(a_line+tabct)) == 0 || a_line[tabct] == '#')
data/ddcutil-0.9.9/src/util/edid.c:155:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(namebuf, "");
data/ddcutil-0.9.9/src/util/edid.c:156:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(snbuf, "");
data/ddcutil-0.9.9/src/util/edid.c:157:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(otherbuf, "");
data/ddcutil-0.9.9/src/util/error_info.c:796:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int required_size = strlen(buf1) + 1;
data/ddcutil-0.9.9/src/util/failsim.c:300:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc_string = rc_string + strlen("modulated:");
data/ddcutil-0.9.9/src/util/failsim.c:304:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc_string = rc_string + strlen("base:");
data/ddcutil-0.9.9/src/util/failsim.c:306:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rc_string) == 0)
data/ddcutil-0.9.9/src/util/failsim.c:371:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(trimmed_line) > 0 && trimmed_line[0] != '#' && trimmed_line[0] != '*') {
data/ddcutil-0.9.9/src/util/failsim.c:391:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(occdef) == 0)
data/ddcutil-0.9.9/src/util/file_util.c:261:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/ddcutil-0.9.9/src/util/file_util.c:269:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(single_line) > 0)
data/ddcutil-0.9.9/src/util/file_util.c:270:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
single_line[strlen(single_line)-1] = '\0';
data/ddcutil-0.9.9/src/util/glib_string_util.c:47:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
__func__, strlen(catenated), catenated, catenated);
data/ddcutil-0.9.9/src/util/glib_string_util.c:86:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int required_size = strlen(catenated) + 1;
data/ddcutil-0.9.9/src/util/glib_string_util.c:88:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, catenated, required_size);
data/ddcutil-0.9.9/src/util/i2c_util.c:115:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int hdrlen = strlen(header);
data/ddcutil-0.9.9/src/util/i2c_util.c:125:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(header) > 0)
data/ddcutil-0.9.9/src/util/libdrm_util.c:160:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufsz = strlen(buf) + 100;
data/ddcutil-0.9.9/src/util/libdrm_util.c:165:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0)
data/ddcutil-0.9.9/src/util/libdrm_util.c:175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0)
data/ddcutil-0.9.9/src/util/libdrm_util.c:260:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, " -> ", bufsz);
data/ddcutil-0.9.9/src/util/libdrm_util.c:441:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, " -> ", 100);
data/ddcutil-0.9.9/src/util/libdrm_util.c:443:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), 100-strlen(buf), "%d ", p->encoders[ndx]);
data/ddcutil-0.9.9/src/util/libdrm_util.c:443:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), 100-strlen(buf), "%d ", p->encoders[ndx]);
data/ddcutil-0.9.9/src/util/report_util.c:686:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buffer) + strlen(val_to_append) < bufsize);
data/ddcutil-0.9.9/src/util/report_util.c:686:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buffer) + strlen(val_to_append) < bufsize);
data/ddcutil-0.9.9/src/util/string_util.c:80:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int vlen = strlen(value);
data/ddcutil-0.9.9/src/util/string_util.c:82:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vlen <= strlen(longname) &&
data/ddcutil-0.9.9/src/util/string_util.c:106:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return value_to_test && prefix && is_abbrev(prefix, value_to_test, strlen(prefix));
data/ddcutil-0.9.9/src/util/string_util.c:122:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int value_len = strlen(value_to_test);
data/ddcutil-0.9.9/src/util/string_util.c:123:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int end_part_len = strlen(suffix);
data/ddcutil-0.9.9/src/util/string_util.c:137:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seglen = strlen(segment);
data/ddcutil-0.9.9/src/util/string_util.c:138:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int laststart = strlen(value_to_test) - seglen;
data/ddcutil-0.9.9/src/util/string_util.c:158:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int ndx = 0; ndx < strlen(s); ndx++) {
data/ddcutil-0.9.9/src/util/string_util.c:237:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(s);
data/ddcutil-0.9.9/src/util/string_util.c:268:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/ddcutil-0.9.9/src/util/string_util.c:286:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufsz = strlen(s)+1;
data/ddcutil-0.9.9/src/util/string_util.c:304:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (startpos + ct > strlen(s))
data/ddcutil-0.9.9/src/util/string_util.c:305:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ct = strlen(s) - startpos;
data/ddcutil-0.9.9/src/util/string_util.c:307:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(result, s+startpos, ct);
data/ddcutil-0.9.9/src/util/string_util.c:339:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seplen = (sepstr) ? strlen(sepstr) : 0; // sepstr may be null
data/ddcutil-0.9.9/src/util/string_util.c:343:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total_length += strlen(pieces[ndx]);
data/ddcutil-0.9.9/src/util/string_util.c:356:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end += strlen(sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:359:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end += strlen(pieces[ndx]);
data/ddcutil-0.9.9/src/util/string_util.c:397:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int max_pieces = (strlen(str_to_split)+1);
data/ddcutil-0.9.9/src/util/string_util.c:412:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > 0)
data/ddcutil-0.9.9/src/util/string_util.c:466:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * str_to_split2_end = str_to_split2 + strlen(str_to_split);
data/ddcutil-0.9.9/src/util/string_util.c:494:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = start + strlen(piece);
data/ddcutil-0.9.9/src/util/string_util.c:753:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * result = malloc(strlen(s1) + strlen(s2) + 1);
data/ddcutil-0.9.9/src/util/string_util.c:753:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * result = malloc(strlen(s1) + strlen(s2) + 1);
data/ddcutil-0.9.9/src/util/string_util.c:755:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(result+strlen(s1), s2);
data/ddcutil-0.9.9/src/util/string_util.c:798:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int seplen = (sepstr) ? strlen(sepstr) : 0;
data/ddcutil-0.9.9/src/util/string_util.c:800:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int newlen = ( strlen(buf) == 0 )
data/ddcutil-0.9.9/src/util/string_util.c:801:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? strlen(nextval)
data/ddcutil-0.9.9/src/util/string_util.c:802:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: ( strlen(buf) + seplen + strlen(nextval));
data/ddcutil-0.9.9/src/util/string_util.c:802:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: ( strlen(buf) + seplen + strlen(nextval));
data/ddcutil-0.9.9/src/util/string_util.c:804:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) > 0 && sepstr)
data/ddcutil-0.9.9/src/util/string_util.c:809:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf) < (maxchars-3) )
data/ddcutil-0.9.9/src/util/string_util.c:930:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) != 2)
data/ddcutil-0.9.9/src/util/string_util.c:973:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(suc+strlen(suc)-1) = '\0';
data/ddcutil-0.9.9/src/util/string_util.c:1013:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(hhs) % 2) // if odd number of characters
data/ddcutil-0.9.9/src/util/string_util.c:1016:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bytect = strlen(hhs)/2;
data/ddcutil-0.9.9/src/util/string_util.c:1102:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sepsize = strlen(sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:1135:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buffer) == required_size-1);
data/ddcutil-0.9.9/src/util/string_util.c:1180:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sepsize = strlen(sepstr);
data/ddcutil-0.9.9/src/util/string_util.c:1199:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf+strlen(buf), pattern, bytes[i]);
data/ddcutil-0.9.9/src/util/string_util.c:1208:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(buf) <= required_size-1);
data/ddcutil-0.9.9/src/util/string_util.h:36:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, (buflen) ); \
data/ddcutil-0.9.9/src/util/subprocess_util.c:40:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufsz = strlen(shell_cmd) + 50;
data/ddcutil-0.9.9/src/util/subprocess_util.c:56:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_line) > 0) {
data/ddcutil-0.9.9/src/util/subprocess_util.c:58:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ch = a_line[strlen(a_line)-1];
data/ddcutil-0.9.9/src/util/subprocess_util.c:65:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_line[strlen(a_line)-1] = '\0';
data/ddcutil-0.9.9/src/util/subprocess_util.c:134:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int bufsz = strlen(shell_cmd) + 50;
data/ddcutil-0.9.9/src/util/subprocess_util.c:150:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a_line) > 0)
data/ddcutil-0.9.9/src/util/subprocess_util.c:151:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a_line[strlen(a_line)-1] = '\0';
data/ddcutil-0.9.9/src/util/subprocess_util.c:234:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char * full_cmd = calloc(1, strlen(cmd) + 20);
data/ddcutil-0.9.9/src/util/udev_util.c:276:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rpt_vstring(d2, "%*s %s", (int) strlen(attr_name) + 3, " ", ntsa[ndx]);
data/ddcutil-0.9.9/src/vcp/parse_capabilities.c:915:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return parse_capabilities(caps, strlen(caps));
data/ddcutil-0.9.9/src/vcp/parse_capabilities.c:995:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(text);
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:70:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cursz = strlen(buf);
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:71:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(cursz + 2 + strlen(val) + 1 <= bufsz);
data/ddcutil-0.9.9/src/vcp/vcp_feature_codes.c:1671:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(sgamma);
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:174:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int space_remaining = bufsz - strlen(buffer);
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:175:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(buf0) < space_remaining )
data/ddcutil-0.9.9/src/vcp/vcp_feature_values.c:178:16: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, buf0, space_remaining-4);
ANALYSIS SUMMARY:
Hits = 771
Lines analyzed = 94268 in approximately 2.40 seconds (39244 lines/second)
Physical Source Lines of Code (SLOC) = 58372
Hits@level = [0] 949 [1] 250 [2] 449 [3] 2 [4] 69 [5] 1
Hits@level+ = [0+] 1720 [1+] 771 [2+] 521 [3+] 72 [4+] 70 [5+] 1
Hits/KSLOC@level+ = [0+] 29.4662 [1+] 13.2084 [2+] 8.92551 [3+] 1.23347 [4+] 1.19921 [5+] 0.0171315
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.