Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/elvis-tiny-1.4/alias.c Examining data/elvis-tiny-1.4/atari.c Examining data/elvis-tiny-1.4/blk.c Examining data/elvis-tiny-1.4/ctags.c Examining data/elvis-tiny-1.4/curses.h Examining data/elvis-tiny-1.4/date.c Examining data/elvis-tiny-1.4/move1.c Examining data/elvis-tiny-1.4/move3.c Examining data/elvis-tiny-1.4/move4.c Examining data/elvis-tiny-1.4/move5.c Examining data/elvis-tiny-1.4/osk.c Examining data/elvis-tiny-1.4/osk.h Examining data/elvis-tiny-1.4/pc.c Examining data/elvis-tiny-1.4/recycle.c Examining data/elvis-tiny-1.4/ref.c Examining data/elvis-tiny-1.4/refont.c Examining data/elvis-tiny-1.4/regexp.h Examining data/elvis-tiny-1.4/shell.c Examining data/elvis-tiny-1.4/sysdos.c Examining data/elvis-tiny-1.4/tinytcap.c Examining data/elvis-tiny-1.4/vars.c Examining data/elvis-tiny-1.4/virec.c Examining data/elvis-tiny-1.4/wildcard.c Examining data/elvis-tiny-1.4/redraw.c Examining data/elvis-tiny-1.4/tmp.c Examining data/elvis-tiny-1.4/cmd1.c Examining data/elvis-tiny-1.4/cmd2.c Examining data/elvis-tiny-1.4/cut.c Examining data/elvis-tiny-1.4/input.c Examining data/elvis-tiny-1.4/misc.c Examining data/elvis-tiny-1.4/modify.c Examining data/elvis-tiny-1.4/move2.c Examining data/elvis-tiny-1.4/opts.c Examining data/elvis-tiny-1.4/regexp.c Examining data/elvis-tiny-1.4/system.c Examining data/elvis-tiny-1.4/vcmd.c Examining data/elvis-tiny-1.4/vi.c Examining data/elvis-tiny-1.4/vi.h Examining data/elvis-tiny-1.4/regsub.c Examining data/elvis-tiny-1.4/ex.c Examining data/elvis-tiny-1.4/config.h Examining data/elvis-tiny-1.4/main.c Examining data/elvis-tiny-1.4/tio.c Parsing failed to find end of parameter list; semicolon terminated it in (buf, fmt, (mapped[i].when & WHEN_VICMD) ? "" : "!", #else sprintf(buf, "map%s %.*s visual %s\n", (mapped[i].when & WHEN_VICMD) ? "" : "!", mapped[i].len, #endif mapped[i].rawin, Parsing failed to find end of parameter list; semicolon terminated it in (buf, fmt, #else sprintf(buf, "map %.*s %s\n", mapped[i].len, #endif mapped[i].rawin, mapped[i].cooked); twrite(fd, buf, strlen(buf)); } if (mapped[i].when & (WHEN_VIINP | WHEN Parsing failed to find end of parameter list; semicolon terminated it in (buf, fmt, #else sprintf(buf, "map! %.*s %s\n", mapped[i].len, #endif mapped[i].rawin, mapped[i].cooked); twrite(fd, buf, strlen(buf)); } } } } #endif Examining data/elvis-tiny-1.4/curses.c FINAL RESULTS: data/elvis-tiny-1.4/shell.c:70:31: [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead. while (fputs("$ ", stdout), gets(buf)) data/elvis-tiny-1.4/alias.c:99:8: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. (void)execvp(argblk[0], argblk); data/elvis-tiny-1.4/atari.c:23:5: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access(file, mode) data/elvis-tiny-1.4/atari.c:33:7: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). char *mktemp(template) data/elvis-tiny-1.4/cmd1.c:192:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(extra, 0) == 0 && !bang && !append) data/elvis-tiny-1.4/cmd1.c:276:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prevextra, extra); data/elvis-tiny-1.4/cmd1.c:373:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmdln, cmdptr); data/elvis-tiny-1.4/cmd1.c:401:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(origname, extra); data/elvis-tiny-1.4/cmd1.c:473:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prevorig, extra); data/elvis-tiny-1.4/cmd1.c:658:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(args, extra); data/elvis-tiny-1.4/cmd1.c:1054:54: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (*text == '/' || !strcmp(errfile + 1, "rror") || access(errfile, 0) < 0) data/elvis-tiny-1.4/cmd1.c:1251:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf.c, "%s %s %s%s", (cmd == CMD_CC ? o_cc : o_make), extra, REDIRECT, ERRLIST); data/elvis-tiny-1.4/cmd1.c:1257:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(buf.c); data/elvis-tiny-1.4/cmd2.c:400:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpblk.c, fetchline(l)); data/elvis-tiny-1.4/cmd2.c:431:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpblk.c + len, scan); data/elvis-tiny-1.4/config.h:215:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. # define elvis_system system data/elvis-tiny-1.4/ctags.c:144:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("qsort tags >-_tags; -nx; del tags; rename _tags tags"); data/elvis-tiny-1.4/ctags.c:146:3: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("sort tags >_tags$$; mv _tags$$ tags"); data/elvis-tiny-1.4/ctags.c:254:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fmt, NUMFMT, len); data/elvis-tiny-1.4/ctags.c:255:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, scan, name, lnum); data/elvis-tiny-1.4/ctags.c:257:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(NUMFMT, len, scan, name, lnum); data/elvis-tiny-1.4/ctags.c:312:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fmt, MAINFMT, strlen(name) - 2); data/elvis-tiny-1.4/ctags.c:313:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, name, name, text); data/elvis-tiny-1.4/ctags.c:315:7: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(MAINFMT, strlen(name) - 2, name, name, text); data/elvis-tiny-1.4/ctags.c:319:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fmt, SRCHFMT, len); data/elvis-tiny-1.4/ctags.c:320:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(fmt, scan, name, text); data/elvis-tiny-1.4/ctags.c:322:6: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(SRCHFMT, len, scan, name, text); data/elvis-tiny-1.4/cut.c:126:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cutfname, o_directory); data/elvis-tiny-1.4/cut.c:129:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cutfname+i, CUTNAME+3, getpid(), buf->fd); data/elvis-tiny-1.4/cut.c:131:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cutfname, CUTNAME, o_directory, getpid(), buf->fd); data/elvis-tiny-1.4/cut.c:177:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cutfname, o_directory); data/elvis-tiny-1.4/cut.c:183:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cutfname+j, CUTNAME+3, getpid(), fd); data/elvis-tiny-1.4/cut.c:190:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cutfname, CUTNAME, "", getpid(), fd); data/elvis-tiny-1.4/cut.c:194:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(cutfname, CUTNAME, o_directory, getpid(), fd); data/elvis-tiny-1.4/cut.c:666:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, tmpblk.c); data/elvis-tiny-1.4/ex.c:481:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(build, origname); data/elvis-tiny-1.4/ex.c:495:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(build, prevorig); data/elvis-tiny-1.4/ex.c:549:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpblk.c, origname); data/elvis-tiny-1.4/input.c:312:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ab->large, &extra[lrg]); data/elvis-tiny-1.4/main.c:224:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(args, argv[i++]); data/elvis-tiny-1.4/main.c:238:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(args, wildcard(args)); data/elvis-tiny-1.4/main.c:267:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmpblk.c, "%s%c%s", str, SLASH, HMEXRC); data/elvis-tiny-1.4/modify.c:26:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(dbg, msg, arg1, arg2, arg3, arg4, arg5); data/elvis-tiny-1.4/opts.c:209:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_shell, val); data/elvis-tiny-1.4/opts.c:215:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_term, val); data/elvis-tiny-1.4/opts.c:220:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_term, val); data/elvis-tiny-1.4/opts.c:226:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_term, val); data/elvis-tiny-1.4/opts.c:238:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_directory, val); data/elvis-tiny-1.4/opts.c:387:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpblk.c, opts[todump[k]].value); data/elvis-tiny-1.4/opts.c:516:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pos, opts[i].name); data/elvis-tiny-1.4/opts.c:521:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pos, "%s=%-3d\n", opts[i].name, *opts[i].value & 0xff); data/elvis-tiny-1.4/opts.c:525:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pos, "%s=\"%s\"\n", opts[i].name, opts[i].value); data/elvis-tiny-1.4/opts.c:645:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opts[i].value, value); data/elvis-tiny-1.4/osk.c:132:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"rename %s %s\n",from,to); data/elvis-tiny-1.4/osk.c:133:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status = system(buffer); data/elvis-tiny-1.4/regexp.c:372:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(previous, text); data/elvis-tiny-1.4/regsub.c:209:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(previous, start); data/elvis-tiny-1.4/shell.c:65:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, argv[i]); data/elvis-tiny-1.4/shell.c:101:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line+1, scan); data/elvis-tiny-1.4/shell.c:104:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(ep, myenv[i].name); data/elvis-tiny-1.4/shell.c:106:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ep, myenv[i].value); data/elvis-tiny-1.4/shell.c:133:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(to, from); data/elvis-tiny-1.4/shell.c:148:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(q, from); data/elvis-tiny-1.4/shell.c:207:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(myenv[i].name, line); data/elvis-tiny-1.4/shell.c:212:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(myenv[i].value, value); data/elvis-tiny-1.4/sysdos.c:54:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int system(cmd) data/elvis-tiny-1.4/sysdos.c:80:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(ep, environ[i]); data/elvis-tiny-1.4/sysdos.c:85:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ep, environ[i]); ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:86:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ep, o_shell); ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:88:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ep, cmd); ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:113:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output, o_directory); data/elvis-tiny-1.4/sysdos.c:116:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output+fd, SCRATCHIN+3); data/elvis-tiny-1.4/sysdos.c:117:2: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). mktemp(output); data/elvis-tiny-1.4/sysdos.c:136:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cmdstate=system(cmd); data/elvis-tiny-1.4/system.c:70:4: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle(o_shell, o_shell, (char *)0, environ); data/elvis-tiny-1.4/system.c:74:4: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle(o_shell, o_shell, "-c", cmd, (char *)0, environ); data/elvis-tiny-1.4/system.c:136:3: [4] (shell) execle: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execle(o_shell, o_shell, "-c", cmd, (char *)0, environ); data/elvis-tiny-1.4/system.c:291:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpblk.c, PROG); data/elvis-tiny-1.4/system.c:292:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpblk.c, names); data/elvis-tiny-1.4/system.c:351:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(scrout, o_directory); data/elvis-tiny-1.4/system.c:354:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(scrout+i, SCRATCHOUT+3); data/elvis-tiny-1.4/system.c:356:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(scrout, SCRATCHOUT, o_directory); data/elvis-tiny-1.4/system.c:359:3: [4] (tmpfile) mktemp: Temporary file race condition (CWE-377). mktemp(scrout); data/elvis-tiny-1.4/tio.c:241:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(pmsg, fmt, arg1, arg2, arg3, arg4, arg5, arg6, arg7); data/elvis-tiny-1.4/tio.c:255:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(pmsg, fmt, arg1, arg2, arg3, arg4, arg5, arg6, arg7); data/elvis-tiny-1.4/tio.c:704:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mapped[i].cooked, cooked); data/elvis-tiny-1.4/tio.c:823:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "map%%s %%.%ds %%s\n", mapped[i].len); data/elvis-tiny-1.4/tio.c:824:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, fmt, data/elvis-tiny-1.4/tio.c:827:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "map%s %.*s visual %s\n", data/elvis-tiny-1.4/tio.c:842:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "map %%.%ds %%s\n", mapped[i].len); data/elvis-tiny-1.4/tio.c:843:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, fmt, data/elvis-tiny-1.4/tio.c:845:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "map %.*s %s\n", mapped[i].len, data/elvis-tiny-1.4/tio.c:855:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "map! %%.%ds %%s\n", mapped[i].len); data/elvis-tiny-1.4/tio.c:856:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, fmt, data/elvis-tiny-1.4/tio.c:858:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "map! %.*s %s\n", mapped[i].len, data/elvis-tiny-1.4/tmp.c:113:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(origname, filename); data/elvis-tiny-1.4/tmp.c:195:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpname, o_directory); data/elvis-tiny-1.4/tmp.c:198:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmpname+i, TMPNAME+3, sum, statb.st_ino, statb.st_dev); data/elvis-tiny-1.4/tmp.c:201:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(tmpname, sizeof(tmpname), TMPNAME, data/elvis-tiny-1.4/tmp.c:204:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmpname, TMPNAME, o_directory, sum, statb.st_ino, statb.st_dev); data/elvis-tiny-1.4/tmp.c:209:6: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(tmpname, 0) == 0) data/elvis-tiny-1.4/tmp.c:226:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scan, "%s/elvXXXXXX", o_directory); data/elvis-tiny-1.4/tmp.c:499:37: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (strcmp(filename, origname) && access(filename, 0) == 0 && !bang) data/elvis-tiny-1.4/tmp.c:574:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prevorig, origname); data/elvis-tiny-1.4/vcmd.c:591:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). { strcpy(tmpblk.c, prevorig); data/elvis-tiny-1.4/vcmd.c:628:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmdline, "%s %s", o_keywordprg, keyword); data/elvis-tiny-1.4/vi.c:342:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(U_text, fetchline(U_line)); data/elvis-tiny-1.4/vi.c:366:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(U_text, fetchline(U_line)); data/elvis-tiny-1.4/virec.c:52:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_directory, tmp); data/elvis-tiny-1.4/virec.c:56:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o_directory, argv[2]); data/elvis-tiny-1.4/virec.c:134:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpname, o_directory); data/elvis-tiny-1.4/virec.c:137:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmpname+i, TMPNAME+3, sum, stbuf.st_ino, stbuf.st_dev); data/elvis-tiny-1.4/virec.c:139:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmpname, TMPNAME, o_directory, sum, stbuf.st_ino, stbuf.st_dev); data/elvis-tiny-1.4/wildcard.c:95:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, name); data/elvis-tiny-1.4/wildcard.c:115:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec, findbuf.ff_name); data/elvis-tiny-1.4/wildcard.c:133:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(files[nfiles++], buf); data/elvis-tiny-1.4/cmd1.c:685:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/elvis-tiny-1.4/cmd1.c:690:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extra = getenv("HOME"); data/elvis-tiny-1.4/curses.c:45:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(); data/elvis-tiny-1.4/curses.c:136:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (! (val = getenv("TERM")) data/elvis-tiny-1.4/curses.c:139:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("TERM")) data/elvis-tiny-1.4/curses.c:377:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. switch (tgetent(kbuf, getenv("TERM"))) data/elvis-tiny-1.4/main.c:22:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(); data/elvis-tiny-1.4/main.c:264:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. str = getenv("HOME"); data/elvis-tiny-1.4/main.c:273:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. str = getenv(EXINIT); data/elvis-tiny-1.4/opts.c:22:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(); data/elvis-tiny-1.4/opts.c:204:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (val = getenv("COMSPEC")) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/opts.c:206:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (val = getenv("SHELL")) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/opts.c:213:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (val = getenv("TERM")) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/opts.c:223:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((val = getenv("TERM")) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/opts.c:236:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((val = getenv("TMP")) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/opts.c:237:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || (val = getenv("TEMP"))) data/elvis-tiny-1.4/shell.c:24:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(), *malloc(); data/elvis-tiny-1.4/virec.c:27:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(); data/elvis-tiny-1.4/virec.c:49:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmp = getenv("TMP")) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/virec.c:50:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. || (tmp = getenv("TEMP"))) /* yes, ASSIGNMENT! */ data/elvis-tiny-1.4/atari.c:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writbuf[BLKSIZE]; data/elvis-tiny-1.4/cmd1.c:202:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(extra, O_WRONLY|O_APPEND); data/elvis-tiny-1.4/cmd1.c:204:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(extra, O_WRONLY); data/elvis-tiny-1.4/cmd1.c:255:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevextra[80]; data/elvis-tiny-1.4/cmd1.c:303:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdln[100]; /* copy of the command from the command line */ data/elvis-tiny-1.4/cmd1.c:774:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prevtag[30]; data/elvis-tiny-1.4/cmd1.c:792:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(TAGS, O_RDONLY); data/elvis-tiny-1.4/cmd1.c:990:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errfile[256]; /* the name of a file containing an error */ data/elvis-tiny-1.4/cmd1.c:1010:8: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long atol(); data/elvis-tiny-1.4/cmd1.c:1013:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). errline = atol(text); data/elvis-tiny-1.4/cmd1.c:1144:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(extra, O_RDONLY); data/elvis-tiny-1.4/cmd1.c:1149:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(ERRLIST, O_RDONLY); data/elvis-tiny-1.4/cmd2.c:572:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(extra, O_RDONLY); data/elvis-tiny-1.4/cmd2.c:714:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpblk.c, "%6ld ", l); data/elvis-tiny-1.4/cmd2.c:743:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpblk.c, "\\%03o", *scan); data/elvis-tiny-1.4/cmd2.c:869:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXRCLEN]; data/elvis-tiny-1.4/config.h:154:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy(dest, src, siz) bcopy(src, dest, siz) data/elvis-tiny-1.4/config.h:154:32: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy(dest, src, siz) bcopy(src, dest, siz) data/elvis-tiny-1.4/ctags.c:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fmt[256]; data/elvis-tiny-1.4/ctags.c:101:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). refs = fopen(REFS, "w"); data/elvis-tiny-1.4/ctags.c:126:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[i], "r"); data/elvis-tiny-1.4/ctags.c:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; /* a line of text from the file */ data/elvis-tiny-1.4/curses.c:368:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cbmem[800]; data/elvis-tiny-1.4/curses.h:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_pcbios[1]; /* BAH! */ data/elvis-tiny-1.4/cut.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cutfname[50]; data/elvis-tiny-1.4/cut.c:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cutfname[50]; /* used to build a new name for the tmp file */ data/elvis-tiny-1.4/cut.c:181:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(tmpname, O_RDONLY|O_BINARY); data/elvis-tiny-1.4/cut.c:185:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(cutfname, O_RDONLY|O_BINARY); data/elvis-tiny-1.4/ex.c:279:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[80]; data/elvis-tiny-1.4/ex.c:298:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmdbuf, ".+1"); data/elvis-tiny-1.4/ex.c:645:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXRCLEN]; /* buffer, holds the entire .exrc file */ data/elvis-tiny-1.4/ex.c:648:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY); data/elvis-tiny-1.4/input.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char listbuf[8]; data/elvis-tiny-1.4/input.c:215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char small[1]; /* the abbreviated form (appended to struct) */ data/elvis-tiny-1.4/input.c:404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[2]; /* key char followed by '\0' char */ data/elvis-tiny-1.4/main.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char firstarg[256]; data/elvis-tiny-1.4/modify.c:23:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). dbg = fopen("debug.out", "w"); data/elvis-tiny-1.4/move2.c:18:13: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). extern long atol(); data/elvis-tiny-1.4/move2.c:75:12: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). delta = atol(line); data/elvis-tiny-1.4/opts.c:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_autoindent[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:29:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_autoprint[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:30:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_autowrite[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:32:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_cc[30] = {CC_COMMAND}; data/elvis-tiny-1.4/opts.c:35:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_charattr[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:37:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_columns[3] = {80, 32, 255}; data/elvis-tiny-1.4/opts.c:39:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_digraph[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_directory[30] = TMPDIR; data/elvis-tiny-1.4/opts.c:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_edcompatible[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:43:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_errorbells[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:44:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_exrefresh[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:46:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_flipcase[80] data/elvis-tiny-1.4/opts.c:56:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_hideformat[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:58:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_ignorecase[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:60:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_inputmode[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_keytime[3] = {2, 0, 5}; data/elvis-tiny-1.4/opts.c:63:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_keywordprg[80] = {KEYWORDPRG}; data/elvis-tiny-1.4/opts.c:64:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_lines[3] = {25, 2, 50}; /* More lines? Enlarge kbuf */ data/elvis-tiny-1.4/opts.c:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_list[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_magic[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:70:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_make[30] = {MAKE_COMMAND}; data/elvis-tiny-1.4/opts.c:73:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_modeline[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:76:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_paragraphs[30] = "PPppIPLPQP"; data/elvis-tiny-1.4/opts.c:79:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_pcbios[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:81:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_readonly[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:82:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_report[3] = {5, 1, 127}; data/elvis-tiny-1.4/opts.c:83:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_scroll[3] = {12, 1, 127}; data/elvis-tiny-1.4/opts.c:85:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_sections[30] = "NHSHSSSEse"; data/elvis-tiny-1.4/opts.c:87:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_shell[60] = SHELL; data/elvis-tiny-1.4/opts.c:88:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_shiftwidth[3] = {8, 1, 255}; data/elvis-tiny-1.4/opts.c:90:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_showmatch[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:93:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_smd[1] = {FALSE}; data/elvis-tiny-1.4/opts.c:95:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_sidescroll[3] = {8, 1, 40}; data/elvis-tiny-1.4/opts.c:96:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_sync[1] = {NEEDSYNC}; data/elvis-tiny-1.4/opts.c:97:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_tabstop[3] = {8, 1, 40}; data/elvis-tiny-1.4/opts.c:98:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_term[30] = "?"; data/elvis-tiny-1.4/opts.c:99:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_vbell[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:100:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_warn[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:101:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_wrapmargin[3] = {0, 0, 255}; data/elvis-tiny-1.4/opts.c:102:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_wrapscan[1] = {TRUE}; data/elvis-tiny-1.4/opts.c:231:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(o_term, "pcbios"); data/elvis-tiny-1.4/opts.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[4]; /* used for converting numbers to ASCII */ data/elvis-tiny-1.4/opts.c:376:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nbuf, "%-3d", UCHAR(*opts[todump[k]].value)); data/elvis-tiny-1.4/opts.c:392:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmpblk.c + MAXWIDTH - 6, "..."); data/elvis-tiny-1.4/opts.c:416:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[4]; data/elvis-tiny-1.4/opts.c:463:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nbuf, "%-3d", UCHAR(*opts[i].value)); data/elvis-tiny-1.4/opts.c:495:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *pos; data/elvis-tiny-1.4/opts.c:506:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "set "); data/elvis-tiny-1.4/opts.c:627:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). j = atoi(value); data/elvis-tiny-1.4/opts.c:639:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *opts[i].value = atoi(value); data/elvis-tiny-1.4/osk.c:83:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(buff->st_size), ftmp.fd_fsize, sizeof(long)); /* misalignment! */ data/elvis-tiny-1.4/osk.c:104:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open(filename, S_IREAD)) < 0) data/elvis-tiny-1.4/osk.c:105:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((i = open(filename, S_IFDIR | S_IREAD)) < 0) data/elvis-tiny-1.4/osk.c:181:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!path && (path = open("/dd/sys/Errmsg", S_IREAD)) == -1) { data/elvis-tiny-1.4/pc.c:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char attr[2][5] = data/elvis-tiny-1.4/recycle.c:32:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char bitmap[512]; data/elvis-tiny-1.4/redraw.c:517:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char old[256]; /* how the line looked last time */ data/elvis-tiny-1.4/redraw.c:518:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new[256]; /* how it looks now */ data/elvis-tiny-1.4/ref.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[300]; data/elvis-tiny-1.4/ref.c:76:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/elvis-tiny-1.4/refont.c:102:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[i], "r"); data/elvis-tiny-1.4/refont.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textbuf[1025]; /* chars of a line of text */ data/elvis-tiny-1.4/refont.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontbuf[1025]; /* fonts of chars in fontbuf */ data/elvis-tiny-1.4/regexp.h:10:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *startp[NSUBEXP]; data/elvis-tiny-1.4/regexp.h:11:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *endp[NSUBEXP]; data/elvis-tiny-1.4/regexp.h:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char program[1]; /* Unwarranted chumminess with compiler. */ data/elvis-tiny-1.4/shell.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/elvis-tiny-1.4/shell.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[80]; data/elvis-tiny-1.4/shell.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/elvis-tiny-1.4/shell.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char env[4096], *ep=env; data/elvis-tiny-1.4/shell.c:135:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, ".prg"); if (try(to)) return 1; data/elvis-tiny-1.4/shell.c:136:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, ".ttp"); if (try(to)) return 1; data/elvis-tiny-1.4/shell.c:137:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, ".tos"); if (try(to)) return 1; data/elvis-tiny-1.4/shell.c:150:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, ".prg"); if (try(to)) return 1; data/elvis-tiny-1.4/shell.c:151:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, ".ttp"); if (try(to)) return 1; data/elvis-tiny-1.4/shell.c:152:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(end, ".tos"); if (try(to)) return 1; data/elvis-tiny-1.4/shell.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128], *p; data/elvis-tiny-1.4/shell.c:222:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp=fopen(name, "r"))==0) data/elvis-tiny-1.4/sysdos.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[130]; data/elvis-tiny-1.4/sysdos.c:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char env[4096], *ep=env; data/elvis-tiny-1.4/sysdos.c:87:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ep, "-c"); ep+=3; data/elvis-tiny-1.4/sysdos.c:91:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(line+1, "-c "); data/elvis-tiny-1.4/sysdos.c:104:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char output[80]; data/elvis-tiny-1.4/sysdos.c:119:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd=open(output, O_RDWR))==-1) data/elvis-tiny-1.4/system.c:210:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). addstack = 1024 * atoi(&argblk[--words][1]); data/elvis-tiny-1.4/system.c:215:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = open("/pipe",S_IREAD)) < 0) { data/elvis-tiny-1.4/system.c:363:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). scratch = open(scrout, O_RDONLY); data/elvis-tiny-1.4/system.c:370:18: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if ((scratch = mkstemp(scrout)) < 0) data/elvis-tiny-1.4/tinytcap.c:131:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[30]; data/elvis-tiny-1.4/tinytcap.c:134:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\033[%d;%dH", destrow + 1, destcol + 1); data/elvis-tiny-1.4/tinytcap.c:137:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\033Y%c%c", ' ' + destrow, ' ' + destcol); data/elvis-tiny-1.4/tio.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char widths[132]; /* widths of characters */ data/elvis-tiny-1.4/tio.c:186:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pmsg[80]; /* previous message (waiting to be displayed) */ data/elvis-tiny-1.4/tio.c:299:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char keybuf[100]; /* array of already-read keys */ data/elvis-tiny-1.4/tio.c:344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawin[LONGKEY]; /* the unmapped version of input */ data/elvis-tiny-1.4/tio.c:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cooked[80]; /* the mapped version of input */ data/elvis-tiny-1.4/tio.c:800:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/elvis-tiny-1.4/tio.c:822:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[80]; data/elvis-tiny-1.4/tio.c:841:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[80]; data/elvis-tiny-1.4/tio.c:854:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[80]; data/elvis-tiny-1.4/tmp.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/elvis-tiny-1.4/tmp.c:85:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tmpname[80]; data/elvis-tiny-1.4/tmp.c:114:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). origfd = open(origname, O_RDONLY); data/elvis-tiny-1.4/tmp.c:227:15: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). if ((tmpfd = mkstemp(scan)) >= 0) { data/elvis-tiny-1.4/tmp.c:236:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfd = open(tmpname, O_CREAT|O_WRONLY|O_TRUNC|O_EXCL, 0600); data/elvis-tiny-1.4/tmp.c:241:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfd = open(tmpname, O_RDWR | O_BINARY); data/elvis-tiny-1.4/tmp.c:488:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY|O_APPEND); data/elvis-tiny-1.4/tmp.c:490:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY); data/elvis-tiny-1.4/tmp.c:621:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfd = open(tmpname, O_RDWR | O_BINARY); data/elvis-tiny-1.4/vars.c:28:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origname[256]; data/elvis-tiny-1.4/vars.c:29:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prevorig[256]; data/elvis-tiny-1.4/vars.c:40:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char args[BLKSIZE]; /* list of filenames to edit */ data/elvis-tiny-1.4/vars.c:87:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char U_text[BLKSIZE]; /* contents of the undoable line */ data/elvis-tiny-1.4/vcmd.c:552:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdln[100]; /* a shell command line */ data/elvis-tiny-1.4/vcmd.c:622:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[130]; data/elvis-tiny-1.4/vcmd.c:652:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newval[12]; data/elvis-tiny-1.4/vcmd.c:653:7: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long atol(); data/elvis-tiny-1.4/vcmd.c:668:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cnt = atol(keyword) + cnt; data/elvis-tiny-1.4/vcmd.c:672:9: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cnt = atol(keyword) - cnt; data/elvis-tiny-1.4/vcmd.c:681:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newval, "%ld", cnt); data/elvis-tiny-1.4/vi.c:233:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/elvis-tiny-1.4/vi.h:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[BLKSIZE]; /* for text blocks */ data/elvis-tiny-1.4/vi.h:101:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_autoindent[1]; data/elvis-tiny-1.4/vi.h:102:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_autoprint[1]; data/elvis-tiny-1.4/vi.h:103:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_autowrite[1]; data/elvis-tiny-1.4/vi.h:105:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_cc[30]; data/elvis-tiny-1.4/vi.h:108:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_charattr[1]; data/elvis-tiny-1.4/vi.h:110:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_columns[3]; data/elvis-tiny-1.4/vi.h:111:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_digraph[1]; data/elvis-tiny-1.4/vi.h:112:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_directory[30]; data/elvis-tiny-1.4/vi.h:113:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_edcompatible[1]; data/elvis-tiny-1.4/vi.h:114:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_errorbells[1]; data/elvis-tiny-1.4/vi.h:115:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_exrefresh[1]; data/elvis-tiny-1.4/vi.h:117:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_flipcase[80]; data/elvis-tiny-1.4/vi.h:120:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_hideformat[1]; data/elvis-tiny-1.4/vi.h:122:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_ignorecase[1]; data/elvis-tiny-1.4/vi.h:124:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_inputmode[1]; data/elvis-tiny-1.4/vi.h:126:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_keytime[3]; data/elvis-tiny-1.4/vi.h:127:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_keywordprg[80]; data/elvis-tiny-1.4/vi.h:128:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_lines[3]; data/elvis-tiny-1.4/vi.h:129:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_list[1]; data/elvis-tiny-1.4/vi.h:131:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_magic[1]; data/elvis-tiny-1.4/vi.h:134:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_make[30]; data/elvis-tiny-1.4/vi.h:137:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_modeline[1]; data/elvis-tiny-1.4/vi.h:140:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_paragraphs[30]; data/elvis-tiny-1.4/vi.h:143:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_pcbios[1]; data/elvis-tiny-1.4/vi.h:145:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_readonly[1]; data/elvis-tiny-1.4/vi.h:146:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_report[3]; data/elvis-tiny-1.4/vi.h:147:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_scroll[3]; data/elvis-tiny-1.4/vi.h:149:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_sections[30]; data/elvis-tiny-1.4/vi.h:151:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_shell[60]; data/elvis-tiny-1.4/vi.h:153:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_showmatch[1]; data/elvis-tiny-1.4/vi.h:156:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_smd[1]; data/elvis-tiny-1.4/vi.h:158:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_shiftwidth[3]; data/elvis-tiny-1.4/vi.h:159:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_sidescroll[3]; data/elvis-tiny-1.4/vi.h:160:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_sync[1]; data/elvis-tiny-1.4/vi.h:161:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_tabstop[3]; data/elvis-tiny-1.4/vi.h:162:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_term[30]; data/elvis-tiny-1.4/vi.h:163:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_vbell[1]; data/elvis-tiny-1.4/vi.h:164:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_warn[1]; data/elvis-tiny-1.4/vi.h:165:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_wrapmargin[3]; data/elvis-tiny-1.4/vi.h:166:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char o_wrapscan[1]; data/elvis-tiny-1.4/vi.h:171:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char U_text[BLKSIZE]; data/elvis-tiny-1.4/vi.h:193:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char origname[256]; /* name of the current file */ data/elvis-tiny-1.4/vi.h:194:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char prevorig[256]; /* name of the preceding file */ data/elvis-tiny-1.4/vi.h:203:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char args[BLKSIZE]; /* file names given on the command line */ data/elvis-tiny-1.4/virec.c:33:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_directory[30] = TMPDIR; data/elvis-tiny-1.4/virec.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[100]; data/elvis-tiny-1.4/virec.c:141:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmpfd = open(tmpname, O_RDONLY | O_BINARY); data/elvis-tiny-1.4/virec.c:208:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "w"); data/elvis-tiny-1.4/wildcard.c:45:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *files[MAXFILES]; data/elvis-tiny-1.4/wildcard.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/elvis-tiny-1.4/alias.c:60:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(argv[0]); data/elvis-tiny-1.4/atari.c:48:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int i, j, nread=read(fd, buf, (unsigned)maxlen); data/elvis-tiny-1.4/blk.c:103:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(tmpfd, this->buf.c, (unsigned)BLKSIZE) != BLKSIZE) data/elvis-tiny-1.4/blk.c:448:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(tmpfd, oldhdr.c, (unsigned)BLKSIZE) != BLKSIZE) data/elvis-tiny-1.4/cmd1.c:59:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(scan); data/elvis-tiny-1.4/cmd1.c:239:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(scan); data/elvis-tiny-1.4/cmd1.c:274:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (cmd == CMD_BANG && strlen(extra) < sizeof(prevextra) - 1) data/elvis-tiny-1.4/cmd1.c:788:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prevtag, extra, sizeof prevtag); data/elvis-tiny-1.4/cmd2.c:200:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d += strlen(d); data/elvis-tiny-1.4/cmd2.c:338:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tmpblk.c, "\n"); data/elvis-tiny-1.4/cmd2.c:401:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmpblk.c); data/elvis-tiny-1.4/cmd2.c:416:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(scan) + len + 3 > BLKSIZE) data/elvis-tiny-1.4/cmd2.c:432:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(scan); data/elvis-tiny-1.4/config.h:138:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define ttyread(buf, len) read(0, buf, (unsigned)len) /* raw read */ data/elvis-tiny-1.4/config.h:159:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define tread(fd,buf,n) read(fd,buf,(unsigned)(n)) data/elvis-tiny-1.4/ctags.c:228:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text); data/elvis-tiny-1.4/ctags.c:312:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(fmt, MAINFMT, strlen(name) - 2); data/elvis-tiny-1.4/ctags.c:315:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). printf(MAINFMT, strlen(name) - 2, name, name, text); data/elvis-tiny-1.4/curses.c:732:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(0, buf, i < len ? i : len); data/elvis-tiny-1.4/curses.c:734:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(0, buf, 1); data/elvis-tiny-1.4/curses.h:152:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define do_TI() VOIDBIOS(;, (void)ttywrite(TI, (unsigned)strlen(TI))) data/elvis-tiny-1.4/curses.h:153:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define do_TE() VOIDBIOS(;, (void)ttywrite(TE, (unsigned)strlen(TE))) data/elvis-tiny-1.4/cut.c:127:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen(cutfname)) && !strchr(":/\\", cutfname[i-1])) data/elvis-tiny-1.4/cut.c:178:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((j = strlen(cutfname)) && !strchr(":/\\", cutfname[j-1])) data/elvis-tiny-1.4/cut.c:446:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, tmpblk.c, (unsigned)BLKSIZE) != BLKSIZE) data/elvis-tiny-1.4/input.c:301:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ab->small, extra, smlen); data/elvis-tiny-1.4/input.c:311:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ab->large = (char *)malloc((unsigned)(strlen(&extra[lrg]) + 1)); data/elvis-tiny-1.4/input.c:326:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). twrite(fd, ab->small, strlen(ab->small)); data/elvis-tiny-1.4/input.c:328:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). twrite(fd, ab->large, strlen(ab->large)); data/elvis-tiny-1.4/input.c:390:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return m - len + strlen(ab->large); data/elvis-tiny-1.4/main.c:47:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). switch (argv[0][strlen(argv[0]) - 1]) data/elvis-tiny-1.4/main.c:205:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > 128) data/elvis-tiny-1.4/main.c:214:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(args) + strlen(argv[i]) + 1 >= sizeof(args)) data/elvis-tiny-1.4/main.c:214:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(args) + strlen(argv[i]) + 1 >= sizeof(args)) data/elvis-tiny-1.4/main.c:223:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (args[0]) strcat(args, " "); data/elvis-tiny-1.4/main.c:276:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exstring(str, strlen(str)); data/elvis-tiny-1.4/misc.c:101:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(ptext); data/elvis-tiny-1.4/modify.c:388:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(following->c) + (build - blk->c) < BLKSIZE - 1) data/elvis-tiny-1.4/opts.c:316:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = 3 + strlen(opts[todump[k]].value); data/elvis-tiny-1.4/opts.c:325:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += strlen(opts[todump[k]].name); data/elvis-tiny-1.4/opts.c:372:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += strlen(opts[todump[k]].name); data/elvis-tiny-1.4/opts.c:380:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = 4 + strlen(opts[todump[k]].name); data/elvis-tiny-1.4/opts.c:388:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = 3 + strlen(tmpblk.c); data/elvis-tiny-1.4/opts.c:396:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width += strlen(opts[todump[k]].name); data/elvis-tiny-1.4/opts.c:459:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen(opts[i].name); data/elvis-tiny-1.4/opts.c:467:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += 4 + strlen(opts[i].name); data/elvis-tiny-1.4/opts.c:476:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += 3 + strlen(opts[i].name) + strlen(opts[i].value); data/elvis-tiny-1.4/opts.c:476:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += 3 + strlen(opts[i].name) + strlen(opts[i].value); data/elvis-tiny-1.4/opts.c:517:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(pos, "\n"); data/elvis-tiny-1.4/opts.c:528:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). twrite(fd, buf, strlen(buf)); data/elvis-tiny-1.4/osk.c:130:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((buffer = malloc(strlen(from) + strlen(to) + 12)) == NULL) data/elvis-tiny-1.4/osk.c:130:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((buffer = malloc(strlen(from) + strlen(to) + 12)) == NULL) data/elvis-tiny-1.4/recycle.c:60:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(tmpfd, &oldhdr, (unsigned)sizeof oldhdr) != sizeof oldhdr) data/elvis-tiny-1.4/ref.c:123:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen(word); data/elvis-tiny-1.4/refont.c:153:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/elvis-tiny-1.4/refont.c:160:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). textbuf[col++] = getc(fp); data/elvis-tiny-1.4/refont.c:161:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). textbuf[col++] = getc(fp); data/elvis-tiny-1.4/refont.c:162:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). textbuf[col++] = ch = getc(fp); data/elvis-tiny-1.4/refont.c:191:28: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). textbuf[col++] = ch = getc(fp); data/elvis-tiny-1.4/refont.c:205:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/elvis-tiny-1.4/refont.c:208:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). font = getc(fp); data/elvis-tiny-1.4/refont.c:221:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/elvis-tiny-1.4/refont.c:240:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). font = (getc(fp) & 1) ? 'U' : 'R'; data/elvis-tiny-1.4/regexp.c:370:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). previous = (char *)malloc((unsigned)(strlen(text) + 1)); data/elvis-tiny-1.4/regexp.c:641:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/elvis-tiny-1.4/regexp.c:699:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). re = (regexp *)malloc((unsigned)(strlen(exp) + 1 + sizeof(struct regexp))); data/elvis-tiny-1.4/regsub.c:46:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = cpy + strlen(cpy); data/elvis-tiny-1.4/regsub.c:106:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = cpy + strlen(cpy); data/elvis-tiny-1.4/regsub.c:119:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = cpy + strlen(cpy); data/elvis-tiny-1.4/regsub.c:207:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). previous = (char *)malloc((unsigned)(strlen(start) + 1)); data/elvis-tiny-1.4/shell.c:64:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/elvis-tiny-1.4/shell.c:102:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[0]=strlen(scan); data/elvis-tiny-1.4/shell.c:105:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(ep, "="); data/elvis-tiny-1.4/shell.c:107:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ep+=strlen(ep)+1; data/elvis-tiny-1.4/shell.c:134:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end=to+strlen(to); data/elvis-tiny-1.4/shell.c:149:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end=q+strlen(q); data/elvis-tiny-1.4/shell.c:206:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { myenv[i].name=malloc(strlen(line)+1); data/elvis-tiny-1.4/shell.c:211:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). myenv[i].value=malloc(strlen(value)+1); data/elvis-tiny-1.4/sysdos.c:81:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:85:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(ep, environ[i]); ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:86:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(ep, o_shell); ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:88:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(ep, cmd); ep+=strlen(ep)+1; data/elvis-tiny-1.4/sysdos.c:92:2: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(line+1, cmd, 126); data/elvis-tiny-1.4/sysdos.c:93:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[0]=strlen(line+1); data/elvis-tiny-1.4/sysdos.c:114:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((fd=strlen(output)) && !strchr("/\\:", output[fd-1])) data/elvis-tiny-1.4/system.c:170:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((buffer = (char*) malloc(strlen(cmd))) == (char*) 0) data/elvis-tiny-1.4/system.c:176:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(command); data/elvis-tiny-1.4/system.c:195:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(command); data/elvis-tiny-1.4/system.c:199:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, command, len); data/elvis-tiny-1.4/system.c:299:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = names + strlen(names) + 1, d = s + PROGLEN; s > names; ) data/elvis-tiny-1.4/system.c:303:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(names, PROG, PROGLEN); data/elvis-tiny-1.4/system.c:347:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scrout = malloc(strlen(o_directory) + 9 + 1); /* strlen("/soXXXXXX") */ data/elvis-tiny-1.4/system.c:352:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i=strlen(scrout)) && strchr("\\/:", scrout[i-1])) data/elvis-tiny-1.4/tio.c:672:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(rawin); data/elvis-tiny-1.4/tio.c:703:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mapped[i].rawin, rawin, j); data/elvis-tiny-1.4/tio.c:737:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len -= strlen(mapped[i].name); data/elvis-tiny-1.4/tio.c:833:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). twrite(fd, buf, strlen(buf)); data/elvis-tiny-1.4/tio.c:849:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). twrite(fd, buf, strlen(buf)); data/elvis-tiny-1.4/tio.c:862:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). twrite(fd, buf, strlen(buf)); data/elvis-tiny-1.4/tmp.c:69:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, start, (int)(str - start)); data/elvis-tiny-1.4/tmp.c:182:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (sum = 0, scan = origname + strlen(origname); data/elvis-tiny-1.4/tmp.c:196:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen(tmpname)) && !strchr(":/\\", tmpname[i-1])) data/elvis-tiny-1.4/tmp.c:222:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scan = malloc(strlen(o_directory) + 10 + 1); /* "/elvXXXXXX" */ data/elvis-tiny-1.4/tmp.c:272:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(this->c, "\n"); /* put a line in it */ data/elvis-tiny-1.4/tmp.c:392:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(this->c, "\n"); /* put a line in it */ data/elvis-tiny-1.4/tmp.c:531:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(filename, o_directory, strlen(o_directory))) data/elvis-tiny-1.4/vcmd.c:685:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). change(m, m + strlen(keyword), newval); data/elvis-tiny-1.4/vcmd.c:731:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(U_text, "\n"); data/elvis-tiny-1.4/virec.c:68:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if (read(0, &hdr, (unsigned)BLKSIZE) != BLKSIZE) data/elvis-tiny-1.4/virec.c:121:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (sum = 0, scan = filename + strlen(filename); data/elvis-tiny-1.4/virec.c:135:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen(tmpname)) && !strchr(":/\\", tmpname[i-1])) data/elvis-tiny-1.4/virec.c:162:12: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (getchar()) data/elvis-tiny-1.4/virec.c:184:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(tmpfd, &hdr, (unsigned)BLKSIZE) != BLKSIZE) data/elvis-tiny-1.4/virec.c:199:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(tmpfd, &text, (unsigned)BLKSIZE) != BLKSIZE) data/elvis-tiny-1.4/virec.c:237:3: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(tmpfd, &text, (unsigned)BLKSIZE); data/elvis-tiny-1.4/wildcard.c:132:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nfiles<MAXFILES && (files[nfiles]=calloc(strlen(buf)+1, 1))!=0) ANALYSIS SUMMARY: Hits = 463 Lines analyzed = 18220 in approximately 0.57 seconds (31907 lines/second) Physical Source Lines of Code (SLOC) = 13872 Hits@level = [0] 23 [1] 116 [2] 211 [3] 20 [4] 115 [5] 1 Hits@level+ = [0+] 486 [1+] 463 [2+] 347 [3+] 136 [4+] 116 [5+] 1 Hits/KSLOC@level+ = [0+] 35.0346 [1+] 33.3766 [2+] 25.0144 [3+] 9.80392 [4+] 8.36217 [5+] 0.0720877 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.