Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dkopp-6.5/zfuncs.h
Examining data/dkopp-6.5/zfuncs.cc
Examining data/dkopp-6.5/dkopp-6.5.cc
FINAL RESULTS:
data/dkopp-6.5/dkopp-6.5.cc:2879:13: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
err = chown(file2,uid,gid);
data/dkopp-6.5/dkopp-6.5.cc:2881:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
err = chmod(file2,perms);
data/dkopp-6.5/dkopp-6.5.cc:3751:21: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (! err) chmod(dfile,0700);
data/dkopp-6.5/dkopp-6.5.cc:3799:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(dfile,fstat.st_mode); // set output file attributes
data/dkopp-6.5/dkopp-6.5.cc:3800:10: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
err = chown(dfile,fstat.st_uid,fstat.st_gid); // (if supported by file system)
data/dkopp-6.5/zfuncs.cc:491:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
cc2 = readlink("/proc/self/exe",command+cc1,990);
data/dkopp-6.5/dkopp-6.5.cc:357:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJfile,argv[++ii]);
data/dkopp-6.5/dkopp-6.5.cc:359:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(BJfile,argv[++ii]); clrun++; }
data/dkopp-6.5/dkopp-6.5.cc:361:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scrFile,argv[++ii]);
data/dkopp-6.5/dkopp-6.5.cc:362:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(BJfile,argv[ii]); // assume a job file and load it
data/dkopp-6.5/dkopp-6.5.cc:478:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(userdir,get_zuserdir()); // get temp file names
data/dkopp-6.5/dkopp-6.5.cc:479:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFdiskfiles,"%s/diskfiles",userdir);
data/dkopp-6.5/dkopp-6.5.cc:480:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFdvdfiles,"%s/dvdfiles",userdir);
data/dkopp-6.5/dkopp-6.5.cc:481:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFfilepoop,"%s/filepoop",userdir);
data/dkopp-6.5/dkopp-6.5.cc:482:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFjobfile,"%s/jobfile",userdir);
data/dkopp-6.5/dkopp-6.5.cc:483:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFdatetime,"%s/datetime",userdir);
data/dkopp-6.5/dkopp-6.5.cc:484:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFrestorefiles,"%s/restorefiles.sh",userdir);
data/dkopp-6.5/dkopp-6.5.cc:485:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TFrestoredirks,"%s/restoredirks.sh",userdir);
data/dkopp-6.5/dkopp-6.5.cc:515:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(BJinex[1],"include %s/*",home); // include /home/username/*
data/dkopp-6.5/dkopp-6.5.cc:516:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(BJinex[2],"exclude %s/.Trash/*",home); // exclude /home/username/.Trash/*
data/dkopp-6.5/dkopp-6.5.cc:517:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(BJinex[3],"exclude %s/.thumbnails/*",home); // exclude /home/username/.thumbnails/*
data/dkopp-6.5/dkopp-6.5.cc:543:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Searching for DVD/BD devices ... \n");
data/dkopp-6.5/dkopp-6.5.cc:577:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ii < nmenu) { strcpy(menu1,menu); return; }
data/dkopp-6.5/dkopp-6.5.cc:582:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (ii < nmenu) strcpy(menu2,menu);
data/dkopp-6.5/dkopp-6.5.cc:585:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** bad command: %s \n",menu);
data/dkopp-6.5/dkopp-6.5.cc:629:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** can't open script file: %s \n",scrFile);
data/dkopp-6.5/dkopp-6.5.cc:643:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n""Script: %s \n",buff); // write to log
data/dkopp-6.5/dkopp-6.5.cc:672:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"script exiting \n");
data/dkopp-6.5/dkopp-6.5.cc:720:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n""ready \n"); // already dead
data/dkopp-6.5/dkopp-6.5.cc:726:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** kill again: %s \n",subprocName);
data/dkopp-6.5/dkopp-6.5.cc:729:15: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," *** waiting for function to quit \n"); // or wait for function to die
data/dkopp-6.5/dkopp-6.5.cc:733:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** KILL current function \n"); // initial kill
data/dkopp-6.5/dkopp-6.5.cc:785:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJfile,scriptParam);
data/dkopp-6.5/dkopp-6.5.cc:796:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJfile,file);
data/dkopp-6.5/dkopp-6.5.cc:815:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJfile,scriptParam);
data/dkopp-6.5/dkopp-6.5.cc:832:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(BJfile,file);
data/dkopp-6.5/dkopp-6.5.cc:862:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open job file: %s \n",fspec);
data/dkopp-6.5/dkopp-6.5.cc:873:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** input record too big \n");
data/dkopp-6.5/dkopp-6.5.cc:925:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** exceed %d include/exclude recs \n",maxnx);
data/dkopp-6.5/dkopp-6.5.cc:932:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** unrecognized record: %s \n",buff);
data/dkopp-6.5/dkopp-6.5.cc:956:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open file: %s \n",fspec);
data/dkopp-6.5/dkopp-6.5.cc:998:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjfile,dvdmp); // dvd mount point
data/dkopp-6.5/dkopp-6.5.cc:999:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(vjfile,V_JOBFILE); // + dvd job file
data/dkopp-6.5/dkopp-6.5.cc:1144:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"%s""\n",BJinex[ii]);
data/dkopp-6.5/dkopp-6.5.cc:1179:12: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
pp = wscanf(editwidget,ftf); // include/exclude recs.
data/dkopp-6.5/dkopp-6.5.cc:1184:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** exceed %d include/exclude recs \n",maxnx);
data/dkopp-6.5/dkopp-6.5.cc:1203:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbmode,menu);
data/dkopp-6.5/dkopp-6.5.cc:1209:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbmode,BJbmode); // use job file backup & verify modes
data/dkopp-6.5/dkopp-6.5.cc:1210:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mvmode,BJvmode);
data/dkopp-6.5/dkopp-6.5.cc:1215:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no valid backup job \n");
data/dkopp-6.5/dkopp-6.5.cc:1223:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog,"ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1240:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** nothing to back-up \n");
data/dkopp-6.5/dkopp-6.5.cc:1247:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," files: %d bytes: %.0f \n",Dnf,Dbytes); // files and bytes to copy
data/dkopp-6.5/dkopp-6.5.cc:1267:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open /tmp scratch file \n");
data/dkopp-6.5/dkopp-6.5.cc:1290:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," writing DVD/BD medium %d of %d, %s \n",
data/dkopp-6.5/dkopp-6.5.cc:1295:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(command, // build growisofs command line
data/dkopp-6.5/dkopp-6.5.cc:1313:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup time: %.0f secs \n",secs);
data/dkopp-6.5/dkopp-6.5.cc:1315:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup speed: %.2f MB/sec \n",bspeed);
data/dkopp-6.5/dkopp-6.5.cc:1316:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup complete \n");
data/dkopp-6.5/dkopp-6.5.cc:1317:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (BJndvd > 1) wprintf(mLog," (DVD/BD medium no. %d) \n",dvdnum);
data/dkopp-6.5/dkopp-6.5.cc:1341:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup is being repeated \n",dvdnum);
data/dkopp-6.5/dkopp-6.5.cc:1351:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup job complete \n");
data/dkopp-6.5/dkopp-6.5.cc:1358:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup time: %.0f secs \n",secs);
data/dkopp-6.5/dkopp-6.5.cc:1360:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup speed: %.2f MB/sec \n",bspeed);
data/dkopp-6.5/dkopp-6.5.cc:1362:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," media may be OK: check with Verify \n"); // v.5.3
data/dkopp-6.5/dkopp-6.5.cc:1386:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no files for backup \n");
data/dkopp-6.5/dkopp-6.5.cc:1391:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no DVD/BD files \n");
data/dkopp-6.5/dkopp-6.5.cc:1397:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," files: %d bytes: %.0f \n",Mfiles,Mbytes); // files and bytes to copy
data/dkopp-6.5/dkopp-6.5.cc:1400:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," nothing to back-up \n");
data/dkopp-6.5/dkopp-6.5.cc:1408:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open /tmp scratch file \n");
data/dkopp-6.5/dkopp-6.5.cc:1446:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"/usr/bin/growisofs -M %s %s -r -graft-points " // build growisofs command line
data/dkopp-6.5/dkopp-6.5.cc:1462:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup time: %.0f secs \n",secs);
data/dkopp-6.5/dkopp-6.5.cc:1464:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup speed: %.2f MB/sec \n",bspeed);
data/dkopp-6.5/dkopp-6.5.cc:1465:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup complete \n");
data/dkopp-6.5/dkopp-6.5.cc:1520:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files on DVD/BD \n",Vnf);
data/dkopp-6.5/dkopp-6.5.cc:1531:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog,"\n\n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1562:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(filespec)); // output filespec
data/dkopp-6.5/dkopp-6.5.cc:1564:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/dkopp-6.5/dkopp-6.5.cc:1579:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," Compare to disk files with matching names and mod times.\n");
data/dkopp-6.5/dkopp-6.5.cc:1580:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog,"\n\n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1616:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD files: %d bytes: %.0f \n",vfiles,vbytes);
data/dkopp-6.5/dkopp-6.5.cc:1617:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD read errors: %d \n",verrs);
data/dkopp-6.5/dkopp-6.5.cc:1620:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," matching disk names: %d mod times: %d \n",dfiles1,dfiles2);
data/dkopp-6.5/dkopp-6.5.cc:1621:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," compare failures: %d \n",cerrs);
data/dkopp-6.5/dkopp-6.5.cc:1625:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," verify time: %.0f secs \n",secs);
data/dkopp-6.5/dkopp-6.5.cc:1627:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," verify speed: %.2f MB/sec \n",vspeed);
data/dkopp-6.5/dkopp-6.5.cc:1630:9: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," NO ERRORS \n");
data/dkopp-6.5/dkopp-6.5.cc:1633:15: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (! Vnf) wprintf(mLog," *** no files on DVD/BD \n");
data/dkopp-6.5/dkopp-6.5.cc:1636:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1668:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** backup job is invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:1677:28: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (BJfiles[ii] > 0) wprintf(mLog," %6d %9s %3d", BJfiles[ii], bytes, BJdvdno[ii]);
data/dkopp-6.5/dkopp-6.5.cc:1678:28: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (BJfiles[ii] < 0) wprintf(mLog," %6d %9s ", BJfiles[ii], bytes);
data/dkopp-6.5/dkopp-6.5.cc:1679:29: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (BJfiles[ii] == 0) wprintf(mLog," ");
data/dkopp-6.5/dkopp-6.5.cc:1680:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",BJinex[ii]);
data/dkopp-6.5/dkopp-6.5.cc:1684:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %6d %9s TOTAL %d disks \n", Dnf, bytes, BJndvd);
data/dkopp-6.5/dkopp-6.5.cc:1687:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1699:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** backup job is invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:1707:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n disk files: %d DVD/BD files: %d \n",Dnf,Vnf);
data/dkopp-6.5/dkopp-6.5.cc:1708:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Differences between DVD/BD and files on disk: \n");
data/dkopp-6.5/dkopp-6.5.cc:1709:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %7d disk files not on DVD/BD - new \n",nnew);
data/dkopp-6.5/dkopp-6.5.cc:1710:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %7d files on disk and DVD/BD - unchanged \n",nunc);
data/dkopp-6.5/dkopp-6.5.cc:1711:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %7d files on disk and DVD/BD - modified \n",nmod);
data/dkopp-6.5/dkopp-6.5.cc:1712:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %7d DVD/BD files not on disk - deleted \n",ndel);
data/dkopp-6.5/dkopp-6.5.cc:1715:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," Total differences: %d files %s \n",nnew+ndel+nmod,bytes);
data/dkopp-6.5/dkopp-6.5.cc:1718:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1733:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** backup job is invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:1744:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Disk:DVD/BD differences by directory \n");
data/dkopp-6.5/dkopp-6.5.cc:1746:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," new mod del bytes directory \n");
data/dkopp-6.5/dkopp-6.5.cc:1764:26: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (kfiles > 0) wprintf(mLog," %5d %5d %5d %8s %s \n", // v.5.2
data/dkopp-6.5/dkopp-6.5.cc:1767:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ppdirk,pdirk); // start new directory
data/dkopp-6.5/dkopp-6.5.cc:1797:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %5d %5d %5d %8s %s \n",knew,kmod,kdel,bytes,ppdirk);
data/dkopp-6.5/dkopp-6.5.cc:1804:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1816:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** backup job is invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:1822:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Detailed list of disk:DVD/BD differences: \n");
data/dkopp-6.5/dkopp-6.5.cc:1824:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n %d new files (on disk, not on DVD/BD) \n",nnew);
data/dkopp-6.5/dkopp-6.5.cc:1829:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Drec[dii].file));
data/dkopp-6.5/dkopp-6.5.cc:1833:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n %d modified files (disk and DVD/BD files are different) \n",nmod);
data/dkopp-6.5/dkopp-6.5.cc:1838:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Drec[dii].file));
data/dkopp-6.5/dkopp-6.5.cc:1842:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n %d deleted files (on DVD/BD, not on disk) \n",ndel);
data/dkopp-6.5/dkopp-6.5.cc:1847:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Vrec[vii].file));
data/dkopp-6.5/dkopp-6.5.cc:1852:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1864:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** backup job is invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:1868:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n List all files for backup: \n");
data/dkopp-6.5/dkopp-6.5.cc:1871:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files found \n",Dnf);
data/dkopp-6.5/dkopp-6.5.cc:1876:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Drec[dii].file));
data/dkopp-6.5/dkopp-6.5.cc:1880:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:1892:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n List all files on DVD/BD: \n");
data/dkopp-6.5/dkopp-6.5.cc:1895:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files found \n",Vnf);
data/dkopp-6.5/dkopp-6.5.cc:1900:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Vrec[vii].file));
data/dkopp-6.5/dkopp-6.5.cc:1920:9: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," DVD/BD not mounted \n");
data/dkopp-6.5/dkopp-6.5.cc:1922:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n find files matching wildcard pattern \n"); // get search pattern
data/dkopp-6.5/dkopp-6.5.cc:1927:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," search pattern: %s \n",fspec2);
data/dkopp-6.5/dkopp-6.5.cc:1935:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Drec[dii].file));
data/dkopp-6.5/dkopp-6.5.cc:1944:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(Vrec[vii].file));
data/dkopp-6.5/dkopp-6.5.cc:1963:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nn == 0) wprintf(mLog," no history files found \n");
data/dkopp-6.5/dkopp-6.5.cc:1964:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nn == maxhist) wprintf(mLog," *** too many history files, please purge");
data/dkopp-6.5/dkopp-6.5.cc:1972:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",hfile1);
data/dkopp-6.5/dkopp-6.5.cc:1976:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** file open error \n");
data/dkopp-6.5/dkopp-6.5.cc:1986:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",buff);
data/dkopp-6.5/dkopp-6.5.cc:1994:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2012:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," available history files in %s \n",userdir);
data/dkopp-6.5/dkopp-6.5.cc:2029:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nn == 0) wprintf(mLog," no history files found \n");
data/dkopp-6.5/dkopp-6.5.cc:2030:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nn == maxhist) wprintf(mLog," *** too many history files, please purge");
data/dkopp-6.5/dkopp-6.5.cc:2036:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," dkopp-hist-%s \n",pvlist_get(flist,ii));
data/dkopp-6.5/dkopp-6.5.cc:2059:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2071:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Restore files from DVD/BD \n");
data/dkopp-6.5/dkopp-6.5.cc:2074:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files on DVD/BD \n",Vnf);
data/dkopp-6.5/dkopp-6.5.cc:2102:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(editwidget,"%s""\n",RJinex[ii]); // pack into file selection edit box
data/dkopp-6.5/dkopp-6.5.cc:2137:12: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
pp = wscanf(editwidget,ftf);
data/dkopp-6.5/dkopp-6.5.cc:2144:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** exceed %d include/exclude recs \n",maxnx);
data/dkopp-6.5/dkopp-6.5.cc:2150:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fcfrom,dvdmp); // start at /media/xxxx/home/xxxx/
data/dkopp-6.5/dkopp-6.5.cc:2151:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fcfrom,RJfrom);
data/dkopp-6.5/dkopp-6.5.cc:2159:9: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," *** correct errors in restore job \n");
data/dkopp-6.5/dkopp-6.5.cc:2176:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** restore job has errors \n");
data/dkopp-6.5/dkopp-6.5.cc:2180:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n copy %d files from DVD/BD: %s \n",Rnf, RJfrom);
data/dkopp-6.5/dkopp-6.5.cc:2181:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," to directory: %s \n",RJto);
data/dkopp-6.5/dkopp-6.5.cc:2182:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n resulting files will be the following: \n");
data/dkopp-6.5/dkopp-6.5.cc:2195:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** not within copy-from: %s \n",kleenex(file1));
data/dkopp-6.5/dkopp-6.5.cc:2200:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2,RJto);
data/dkopp-6.5/dkopp-6.5.cc:2201:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2+cc2,file1+cc1);
data/dkopp-6.5/dkopp-6.5.cc:2202:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(file2));
data/dkopp-6.5/dkopp-6.5.cc:2206:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2221:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** restore job has errors \n");
data/dkopp-6.5/dkopp-6.5.cc:2237:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dfile,RJto); // to: /destination/filespec
data/dkopp-6.5/dkopp-6.5.cc:2238:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dfile,Rrec[ii].file+ccf);
data/dkopp-6.5/dkopp-6.5.cc:2239:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",kleenex(dfile));
data/dkopp-6.5/dkopp-6.5.cc:2241:20: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (errmess) wprintf(mLog," *** %s \n",errmess);
data/dkopp-6.5/dkopp-6.5.cc:2249:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2289:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dvddevs[ndvds],pp); // save DVD/BD device
data/dkopp-6.5/dkopp-6.5.cc:2297:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dvddevdesc[ii],dvddevs[ii]);
data/dkopp-6.5/dkopp-6.5.cc:2299:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dvddevdesc[ii],dvddesc[ii]);
data/dkopp-6.5/dkopp-6.5.cc:2302:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD devices found: %d \n",ndvds); // output list of DVDs v.5.1
data/dkopp-6.5/dkopp-6.5.cc:2304:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s %s \n",dvddevs[ii],dvddesc[ii]);
data/dkopp-6.5/dkopp-6.5.cc:2367:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD and mount point: %s %s \n",BJdvd,dvdmp);
data/dkopp-6.5/dkopp-6.5.cc:2368:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2381:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (*dvdlabel) wprintf(mLog," old DVD/BD label: %s \n",dvdlabel);
data/dkopp-6.5/dkopp-6.5.cc:2386:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," new DVD/BD label: %s \n",dvdlabel);
data/dkopp-6.5/dkopp-6.5.cc:2428:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," already mounted: %s %s \n",BJdvd,dvdmp); // v.6.5
data/dkopp-6.5/dkopp-6.5.cc:2436:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuff,"mount -t iso9660 %s %s 2>&1",BJdvd,dvdmp); // mount the DVD/BD
data/dkopp-6.5/dkopp-6.5.cc:2462:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d %d mounted \n",BJdvd,dvdmp);
data/dkopp-6.5/dkopp-6.5.cc:2468:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mbuff,"mount -t iso9660 %s %s 2>&1",BJdvd,dvdmp); // mount the DVD/BD
data/dkopp-6.5/dkopp-6.5.cc:2475:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," waiting for mount ... \n");
data/dkopp-6.5/dkopp-6.5.cc:2493:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(command,"r");
data/dkopp-6.5/dkopp-6.5.cc:2500:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mbuff,dvdmp);
data/dkopp-6.5/dkopp-6.5.cc:2501:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mbuff,V_DATETIME); // get last usage date/time if poss.
data/dkopp-6.5/dkopp-6.5.cc:2509:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD label: %s last dkopp: %s \n",dvdlabel,mediumDT);
data/dkopp-6.5/dkopp-6.5.cc:2526:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"umount %s 2>&1",dvdmp); // use mount point v.4.8
data/dkopp-6.5/dkopp-6.5.cc:2528:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2545:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"eject %s 2>&1",BJdvd);
data/dkopp-6.5/dkopp-6.5.cc:2547:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2567:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2585:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"growisofs -Z %s=/dev/zero %s 2>&1",BJdvd,gforce);
data/dkopp-6.5/dkopp-6.5.cc:2589:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2607:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"dvd+rw-format -force %s 2>&1",BJdvd);
data/dkopp-6.5/dkopp-6.5.cc:2611:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (Fgui) wprintf(mLog," ready \n"); // v.5.0
data/dkopp-6.5/dkopp-6.5.cc:2637:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",dkopp_title);
data/dkopp-6.5/dkopp-6.5.cc:2638:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," free software: %s \n",dkopp_license);
data/dkopp-6.5/dkopp-6.5.cc:2709:19: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s file: %s \n",strerror(errno),kleenex(file2));
data/dkopp-6.5/dkopp-6.5.cc:2716:26: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (arg == 101) wprintf(editwidget,"include %s""\n",ppf);
data/dkopp-6.5/dkopp-6.5.cc:2717:26: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (arg == 102) wprintf(editwidget,"exclude %s""\n",ppf);
data/dkopp-6.5/dkopp-6.5.cc:2745:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mediumDT,backupDT);
data/dkopp-6.5/dkopp-6.5.cc:2749:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open /tmp scratch file \n");
data/dkopp-6.5/dkopp-6.5.cc:2772:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open /tmp scratch file \n");
data/dkopp-6.5/dkopp-6.5.cc:2781:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirk,Drec[ii].file); // next file on disk
data/dkopp-6.5/dkopp-6.5.cc:2795:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** error: %s file: %s \n",strerror(errno),kleenex(dirk));
data/dkopp-6.5/dkopp-6.5.cc:2807:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pdirk,dirk); // prior = this directory
data/dkopp-6.5/dkopp-6.5.cc:2809:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,Drec[ii].file); // disk file, again
data/dkopp-6.5/dkopp-6.5.cc:2813:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** error: %s file: %s \n",strerror(errno),kleenex(file));
data/dkopp-6.5/dkopp-6.5.cc:2839:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n restore directory owner and permissions \n");
data/dkopp-6.5/dkopp-6.5.cc:2840:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," for directories anchored at: %s \n",RJto);
data/dkopp-6.5/dkopp-6.5.cc:2845:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poopfile,dvdmp); // DVD/BD file with owner & permissions
data/dkopp-6.5/dkopp-6.5.cc:2846:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(poopfile,V_FILEPOOP);
data/dkopp-6.5/dkopp-6.5.cc:2850:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open DVD/BD file: %s \n",poopfile);
data/dkopp-6.5/dkopp-6.5.cc:2875:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2,RJto); // copy-to location
data/dkopp-6.5/dkopp-6.5.cc:2876:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file2 + cc2, file1 + cc1); // + org. file, less copy-from part
data/dkopp-6.5/dkopp-6.5.cc:2877:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," owner: %4d:%4d permissions: %3o file: %s \n",
data/dkopp-6.5/dkopp-6.5.cc:2880:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s \n",strerror(errno));
data/dkopp-6.5/dkopp-6.5.cc:2882:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** error: %s \n",strerror(errno));
data/dkopp-6.5/dkopp-6.5.cc:2907:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open dkopp-hist file \n");
data/dkopp-6.5/dkopp-6.5.cc:2935:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," *** dkopp-hist file error %s \n",strerror(errno));
data/dkopp-6.5/dkopp-6.5.cc:3003:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no job data present \n");
data/dkopp-6.5/dkopp-6.5.cc:3008:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD device: %s \n",BJdvd);
data/dkopp-6.5/dkopp-6.5.cc:3009:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," capacity GB: %.1f \n",BJcap);
data/dkopp-6.5/dkopp-6.5.cc:3011:22: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (BJspeed == 0) wprintf(mLog," write speed: default \n",BJspeed); // v.4.5
data/dkopp-6.5/dkopp-6.5.cc:3012:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," write speed: %d (x 1.38 MB/sec) \n",BJspeed);
data/dkopp-6.5/dkopp-6.5.cc:3016:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** DVD/BD device is apparently invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:3021:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** DVD/BD capacity is apparently invalid \n");
data/dkopp-6.5/dkopp-6.5.cc:3025:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," backup %s \n",BJbmode);
data/dkopp-6.5/dkopp-6.5.cc:3027:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** backup mode not full/incremental/accumulate \n");
data/dkopp-6.5/dkopp-6.5.cc:3031:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," verify %s \n",BJvmode);
data/dkopp-6.5/dkopp-6.5.cc:3033:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** verify mode not full/incremental/thorough \n");
data/dkopp-6.5/dkopp-6.5.cc:3037:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," file date from: %s \n",BJdatefrom); // file age limit v.4.8
data/dkopp-6.5/dkopp-6.5.cc:3053:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** date must be > 1970.01.01 \n");
data/dkopp-6.5/dkopp-6.5.cc:3060:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %d errors \n",nerr);
data/dkopp-6.5/dkopp-6.5.cc:3077:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n Validate restore job data \n");
data/dkopp-6.5/dkopp-6.5.cc:3080:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** no job data present \n");
data/dkopp-6.5/dkopp-6.5.cc:3084:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," copy-from: %s \n",RJfrom);
data/dkopp-6.5/dkopp-6.5.cc:3085:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rdirk,dvdmp); // validate copy-from location
data/dkopp-6.5/dkopp-6.5.cc:3086:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rdirk,RJfrom); // /media/dvd/home/...
data/dkopp-6.5/dkopp-6.5.cc:3089:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** invalid copy-from location \n");
data/dkopp-6.5/dkopp-6.5.cc:3097:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," copy-to: %s \n",RJto);
data/dkopp-6.5/dkopp-6.5.cc:3100:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** invalid copy-to location \n");
data/dkopp-6.5/dkopp-6.5.cc:3110:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d errors \n",nerr);
data/dkopp-6.5/dkopp-6.5.cc:3126:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nxrec,inexrecs[ii]);
data/dkopp-6.5/dkopp-6.5.cc:3127:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",nxrec); // output
data/dkopp-6.5/dkopp-6.5.cc:3134:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot parse \n"); // cannot parse
data/dkopp-6.5/dkopp-6.5.cc:3140:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** invalid filespec \n");
data/dkopp-6.5/dkopp-6.5.cc:3178:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bjrec,BJinex[ii]); // next record
data/dkopp-6.5/dkopp-6.5.cc:3214:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** exceeded %d files \n",maxfs);
data/dkopp-6.5/dkopp-6.5.cc:3243:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** %s omit: %s \n",strerror(errno),kleenex(Drec[ii].file));
data/dkopp-6.5/dkopp-6.5.cc:3258:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** omit file too big: %s \n",kleenex(Drec[ii].file));
data/dkopp-6.5/dkopp-6.5.cc:3282:14: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (nexc) wprintf(mLog," %d files excluded by selection date \n",nexc);
data/dkopp-6.5/dkopp-6.5.cc:3314:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," files for backup: %d %s \n",nfiles,mbytes);
data/dkopp-6.5/dkopp-6.5.cc:3317:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** bug: nfiles: %d Dnf: %d \n",nfiles,Dnf);
data/dkopp-6.5/dkopp-6.5.cc:3318:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** bug: nbytes: %.0f Dbytes: %.0f \n",nbytes,Dbytes);
data/dkopp-6.5/dkopp-6.5.cc:3348:16: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (toobig) wprintf(mLog," *** warning: single include set exceeds DVD/BD capacity \n");
data/dkopp-6.5/dkopp-6.5.cc:3354:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** duplicate file: %s \n",kleenex(Drec[ii].file));
data/dkopp-6.5/dkopp-6.5.cc:3387:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"find \"%s\" -type f -or -type l >%s", // get regular files and symlinks
data/dkopp-6.5/dkopp-6.5.cc:3389:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",command);
data/dkopp-6.5/dkopp-6.5.cc:3391:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command); // list all DVD/BD files to temp file
data/dkopp-6.5/dkopp-6.5.cc:3393:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** find command failed: %s \n",wstrerror(err));
data/dkopp-6.5/dkopp-6.5.cc:3400:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** cannot open /tmp scratch file \n");
data/dkopp-6.5/dkopp-6.5.cc:3414:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** absurd file skipped: %300s (etc.) \n",kleenex(pp));
data/dkopp-6.5/dkopp-6.5.cc:3436:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," DVD/BD files: %d \n",Vnf);
data/dkopp-6.5/dkopp-6.5.cc:3454:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"\n""find all DVD/BD files to restore \n");
data/dkopp-6.5/dkopp-6.5.cc:3458:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rjrec,RJinex[ii]); // next record
data/dkopp-6.5/dkopp-6.5.cc:3459:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s \n",rjrec); // output
data/dkopp-6.5/dkopp-6.5.cc:3479:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files added \n",ninc);
data/dkopp-6.5/dkopp-6.5.cc:3497:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %d files removed \n",nexc);
data/dkopp-6.5/dkopp-6.5.cc:3519:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," total file count: %d \n",Rnf);
data/dkopp-6.5/dkopp-6.5.cc:3526:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," *** not under copy-from; %s \n",Rrec[ii].file);
data/dkopp-6.5/dkopp-6.5.cc:3736:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfile1,dvdmp); // prepend DVD/BD mount point
data/dkopp-6.5/dkopp-6.5.cc:3737:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(vfile1,vfile);
data/dkopp-6.5/dkopp-6.5.cc:3825:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vfile,dvdmp); // prepend mount point
data/dkopp-6.5/dkopp-6.5.cc:3925:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-3," %s \n",kleenex(pdirk)); // output /directory
data/dkopp-6.5/dkopp-6.5.cc:3926:4: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s \n",kleenex(pfile)); // filename
data/dkopp-6.5/dkopp-6.5.cc:3937:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-3," *** %s %s \n",errmess,kleenex(filespec));
data/dkopp-6.5/dkopp-6.5.cc:3938:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," \n");
data/dkopp-6.5/dkopp-6.5.cc:3999:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog," %s: %s \n",pname,kleenex(buff));
data/dkopp-6.5/dkopp-6.5.cc:4003:23: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (pscroll) wprintf(mLog,"\n"); // transition from scroll to overlay
data/dkopp-6.5/dkopp-6.5.cc:4004:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,-2," %s: %s \n",pname,kleenex(buff)); // output, overlay prior output
data/dkopp-6.5/dkopp-6.5.cc:4008:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,"pkill %s",subprocName);
data/dkopp-6.5/dkopp-6.5.cc:4009:10: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(mLog,"*** %s \n",buff);
data/dkopp-6.5/dkopp-6.5.cc:4010:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(buff);
data/dkopp-6.5/dkopp-6.5.cc:4026:13: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (err) wprintf(mLog," %s status: %d %s \n", pname, err, errmess);
data/dkopp-6.5/dkopp-6.5.cc:4027:9: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else wprintf(mLog," %s status: OK \n",pname);
data/dkopp-6.5/zfuncs.cc:224:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,string);
data/dkopp-6.5/zfuncs.cc:236:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format,arglist);
data/dkopp-6.5/zfuncs.cc:257:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,400,format,arglist);
data/dkopp-6.5/zfuncs.cc:275:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(command,tempfile);
data/dkopp-6.5/zfuncs.cc:277:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/dkopp-6.5/zfuncs.cc:311:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,300,format,arglist);
data/dkopp-6.5/zfuncs.cc:338:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("cat zappcrash tracedump > zappcrash2"); // combine zappcrash and tracedump
data/dkopp-6.5/zfuncs.cc:339:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("mv -f zappcrash2 zappcrash");
data/dkopp-6.5/zfuncs.cc:340:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("xdg-open zappcrash"); // popup zappcrash text file
data/dkopp-6.5/zfuncs.cc:477:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/dkopp-6.5/zfuncs.cc:481:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/dkopp-6.5/zfuncs.cc:504:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command);
data/dkopp-6.5/zfuncs.cc:913:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(cbuff,cc,command,arglist);
data/dkopp-6.5/zfuncs.cc:916:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(cbuff);
data/dkopp-6.5/zfuncs.cc:950:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(cbuff,cc,command,arglist);
data/dkopp-6.5/zfuncs.cc:954:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(cbuff);
data/dkopp-6.5/zfuncs.cc:1018:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(command[ii],2000,Fcommand,arglist);
data/dkopp-6.5/zfuncs.cc:1034:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(command[ii]); // start command, wait until done
data/dkopp-6.5/zfuncs.cc:1092:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buff,9999,command,arglist);
data/dkopp-6.5/zfuncs.cc:1095:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(buff,"r"); // execute command, output to FID
data/dkopp-6.5/zfuncs.cc:1144:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff,"ps -C %s h o pid",pname);
data/dkopp-6.5/zfuncs.cc:1145:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(buff,"r"); // popen() instead of system()
data/dkopp-6.5/zfuncs.cc:1178:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(xtcommand);
data/dkopp-6.5/zfuncs.cc:1186:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system(xtcommand);
data/dkopp-6.5/zfuncs.cc:1270:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirk,ppath);
data/dkopp-6.5/zfuncs.cc:1285:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,pp); // file part
data/dkopp-6.5/zfuncs.cc:1292:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,pp); // .ext part
data/dkopp-6.5/zfuncs.cc:1723:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (dest != source) strcpy(dest,source);
data/dkopp-6.5/zfuncs.cc:1767:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (dest != source) strcpy(dest,source);
data/dkopp-6.5/zfuncs.cc:1870:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,source);
data/dkopp-6.5/zfuncs.cc:1891:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest,source);
data/dkopp-6.5/zfuncs.cc:1924:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(strout,strin);
data/dkopp-6.5/zfuncs.cc:1960:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ftemp,strout);
data/dkopp-6.5/zfuncs.cc:2037:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work,pNum);
data/dkopp-6.5/zfuncs.cc:2038:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work+k1,pNum+k2+1);
data/dkopp-6.5/zfuncs.cc:2039:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pNum,work);
data/dkopp-6.5/zfuncs.cc:2074:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,string);
data/dkopp-6.5/zfuncs.cc:2485:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+1,pstr+2);
data/dkopp-6.5/zfuncs.cc:2488:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+1,pstr+2);
data/dkopp-6.5/zfuncs.cc:2491:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+1,pstr+2);
data/dkopp-6.5/zfuncs.cc:2494:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+2,pstr+3);
data/dkopp-6.5/zfuncs.cc:2497:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pstr) strcpy(pstr+2,pstr+3);
data/dkopp-6.5/zfuncs.cc:2747:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"find \"%s\" -type f -or -type l",searchpath); // find files (ordinary, symlink)
data/dkopp-6.5/zfuncs.cc:2748:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(command,"r");
data/dkopp-6.5/zfuncs.cc:2821:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command,"find \"%s\" -type f -or -type l",searchpath); // find files (ordinary, symlink)
data/dkopp-6.5/zfuncs.cc:2822:13: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(command,"r");
data/dkopp-6.5/zfuncs.cc:3746:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,199,format,arglist);
data/dkopp-6.5/zfuncs.cc:3854:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zappname,appname); // save app name v.5.6
data/dkopp-6.5/zfuncs.cc:3861:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zprefix,work); // /prefix
data/dkopp-6.5/zfuncs.cc:3930:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(filespec,filetype); // leave /type as default
data/dkopp-6.5/zfuncs.cc:3932:32: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"doc")) strcpy(filespec,zdocdir); // /usr/share/doc/appname
data/dkopp-6.5/zfuncs.cc:3933:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"data")) strcpy(filespec,zdatadir); // /usr/share/appname/data
data/dkopp-6.5/zfuncs.cc:3934:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"locale")) strcpy(filespec,zlocalesdir); // /usr/share/appname/locales
data/dkopp-6.5/zfuncs.cc:3935:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (strEqu(filetype,"user")) strcpy(filespec,zuserdir); // /home/<user>/.appname
data/dkopp-6.5/zfuncs.cc:3937:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec,zuserdir); // /home/<user>/.appname/locales
data/dkopp-6.5/zfuncs.cc:3944:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fext,pp); // file type .fext
data/dkopp-6.5/zfuncs.cc:3956:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec+cc+1,fname); // /directories.../fname
data/dkopp-6.5/zfuncs.cc:3960:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,lc_RC); // /directories.../fname-lc_RC.fext
data/dkopp-6.5/zfuncs.cc:3961:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pp,fext);
data/dkopp-6.5/zfuncs.cc:3965:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp+3,fext); // /directories.../fname-lc.fext
data/dkopp-6.5/zfuncs.cc:3970:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pp,fext);
data/dkopp-6.5/zfuncs.cc:3974:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pp,fext); // /directories.../fname.fext
data/dkopp-6.5/zfuncs.cc:3979:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec,zdocdir); // /usr/share/doc/appname/extras
data/dkopp-6.5/zfuncs.cc:4083:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("which firefox"); // use xdg-open only as last resort
data/dkopp-6.5/zfuncs.cc:4086:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("which chromium-browser");
data/dkopp-6.5/zfuncs.cc:4089:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
err = system("which xdg-open");
data/dkopp-6.5/zfuncs.cc:4127:10: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fid = popen(xdgcomm,"r"); // get desktop directory for user locale
data/dkopp-6.5/zfuncs.cc:4132:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
int nn = fscanf(fid,"%s",dtdir);
data/dkopp-6.5/zfuncs.cc:4339:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poname,pp+1);
data/dkopp-6.5/zfuncs.cc:4350:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ponamexx,poname);
data/dkopp-6.5/zfuncs.cc:4351:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(poname+(pp+1-poname),zlang); // translate-en.po >> translate-xx.po
data/dkopp-6.5/zfuncs.cc:4356:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(localpo,"%s/%s",ulocalesdir,poname); // final uncompressed local .po file
data/dkopp-6.5/zfuncs.cc:4671:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *mLog, int line, cchar *format, ... ) // "printf" version
data/dkopp-6.5/zfuncs.cc:4677:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist);
data/dkopp-6.5/zfuncs.cc:4684:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *mLog, cchar *format, ... ) // "printf", scrolling output
data/dkopp-6.5/zfuncs.cc:4690:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist); // stop overflow, remove warning
data/dkopp-6.5/zfuncs.cc:4771:8: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
char * wscanf(GtkWidget *mLog, int & ftf)
data/dkopp-6.5/zfuncs.cc:4836:14: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
prec = wscanf(mLog,ftf); // get text line
data/dkopp-6.5/zfuncs.cc:6120:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mdesc+1,desc);
data/dkopp-6.5/zfuncs.cc:7891:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zdposn[nn].wintitle,wintitle);
data/dkopp-6.5/zfuncs.cc:8045:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zdposn[ii].wintitle,wintitle); // add window to table
data/dkopp-6.5/zfuncs.cc:8135:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wname[ii],pp1); // save widget name and data
data/dkopp-6.5/zfuncs.cc:8136:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wdata2,pp2);
data/dkopp-6.5/zfuncs.cc:8376:17: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (mWin) wprintf(mLog," %s\n",text);
data/dkopp-6.5/zfuncs.cc:8454:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist);
data/dkopp-6.5/zfuncs.cc:8484:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,999,format,arglist);
data/dkopp-6.5/zfuncs.cc:8511:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,400,format,arglist);
data/dkopp-6.5/zfuncs.cc:8548:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message,400,format,arglist);
data/dkopp-6.5/zfuncs.cc:8744:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptext,text);
data/dkopp-6.5/zfuncs.cc:8797:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ptext,text);
data/dkopp-6.5/zfuncs.cc:9363:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(imagesize,100,formatsize,pwidth,pheight); // show print size in dialog
data/dkopp-6.5/zfuncs.cc:9398:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(imagesize,100,formatsize,pwidth,pheight); // show print size in dialog
data/dkopp-6.5/zfuncs.cc:9868:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pp) strcpy(pp+1,pfile); // in same directory as prior
data/dkopp-6.5/zfuncs.cc:9932:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (pp) strcpy(pp+1,pfile); // in same directory as prior
data/dkopp-6.5/zfuncs.cc:10017:7: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
wprintf(textWin," %s %.12g \n",pname,pvalue);
data/dkopp-6.5/zfuncs.cc:10227:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (xcc) strcpy(xpp,string); // copy string
data/dkopp-6.5/zfuncs.cc:10240:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp,xstr.xpp); // copy string
data/dkopp-6.5/zfuncs.cc:10272:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp,xstr.xpp); // copy string
data/dkopp-6.5/zfuncs.cc:10292:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (xcc) strcpy(xpp,str); // copy string
data/dkopp-6.5/zfuncs.cc:10302:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp,x1.xpp); // with both input strings
data/dkopp-6.5/zfuncs.cc:10303:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp + x1.xcc, x2.xpp);
data/dkopp-6.5/zfuncs.cc:10316:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp,x1.xpp); // with both input strings
data/dkopp-6.5/zfuncs.cc:10317:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s2) strcpy(temp.xpp + x1.xcc, s2);
data/dkopp-6.5/zfuncs.cc:10330:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (s1) strcpy(temp.xpp,s1); // with both input strings
data/dkopp-6.5/zfuncs.cc:10331:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp.xpp + cc1, x2.xpp);
data/dkopp-6.5/zfuncs.cc:10354:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp2,xpp); // copy to new space
data/dkopp-6.5/zfuncs.cc:10389:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(xpp2,xpp); // copy to new space
data/dkopp-6.5/zfuncs.cc:10798:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string,table+pos); // return string
data/dkopp-6.5/zfuncs.cc:11052:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tname,name);
data/dkopp-6.5/zfuncs.h:303:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *Win, int line, cchar *format, ...); // "printf" version
data/dkopp-6.5/zfuncs.h:304:6: [4] (format) wprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void wprintf(GtkWidget *Win, cchar *format, ... ); // "printf" to next line, scroll up
data/dkopp-6.5/zfuncs.h:308:8: [4] (buffer) wscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
char * wscanf(GtkWidget *Win, int &ftf); // get text lines from edit widget
data/dkopp-6.5/dkopp-6.5.cc:512:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME"); // get "/home/username"
data/dkopp-6.5/zfuncs.cc:3606:11: [3] (random) nrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return nrand48((unsigned int16 *) seed);
data/dkopp-6.5/zfuncs.cc:3619:11: [3] (random) erand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return erand48((unsigned int16 *) seed);
data/dkopp-6.5/zfuncs.cc:3871:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(zuserdir,199,"%s/.%s",getenv("HOME"),zappname); // /home/<username>/.appname/
data/dkopp-6.5/zfuncs.cc:4291:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pp = getenv("LANG"); // use $LANG if defined
data/dkopp-6.5/zfuncs.cc:4292:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (! pp) pp = getenv("LANGUAGE"); // use $LANGUAGE if defined
data/dkopp-6.5/dkopp-6.5.cc:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subprocName[20]; // name of created subprocess
data/dkopp-6.5/dkopp-6.5.cc:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scriptParam[200]; // parameter from script file
data/dkopp-6.5/dkopp-6.5.cc:79:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mbmode[20], mvmode[20]; // actual backup, verify modes
data/dkopp-6.5/dkopp-6.5.cc:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrFile[maxfcc]; // command line script file
data/dkopp-6.5/dkopp-6.5.cc:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backupDT[16]; // nominal backup date: yyyymmdd-hhmm
data/dkopp-6.5/dkopp-6.5.cc:84:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userdir[200]; // /home/user/.dkopp
data/dkopp-6.5/dkopp-6.5.cc:85:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFdiskfiles[200], TFdvdfiles[200]; // scratch files in userdir
data/dkopp-6.5/dkopp-6.5.cc:86:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFjobfile[200], TFfilepoop[200], TFdatetime[200];
data/dkopp-6.5/dkopp-6.5.cc:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TFrestorefiles[200], TFrestoredirks[200];
data/dkopp-6.5/dkopp-6.5.cc:92:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dvddevs[8][20]; // DVD/BD devices, /dev/sr0 etc.
data/dkopp-6.5/dkopp-6.5.cc:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dvddesc[8][40]; // DVD/BD device descriptions
data/dkopp-6.5/dkopp-6.5.cc:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dvddevdesc[8][60]; // combined device and description
data/dkopp-6.5/dkopp-6.5.cc:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJfile[maxfcc]; // backup job file
data/dkopp-6.5/dkopp-6.5.cc:99:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJdvd[20]; // DVD/BD device: /dev/hdb
data/dkopp-6.5/dkopp-6.5.cc:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJbmode[20]; // backup: full/incremental/accumulate
data/dkopp-6.5/dkopp-6.5.cc:103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJvmode[20]; // verify: full/incremental/thorough
data/dkopp-6.5/dkopp-6.5.cc:104:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BJdatefrom[12]; // mod date selection, yyyy.mm.dd
data/dkopp-6.5/dkopp-6.5.cc:109:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *BJinex[maxnx]; // backup include/exclude records
data/dkopp-6.5/dkopp-6.5.cc:117:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dvdmp[100]; // mount point, /media/xxxxx
data/dkopp-6.5/dkopp-6.5.cc:120:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mediumDT[16]; // DVD/BD medium last use date-time
data/dkopp-6.5/dkopp-6.5.cc:123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dvdlabel[32]; // DVD/BD label
data/dkopp-6.5/dkopp-6.5.cc:165:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *RJinex[maxnx]; // file restore include/exclude recs.
data/dkopp-6.5/dkopp-6.5.cc:168:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RJfrom[maxfcc]; // restore copy-from: /home/.../
data/dkopp-6.5/dkopp-6.5.cc:169:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RJto[maxfcc]; // restore copy-to: /home/.../
data/dkopp-6.5/dkopp-6.5.cc:277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menu1[20], menu2[40]; // top-menu, sub-menu
data/dkopp-6.5/dkopp-6.5.cc:495:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJdvd,"/dev/sr0"); // default DVD/BD device
data/dkopp-6.5/dkopp-6.5.cc:496:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dvdmp,"/media/dkopp"); // default mount point v.5.1
data/dkopp-6.5/dkopp-6.5.cc:500:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dvdlabel,"dkopp"); // default DVD/BD label v.5.1
data/dkopp-6.5/dkopp-6.5.cc:501:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJbmode,"full"); // backup mode
data/dkopp-6.5/dkopp-6.5.cc:502:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJvmode,"full"); // verify mode
data/dkopp-6.5/dkopp-6.5.cc:505:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJdatefrom,"1970.01.01"); // file age exclusion default v.4.8
data/dkopp-6.5/dkopp-6.5.cc:514:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(BJinex[0],"# dkopp default backup job"); // initz. default backup specs
data/dkopp-6.5/dkopp-6.5.cc:522:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(RJfrom,"/home/"); // file restore copy-from location
data/dkopp-6.5/dkopp-6.5.cc:523:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(RJto,"/home/"); // file restore copy-to location
data/dkopp-6.5/dkopp-6.5.cc:527:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mediumDT,"unknown"); // DVD/BD medium last backup date-time
data/dkopp-6.5/dkopp-6.5.cc:554:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char button2[20], *pp;
data/dkopp-6.5/dkopp-6.5.cc:571:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char menu1[20] = "", menu2[40] = "";
data/dkopp-6.5/dkopp-6.5.cc:573:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100];
data/dkopp-6.5/dkopp-6.5.cc:623:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200], menu1[20], menu2[40];
data/dkopp-6.5/dkopp-6.5.cc:627:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(scrFile,"r"); // open file
data/dkopp-6.5/dkopp-6.5.cc:828:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! *BJfile) strcpy(BJfile,"dkopp.job"); // if no job file, use default
data/dkopp-6.5/dkopp-6.5.cc:849:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1000];
data/dkopp-6.5/dkopp-6.5.cc:851:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rtype2[20];
data/dkopp-6.5/dkopp-6.5.cc:860:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fspec,"r"); // open file
data/dkopp-6.5/dkopp-6.5.cc:954:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(fspec,"w"); // open file
data/dkopp-6.5/dkopp-6.5.cc:988:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vjfile[100];
data/dkopp-6.5/dkopp-6.5.cc:1155:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40], *pp;
data/dkopp-6.5/dkopp-6.5.cc:1167:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
zdialog_fetch(zd,"bmrb1",ii); if (ii) strcpy(BJbmode,"full"); // backup mode
data/dkopp-6.5/dkopp-6.5.cc:1168:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
zdialog_fetch(zd,"bmrb2",ii); if (ii) strcpy(BJbmode,"incremental");
data/dkopp-6.5/dkopp-6.5.cc:1169:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
zdialog_fetch(zd,"bmrb3",ii); if (ii) strcpy(BJbmode,"accumulate");
data/dkopp-6.5/dkopp-6.5.cc:1171:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
zdialog_fetch(zd,"vmrb1",ii); if (ii) strcpy(BJvmode,"full"); // verify mode
data/dkopp-6.5/dkopp-6.5.cc:1172:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
zdialog_fetch(zd,"vmrb2",ii); if (ii) strcpy(BJvmode,"incremental");
data/dkopp-6.5/dkopp-6.5.cc:1173:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
zdialog_fetch(zd,"vmrb3",ii); if (ii) strcpy(BJvmode,"thorough");
data/dkopp-6.5/dkopp-6.5.cc:1234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[200], Nspeed[20] = "";
data/dkopp-6.5/dkopp-6.5.cc:1235:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dfile, vfile[maxfcc], *mbytes;
data/dkopp-6.5/dkopp-6.5.cc:1249:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! *dvdlabel) strcpy(dvdlabel,"dkopp"); // if no label, default "dkopp" v.5.1
data/dkopp-6.5/dkopp-6.5.cc:1265:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFdiskfiles,"w"); // temp file for growisofs path-list
data/dkopp-6.5/dkopp-6.5.cc:1287:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (BJspeed > 0) sprintf(Nspeed,"-speed=%d",BJspeed); // v.4.5
data/dkopp-6.5/dkopp-6.5.cc:1373:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[200], Nspeed[20] = "";
data/dkopp-6.5/dkopp-6.5.cc:1374:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dfile, vfile[maxfcc], disp;
data/dkopp-6.5/dkopp-6.5.cc:1404:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! *dvdlabel) strcpy(dvdlabel,"dkopp"); // if no label, default "dkopp" v.5.1
data/dkopp-6.5/dkopp-6.5.cc:1406:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFdiskfiles,"w"); // temp file for growisofs path-list
data/dkopp-6.5/dkopp-6.5.cc:1442:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (BJspeed > 0) sprintf(Nspeed,"-speed=%d",BJspeed); // v.4.5
data/dkopp-6.5/dkopp-6.5.cc:1729:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, *pdirk, *bytes, ppdirk[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:1913:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fspec2[200] = "/home/*/file*";
data/dkopp-6.5/dkopp-6.5.cc:1914:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hfile[200], buff[1000], *pp;
data/dkopp-6.5/dkopp-6.5.cc:1974:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(hfile1,"r"); // next history file
data/dkopp-6.5/dkopp-6.5.cc:2005:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec2[200], histfile[200];
data/dkopp-6.5/dkopp-6.5.cc:2114:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40], *pp, fcfrom[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:2173:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file1, file2[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:2217:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dfile[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:2262:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[20] = "lshw -class disk"; // better than udevadm
data/dkopp-6.5/dkopp-6.5.cc:2298:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dvddevdesc[ii]," ");
data/dkopp-6.5/dkopp-6.5.cc:2315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp2, text[60];
data/dkopp-6.5/dkopp-6.5.cc:2382:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(dvdlabel,"dkopp");
data/dkopp-6.5/dkopp-6.5.cc:2396:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100], mbuff[100], *pp;
data/dkopp-6.5/dkopp-6.5.cc:2408:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mediumDT,"unknown");
data/dkopp-6.5/dkopp-6.5.cc:2502:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(mbuff,"r");
data/dkopp-6.5/dkopp-6.5.cc:2520:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[60];
data/dkopp-6.5/dkopp-6.5.cc:2539:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[60];
data/dkopp-6.5/dkopp-6.5.cc:2577:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[200];
data/dkopp-6.5/dkopp-6.5.cc:2599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[60];
data/dkopp-6.5/dkopp-6.5.cc:2711:41: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (S_ISDIR(filestat.st_mode)) strcat(file2,"/*"); // if directory, append wildcard
data/dkopp-6.5/dkopp-6.5.cc:2747:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFdatetime,"w");
data/dkopp-6.5/dkopp-6.5.cc:2767:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[maxfcc], dirk[maxfcc], pdirk[maxfcc], *pp;
data/dkopp-6.5/dkopp-6.5.cc:2770:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFfilepoop,"w");
data/dkopp-6.5/dkopp-6.5.cc:2836:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file1[maxfcc], file2[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:2837:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char poopfile[100];
data/dkopp-6.5/dkopp-6.5.cc:2848:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(poopfile,"r");
data/dkopp-6.5/dkopp-6.5.cc:2896:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backupfile[200], buff[230];
data/dkopp-6.5/dkopp-6.5.cc:2905:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(backupfile,"w");
data/dkopp-6.5/dkopp-6.5.cc:3072:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdirk[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:3121:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rtype, *fspec, nxrec[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:3156:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rtype, *fspec, bjrec[maxfcc], *mbytes;
data/dkopp-6.5/dkopp-6.5.cc:3375:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[100], *pp;
data/dkopp-6.5/dkopp-6.5.cc:3376:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fspec1[maxfcc], fspec2[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:3398:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(TFdvdfiles,"r"); // read file list
data/dkopp-6.5/dkopp-6.5.cc:3445:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *rtype, *fspec, fspecx[maxfcc], rjrec[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:3729:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vfile1[maxfcc], vfilex[maxfcc];
data/dkopp-6.5/dkopp-6.5.cc:3731:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, buff[vrcc];
data/dkopp-6.5/dkopp-6.5.cc:3740:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid1 = open(vfilex,O_RDONLY+O_NOATIME+O_LARGEFILE); // open input file
data/dkopp-6.5/dkopp-6.5.cc:3743:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid2 = open(dfile,O_WRONLY+O_CREAT+O_TRUNC+O_LARGEFILE,0700); // open output file
data/dkopp-6.5/dkopp-6.5.cc:3760:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid2 = open(dfile,O_WRONLY+O_CREAT+O_TRUNC+O_LARGEFILE,0700); // open output file again
data/dkopp-6.5/dkopp-6.5.cc:3818:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vfile[maxfcc], *vbuff = 0, *dbuff = 0;
data/dkopp-6.5/dkopp-6.5.cc:3834:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vfid = open(vfile,open_flags); // open DVD/BD file
data/dkopp-6.5/dkopp-6.5.cc:3853:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vfid = open(vfile,open_flags); // open DVD/BD file
data/dkopp-6.5/dkopp-6.5.cc:3856:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dfid = open(dfile,open_flags); // open corresp. disk file
data/dkopp-6.5/dkopp-6.5.cc:3907:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pdirk[300], pfile[300], *pp;
data/dkopp-6.5/dkopp-6.5.cc:3949:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name2[1000];
data/dkopp-6.5/dkopp-6.5.cc:3970:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1000];
data/dkopp-6.5/zfuncs.cc:181:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zappname[20]; // app name/version
data/dkopp-6.5/zfuncs.cc:182:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zprefix[200], zdatadir[200], zdocdir[200]; // app directories
data/dkopp-6.5/zfuncs.cc:183:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zicondir[200], zlocalesdir[200], zuserdir[200];
data/dkopp-6.5/zfuncs.cc:184:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zlang[8] = "en"; // "lc" or "lc_RC"
data/dkopp-6.5/zfuncs.cc:185:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JPGquality[4] = "90"; // JPG file save quality
data/dkopp-6.5/zfuncs.cc:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[400], tempfile[30], command[100];
data/dkopp-6.5/zfuncs.cc:264:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message," "); // lengthen short message
data/dkopp-6.5/zfuncs.cc:268:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempfile,"/tmp/zpopup-%06d",getpid()); // write message to temp file
data/dkopp-6.5/zfuncs.cc:269:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(tempfile,"w");
data/dkopp-6.5/zfuncs.cc:274:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"xmessage -buttons OK:0 -center -timeout 5 -file "); // create popup with message file
data/dkopp-6.5/zfuncs.cc:276:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command," &"); // return immediately
data/dkopp-6.5/zfuncs.cc:298:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[300];
data/dkopp-6.5/zfuncs.cc:323:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("zappcrash","w"); // open zappcrash file (can hang here)
data/dkopp-6.5/zfuncs.cc:394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filebuff[50][100]; // last 50 TRACE calls
data/dkopp-6.5/zfuncs.cc:395:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char funcbuff[50][60];
data/dkopp-6.5/zfuncs.cc:441:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("tracedump","w");
data/dkopp-6.5/zfuncs.cc:472:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[1000];
data/dkopp-6.5/zfuncs.cc:476:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"which gksu > /dev/null 2>&1"); // Debian
data/dkopp-6.5/zfuncs.cc:478:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"gksu \"");
data/dkopp-6.5/zfuncs.cc:480:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"which beesu > /dev/null 2>&1"); // Fedora, just to be different
data/dkopp-6.5/zfuncs.cc:482:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(command,"beesu \"");
data/dkopp-6.5/zfuncs.cc:501:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(command,"\" &"); // return immediately
data/dkopp-6.5/zfuncs.cc:605:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/dkopp-6.5/zfuncs.cc:610:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("/proc/self/stat","r");
data/dkopp-6.5/zfuncs.cc:669:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1000];
data/dkopp-6.5/zfuncs.cc:670:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *pnames[20];
data/dkopp-6.5/zfuncs.cc:694:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(pfile,"r"); // open /proc/xxx file
data/dkopp-6.5/zfuncs.cc:790:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(lockfile,O_RDWR|O_CREAT,0666); // open or create the lock file
data/dkopp-6.5/zfuncs.cc:995:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *command[10];
data/dkopp-6.5/zfuncs.cc:1081:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[10000], *prec;
data/dkopp-6.5/zfuncs.cc:1141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], *pp;
data/dkopp-6.5/zfuncs.cc:1151:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(buff);
data/dkopp-6.5/zfuncs.cc:1172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xtcommand[500];
data/dkopp-6.5/zfuncs.cc:1261:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dirk[1000], file[200], ext[8];
data/dkopp-6.5/zfuncs.cc:1440:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, buff[200];
data/dkopp-6.5/zfuncs.cc:1451:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen("/proc/self/stat","r");
data/dkopp-6.5/zfuncs.cc:1517:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *retf[100];
data/dkopp-6.5/zfuncs.cc:1518:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pf1, pf2[2000]; // 2000 limit v.5.2
data/dkopp-6.5/zfuncs.cc:1521:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char blankstring[2], nullstring[1];
data/dkopp-6.5/zfuncs.cc:1581:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delims[2] = "x";
data/dkopp-6.5/zfuncs.cc:1941:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftemp[maxfcc];
data/dkopp-6.5/zfuncs.cc:2004:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[20];
data/dkopp-6.5/zfuncs.cc:2468:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
ccc = sprintf(string,"%d",inum);
data/dkopp-6.5/zfuncs.cc:2482:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%.*g",digits,dnum);
data/dkopp-6.5/zfuncs.cc:2518:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *output[100];
data/dkopp-6.5/zfuncs.cc:2717:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char matchfile[maxfcc];
data/dkopp-6.5/zfuncs.cc:2718:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchpath[maxfcc];
data/dkopp-6.5/zfuncs.cc:2719:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[maxfcc];
data/dkopp-6.5/zfuncs.cc:2791:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char matchfile[maxfcc];
data/dkopp-6.5/zfuncs.cc:2792:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchpath[maxfcc];
data/dkopp-6.5/zfuncs.cc:2793:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[maxfcc];
data/dkopp-6.5/zfuncs.cc:3743:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[200];
data/dkopp-6.5/zfuncs.cc:3841:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char work[200];
data/dkopp-6.5/zfuncs.cc:3842:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfile[200], oldlog[200];
data/dkopp-6.5/zfuncs.cc:3924:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, fname[20], fext[8];
data/dkopp-6.5/zfuncs.cc:3925:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lc_RC[8]; // -lc or -lc_RC
data/dkopp-6.5/zfuncs.cc:3938:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filespec,"/locales");
data/dkopp-6.5/zfuncs.cc:3969:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pp,"-en"); // /directories.../fname-en.fext
data/dkopp-6.5/zfuncs.cc:3980:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filespec,"/extras"); // due to Linux chaos
data/dkopp-6.5/zfuncs.cc:3999:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filespec[200], url[200];
data/dkopp-6.5/zfuncs.cc:4028:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[200];
data/dkopp-6.5/zfuncs.cc:4044:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filex[40], filespec[200], command[200];
data/dkopp-6.5/zfuncs.cc:4048:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filex,".gz");
data/dkopp-6.5/zfuncs.cc:4077:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prog[20];
data/dkopp-6.5/zfuncs.cc:4084:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(prog,"firefox"); // v.5.2
data/dkopp-6.5/zfuncs.cc:4087:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(prog,"chromium-browser");
data/dkopp-6.5/zfuncs.cc:4090:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (! err) strcpy(prog,"xdg-open");
data/dkopp-6.5/zfuncs.cc:4118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char appname[20], dtdir[200], dtfile[200], work[200];
data/dkopp-6.5/zfuncs.cc:4141:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(dtfile,"w");
data/dkopp-6.5/zfuncs.cc:4243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[ZTXmaxcc], *ppq1, *ppq2;
data/dkopp-6.5/zfuncs.cc:4245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Etext[ZTXmaxcc], Ttext[ZTXmaxcc]; // .po text: "line 1 %s \n" "line 2"
data/dkopp-6.5/zfuncs.cc:4264:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char localpo[200], installpo[200], ulocalesdir[200];
data/dkopp-6.5/zfuncs.cc:4265:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, poname[20], ponamexx[20];
data/dkopp-6.5/zfuncs.cc:4295:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(zlang,"en"); // use English
data/dkopp-6.5/zfuncs.cc:4298:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (*zlang < 'a') strcpy(zlang,"en"); // use English if garbage
data/dkopp-6.5/zfuncs.cc:4352:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(poname,".po");
data/dkopp-6.5/zfuncs.cc:4360:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fidr = fopen(localpo,"r"); // open .po file
data/dkopp-6.5/zfuncs.cc:4495:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cleanstring[ZTXmaxcc];
data/dkopp-6.5/zfuncs.cc:4674:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/dkopp-6.5/zfuncs.cc:4687:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/dkopp-6.5/zfuncs.cc:4825:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(filespec,"w"); // open file
data/dkopp-6.5/zfuncs.cc:4880:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempfile[50];
data/dkopp-6.5/zfuncs.cc:5180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconpath[200];
data/dkopp-6.5/zfuncs.cc:5450:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, buff[maxText];
data/dkopp-6.5/zfuncs.cc:5465:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(menuconfigfile,"r"); // read window geometry
data/dkopp-6.5/zfuncs.cc:5522:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atoi(pp+5);
data/dkopp-6.5/zfuncs.cc:5683:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(menuconfigfile,"w"); // open for write
data/dkopp-6.5/zfuncs.cc:5926:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[maxText];
data/dkopp-6.5/zfuncs.cc:6096:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconpath[200], *mdesc, *name__;
data/dkopp-6.5/zfuncs.cc:6501:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vdata[30], iconpath[200];
data/dkopp-6.5/zfuncs.cc:6687:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(vdata,"%g",val);
data/dkopp-6.5/zfuncs.cc:6693:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp = strField(data,'|',1); gdkrgba.red = f256 * atoi(pp); // RGB values are 0-1 v.5.8
data/dkopp-6.5/zfuncs.cc:6694:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp = strField(data,'|',2); gdkrgba.green = f256 * atoi(pp);
data/dkopp-6.5/zfuncs.cc:6695:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pp = strField(data,'|',3); gdkrgba.blue = f256 * atoi(pp);
data/dkopp-6.5/zfuncs.cc:6746:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[8];
data/dkopp-6.5/zfuncs.cc:6928:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (pp) gdkrgba.red = f256 * atoi(pp); // RGB range is 0-1 v.5.8
data/dkopp-6.5/zfuncs.cc:6930:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (pp) gdkrgba.green = f256 * atoi(pp);
data/dkopp-6.5/zfuncs.cc:6932:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (pp) gdkrgba.blue = f256 * atoi(pp);
data/dkopp-6.5/zfuncs.cc:7110:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sdata[20];
data/dkopp-6.5/zfuncs.cc:7190:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sdata,"%g",dval);
data/dkopp-6.5/zfuncs.cc:7197:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sdata,"%.0f|%.0f|%.0f",gdkrgba.red*255,gdkrgba.green*255,gdkrgba.blue*255);
data/dkopp-6.5/zfuncs.cc:7204:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sdata,"%g",dval);
data/dkopp-6.5/zfuncs.cc:7337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1000];
data/dkopp-6.5/zfuncs.cc:7590:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/dkopp-6.5/zfuncs.cc:7592:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"%d",idata);
data/dkopp-6.5/zfuncs.cc:7599:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[32];
data/dkopp-6.5/zfuncs.cc:7632:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
idata = atoi(zdata);
data/dkopp-6.5/zfuncs.cc:7847:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wintitle[64]; // window title (ID)
data/dkopp-6.5/zfuncs.cc:7864:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char posfile[200], buff[100], wintitle[64], *pp;
data/dkopp-6.5/zfuncs.cc:7875:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(posfile,"r");
data/dkopp-6.5/zfuncs.cc:7903:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(posfile,"w");
data/dkopp-6.5/zfuncs.cc:7937:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wintitle[64], *pp;
data/dkopp-6.5/zfuncs.cc:8010:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wintitle[64], *pp;
data/dkopp-6.5/zfuncs.cc:8087:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdinputsfile[200], buff[200];
data/dkopp-6.5/zfuncs.cc:8088:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdtitle[100], wname[100][100], wdata[100][200];
data/dkopp-6.5/zfuncs.cc:8089:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pp, *pp1, *pp2, wdata2[200];
data/dkopp-6.5/zfuncs.cc:8101:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(zdinputsfile,"r"); // no file
data/dkopp-6.5/zfuncs.cc:8114:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Nw = atoi(pp);
data/dkopp-6.5/zfuncs.cc:8169:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(zdinputsfile,"w");
data/dkopp-6.5/zfuncs.cc:8206:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zdtitle[100], wname[100], wdata[200], *type;
data/dkopp-6.5/zfuncs.cc:8382:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
secs = atoi(action+5);
data/dkopp-6.5/zfuncs.cc:8442:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/dkopp-6.5/zfuncs.cc:8479:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1000];
data/dkopp-6.5/zfuncs.cc:8501:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[400];
data/dkopp-6.5/zfuncs.cc:8540:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[400];
data/dkopp-6.5/zfuncs.cc:9268:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char printsettingsfile[200], pagesetupfile[200];
data/dkopp-6.5/zfuncs.cc:9315:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagesize[100];
data/dkopp-6.5/zfuncs.cc:9383:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imagesize[100];
data/dkopp-6.5/zfuncs.cc:9580:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconpath[200];
data/dkopp-6.5/zfuncs.cc:9783:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zparmfile[200]; // last used parm file
data/dkopp-6.5/zfuncs.cc:9858:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100], *fgs, *pp;
data/dkopp-6.5/zfuncs.cc:9872:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(pfile,"r");
data/dkopp-6.5/zfuncs.cc:9936:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fid = fopen(pfile,"w");
data/dkopp-6.5/zfuncs.cc:10033:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ptemp[20], *pname;
data/dkopp-6.5/zfuncs.cc:10080:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ptemp,"%.12g",parmlist.value[ii]);
data/dkopp-6.5/zfuncs.cc:10857:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wmi,"queue");
data/dkopp-6.5/zfuncs.h:617:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wmi[8];
data/dkopp-6.5/dkopp-6.5.cc:492:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(subprocName,"");
data/dkopp-6.5/dkopp-6.5.cc:493:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(scriptParam,"");
data/dkopp-6.5/dkopp-6.5.cc:497:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dvdmpcc = strlen(dvdmp); // mount point cc
data/dkopp-6.5/dkopp-6.5.cc:795:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file) > maxfcc-2) zappcrash("pathname too big");
data/dkopp-6.5/dkopp-6.5.cc:831:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file) > maxfcc-2) zappcrash("pathname too big");
data/dkopp-6.5/dkopp-6.5.cc:871:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(buff);
data/dkopp-6.5/dkopp-6.5.cc:1199:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mbmode,"");
data/dkopp-6.5/dkopp-6.5.cc:1200:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mvmode,"");
data/dkopp-6.5/dkopp-6.5.cc:2185:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(RJfrom); // from: /home/xxx/.../
data/dkopp-6.5/dkopp-6.5.cc:2186:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(RJto); // to: /home/yyy/.../
data/dkopp-6.5/dkopp-6.5.cc:2232:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ccf = strlen(RJfrom); // from: /media/xxx/filespec
data/dkopp-6.5/dkopp-6.5.cc:2326:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dvdmpcc = strlen(dvdmp); // bugfix v.5.5
data/dkopp-6.5/dkopp-6.5.cc:2363:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dvdmpcc = strlen(dvdmp);
data/dkopp-6.5/dkopp-6.5.cc:2427:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dvdmpcc = strlen(dvdmp);
data/dkopp-6.5/dkopp-6.5.cc:2461:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dvdmpcc = strlen(dvdmp);
data/dkopp-6.5/dkopp-6.5.cc:2842:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(RJfrom); // from: /home/xxx/.../
data/dkopp-6.5/dkopp-6.5.cc:2843:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(RJto); // to: /home/yyy/.../
data/dkopp-6.5/dkopp-6.5.cc:2862:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ccf = strlen(file1); // match directories too
data/dkopp-6.5/dkopp-6.5.cc:2951:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rec) < 3) return 0;
data/dkopp-6.5/dkopp-6.5.cc:2965:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rtype) > 7) return 2;
data/dkopp-6.5/dkopp-6.5.cc:2971:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fspec) < 4) return 3;
data/dkopp-6.5/dkopp-6.5.cc:2972:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fspec) > maxfcc-100) return 3;
data/dkopp-6.5/dkopp-6.5.cc:3094:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(RJfrom); // insure '/' at end
data/dkopp-6.5/dkopp-6.5.cc:3095:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (RJfrom[cc-1] != '/') strcat(RJfrom,"/");
data/dkopp-6.5/dkopp-6.5.cc:3105:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(RJto); // insure '/' at end
data/dkopp-6.5/dkopp-6.5.cc:3106:27: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (RJto[cc-1] != '/') strcat(RJto,"/");
data/dkopp-6.5/dkopp-6.5.cc:3191:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(fsp);
data/dkopp-6.5/dkopp-6.5.cc:3405:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcc = strlen(V_DKOPPDIRK);
data/dkopp-6.5/dkopp-6.5.cc:3412:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(pp); // absurdly long file name
data/dkopp-6.5/dkopp-6.5.cc:3521:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(RJfrom); // copy from: /home/.../
data/dkopp-6.5/dkopp-6.5.cc:3771:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rcc = read(fid1,buff,vrcc); // read huge blocks
data/dkopp-6.5/dkopp-6.5.cc:3842:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vcc = read(vfid,vbuff,vrcc);
data/dkopp-6.5/dkopp-6.5.cc:3866:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vcc = read(vfid,vbuff,vrcc); // read two files
data/dkopp-6.5/dkopp-6.5.cc:3869:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dcc = read(dfid,dbuff,vrcc);
data/dkopp-6.5/dkopp-6.5.cc:3921:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pdirk," ");
data/dkopp-6.5/zfuncs.cc:222:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pp = (char *) malloc(strlen(string) + addcc);
data/dkopp-6.5/zfuncs.cc:262:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(message);
data/dkopp-6.5/zfuncs.cc:424:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&filebuff[ii][0],file,99);
data/dkopp-6.5/zfuncs.cc:425:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&funcbuff[ii][0],func,39);
data/dkopp-6.5/zfuncs.cc:489:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(command); // gksu (or) beesu
data/dkopp-6.5/zfuncs.cc:701:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fcc = strlen(pnames[ii]);
data/dkopp-6.5/zfuncs.cc:909:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(command) + 1000;
data/dkopp-6.5/zfuncs.cc:946:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(command) + 1000;
data/dkopp-6.5/zfuncs.cc:1208:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(buff);
data/dkopp-6.5/zfuncs.cc:1267:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(ppath);
data/dkopp-6.5/zfuncs.cc:1283:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) > 199) return 1; // filename too long
data/dkopp-6.5/zfuncs.cc:1290:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! pp || strlen(pp) > 7) return 0; // file part, no .ext
data/dkopp-6.5/zfuncs.cc:1530:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(blankstring," ");
data/dkopp-6.5/zfuncs.cc:1698:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest,source,cc);
data/dkopp-6.5/zfuncs.cc:1700:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(source) >= cc) return 1; // truncated
data/dkopp-6.5/zfuncs.cc:1711:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest,source,cc);
data/dkopp-6.5/zfuncs.cc:1712:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ii = strlen(source);
data/dkopp-6.5/zfuncs.cc:1729:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int ii = strlen(dest);
data/dkopp-6.5/zfuncs.cc:1746:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp2 = source + strlen(source) - 1;
data/dkopp-6.5/zfuncs.cc:1802:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxcc = maxcc - strlen(dest) - 1;
data/dkopp-6.5/zfuncs.cc:1809:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(dest,ps,maxcc);
data/dkopp-6.5/zfuncs.cc:1810:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxcc = maxcc - strlen(ps);
data/dkopp-6.5/zfuncs.cc:1908:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(ssin);
data/dkopp-6.5/zfuncs.cc:1909:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(ssout);
data/dkopp-6.5/zfuncs.cc:1916:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strout,strin,ccc);
data/dkopp-6.5/zfuncs.cc:1919:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strout,ssout,cc2);
data/dkopp-6.5/zfuncs.cc:1980:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (! ccin) ccin = strlen(in);
data/dkopp-6.5/zfuncs.cc:2006:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(pNum);
data/dkopp-6.5/zfuncs.cc:2059:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cc = strlen(string);
data/dkopp-6.5/zfuncs.cc:2073:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pp = (char *) zmalloc(strlen(string)+1+more);
data/dkopp-6.5/zfuncs.cc:2170:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(utf8out,utf8in+ii,kk);
data/dkopp-6.5/zfuncs.cc:2499:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cc) *cc = strlen(string);
data/dkopp-6.5/zfuncs.cc:2734:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(wpath);
data/dkopp-6.5/zfuncs.cc:2764:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(matchfile); // get rid of trailing \n
data/dkopp-6.5/zfuncs.cc:2808:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(wpath);
data/dkopp-6.5/zfuncs.cc:2838:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(matchfile); // get rid of trailing \n
data/dkopp-6.5/zfuncs.cc:2957:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(seekrec);
data/dkopp-6.5/zfuncs.cc:3872:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(zuserdir); // stop humongous username v.5.3
data/dkopp-6.5/zfuncs.cc:3954:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(filespec);
data/dkopp-6.5/zfuncs.cc:3957:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(filespec); // |
data/dkopp-6.5/zfuncs.cc:4410:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Ttext) < 3) // translation is "" (quotes included)
data/dkopp-6.5/zfuncs.cc:4527:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) == 0) pp = english; // translation is "" v.5.6
data/dkopp-6.5/zfuncs.cc:4550:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tstring[ii]) == 0) break; // translation is "" v.5.6
data/dkopp-6.5/zfuncs.cc:4839:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(prec);
data/dkopp-6.5/zfuncs.cc:4968:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(ztext);
data/dkopp-6.5/zfuncs.cc:5500:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp+5) > 0)
data/dkopp-6.5/zfuncs.cc:5506:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp+5)) menus[me].func = zstrdup(pp+5);
data/dkopp-6.5/zfuncs.cc:5511:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp+5)) {
data/dkopp-6.5/zfuncs.cc:5606:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text2 = (char *) zmalloc(strlen(text)+2); // replace "\n" with newline
data/dkopp-6.5/zfuncs.cc:5710:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pp = pxbfile + strlen(pxbfile); // create a local PNG file for pixbuf
data/dkopp-6.5/zfuncs.cc:6117:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(desc); // v.5.6
data/dkopp-6.5/zfuncs.cc:6121:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mdesc+cc1+1," ");
data/dkopp-6.5/zfuncs.cc:6172:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc1 = strlen(name); // prepare menu name with trailing blanks
data/dkopp-6.5/zfuncs.cc:7361:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(text);
data/dkopp-6.5/zfuncs.cc:7363:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text+cc,cliptext,999-cc); // add clipboard text
data/dkopp-6.5/zfuncs.cc:7885:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) < 64) continue;
data/dkopp-6.5/zfuncs.cc:7888:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(wintitle) < 3) continue;
data/dkopp-6.5/zfuncs.cc:7976:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) < 2) return;
data/dkopp-6.5/zfuncs.cc:8038:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pp) < 2) return;
data/dkopp-6.5/zfuncs.cc:8131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc2 = strlen(pp2);
data/dkopp-6.5/zfuncs.cc:8268:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else strcpy(wdata,"");
data/dkopp-6.5/zfuncs.cc:8742:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(text); // construct popup window
data/dkopp-6.5/zfuncs.cc:8795:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(text); // construct popup window
data/dkopp-6.5/zfuncs.cc:9083:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file1) >= maxfcc)
data/dkopp-6.5/zfuncs.cc:9475:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(file);
data/dkopp-6.5/zfuncs.cc:9503:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = (char *) zmalloc(strlen(inp)+1);
data/dkopp-6.5/zfuncs.cc:9968:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cc = strlen(parmname);
data/dkopp-6.5/zfuncs.cc:10220:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string) xcc = strlen(string); // string length
data/dkopp-6.5/zfuncs.cc:10282:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str) xcc = strlen(str);
data/dkopp-6.5/zfuncs.cc:10314:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s2) cc2 = strlen(s2);
data/dkopp-6.5/zfuncs.cc:10328:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s1) cc1 = strlen(s1);
data/dkopp-6.5/zfuncs.cc:10342:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int scc = strlen(string);
data/dkopp-6.5/zfuncs.cc:10368:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xpp+pos,string,scc); // insert string, without null
data/dkopp-6.5/zfuncs.cc:10380:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int scc = strlen(string);
data/dkopp-6.5/zfuncs.cc:10400:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(xpp+pos,string,scc); // insert string, without null
data/dkopp-6.5/zfuncs.cc:10419:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xcc != (int) strlen(xpp)) zappcrash("xstring xcc != strlen(xpp)",null);
data/dkopp-6.5/zfuncs.cc:10712:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(table+pos,string,cc); // insert new string
data/dkopp-6.5/zfuncs.cc:10910:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000); // sleep in 1 millisec. steps
data/dkopp-6.5/zfuncs.cc:11049:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cc = strlen(name);
ANALYSIS SUMMARY:
Hits = 765
Lines analyzed = 16014 in approximately 0.45 seconds (35655 lines/second)
Physical Source Lines of Code (SLOC) = 10640
Hits@level = [0] 96 [1] 114 [2] 247 [3] 6 [4] 392 [5] 6
Hits@level+ = [0+] 861 [1+] 765 [2+] 651 [3+] 404 [4+] 398 [5+] 6
Hits/KSLOC@level+ = [0+] 80.9211 [1+] 71.8985 [2+] 61.1842 [3+] 37.9699 [4+] 37.406 [5+] 0.56391
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.