Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/flickcurl-1.26/getopt/flickcurl_getopt.h
Examining data/flickcurl-1.26/getopt/getopt.c
Examining data/flickcurl-1.26/docs/search-photos.c
Examining data/flickcurl-1.26/src/stats-api.c
Examining data/flickcurl-1.26/src/photos-geo-api.c
Examining data/flickcurl-1.26/src/photos-licenses-api.c
Examining data/flickcurl-1.26/src/vsnprintf.c
Examining data/flickcurl-1.26/src/groups-pools-api.c
Examining data/flickcurl-1.26/src/gallery.c
Examining data/flickcurl-1.26/src/photo.c
Examining data/flickcurl-1.26/src/contacts.c
Examining data/flickcurl-1.26/src/activity.c
Examining data/flickcurl-1.26/src/person.c
Examining data/flickcurl-1.26/src/urls-api.c
Examining data/flickcurl-1.26/src/prefs-api.c
Examining data/flickcurl-1.26/src/size.c
Examining data/flickcurl-1.26/src/location.c
Examining data/flickcurl-1.26/src/galleries-api.c
Examining data/flickcurl-1.26/src/user_upload_status.c
Examining data/flickcurl-1.26/src/machinetags-api.c
Examining data/flickcurl-1.26/src/md5.c
Examining data/flickcurl-1.26/src/group.c
Examining data/flickcurl-1.26/src/tags-api.c
Examining data/flickcurl-1.26/src/photos-api.c
Examining data/flickcurl-1.26/src/shape.c
Examining data/flickcurl-1.26/src/serializer.c
Examining data/flickcurl-1.26/src/test-api.c
Examining data/flickcurl-1.26/src/method.c
Examining data/flickcurl-1.26/src/members.c
Examining data/flickcurl-1.26/src/flickcurl.h
Examining data/flickcurl-1.26/src/groups-members-api.c
Examining data/flickcurl-1.26/src/ticket.c
Examining data/flickcurl-1.26/src/collection.c
Examining data/flickcurl-1.26/src/contacts-api.c
Examining data/flickcurl-1.26/src/config.c
Examining data/flickcurl-1.26/src/panda-api.c
Examining data/flickcurl-1.26/src/legacy-auth.c
Examining data/flickcurl-1.26/src/photos-comments-api.c
Examining data/flickcurl-1.26/src/photos-upload-api.c
Examining data/flickcurl-1.26/src/comments.c
Examining data/flickcurl-1.26/src/video.c
Examining data/flickcurl-1.26/src/commons-api.c
Examining data/flickcurl-1.26/src/photos-notes-api.c
Examining data/flickcurl-1.26/src/upload-api.c
Examining data/flickcurl-1.26/src/photoset.c
Examining data/flickcurl-1.26/src/activity-api.c
Examining data/flickcurl-1.26/src/favorites-api.c
Examining data/flickcurl-1.26/src/people-api.c
Examining data/flickcurl-1.26/src/photos-transform-api.c
Examining data/flickcurl-1.26/src/exif.c
Examining data/flickcurl-1.26/src/photos-people-api.c
Examining data/flickcurl-1.26/src/mtwist_config.h
Examining data/flickcurl-1.26/src/args.c
Examining data/flickcurl-1.26/src/note.c
Examining data/flickcurl-1.26/src/groups-api.c
Examining data/flickcurl-1.26/src/tags.c
Examining data/flickcurl-1.26/src/auth-api.c
Examining data/flickcurl-1.26/src/places-api.c
Examining data/flickcurl-1.26/src/blogs-api.c
Examining data/flickcurl-1.26/src/category.c
Examining data/flickcurl-1.26/src/stat.c
Examining data/flickcurl-1.26/src/collections-api.c
Examining data/flickcurl-1.26/src/institution.c
Examining data/flickcurl-1.26/src/place.c
Examining data/flickcurl-1.26/src/sha1.c
Examining data/flickcurl-1.26/src/blog.c
Examining data/flickcurl-1.26/src/context.c
Examining data/flickcurl-1.26/src/perms.c
Examining data/flickcurl-1.26/src/photosets-api.c
Examining data/flickcurl-1.26/src/interestingness-api.c
Examining data/flickcurl-1.26/src/reflection-api.c
Examining data/flickcurl-1.26/src/photosets-comments-api.c
Examining data/flickcurl-1.26/src/machinetags.c
Examining data/flickcurl-1.26/src/common.c
Examining data/flickcurl-1.26/src/flickcurl_internal.h
Examining data/flickcurl-1.26/src/oauth.c
Examining data/flickcurl-1.26/examples/print-photo-info.c
Examining data/flickcurl-1.26/examples/search-photos.c
Examining data/flickcurl-1.26/utils/commands.c
Examining data/flickcurl-1.26/utils/mangen.c
Examining data/flickcurl-1.26/utils/raptor_fake.c
Examining data/flickcurl-1.26/utils/flickcurl.c
Examining data/flickcurl-1.26/utils/cmdline.c
Examining data/flickcurl-1.26/utils/flickcurl_cmd.h
Examining data/flickcurl-1.26/utils/raptor_fake.h
Examining data/flickcurl-1.26/utils/codegen.c
Examining data/flickcurl-1.26/utils/list-methods.c
Examining data/flickcurl-1.26/utils/flickrdf.c
Examining data/flickcurl-1.26/libmtwist/mtwist.h
Examining data/flickcurl-1.26/libmtwist/test.c
Examining data/flickcurl-1.26/libmtwist/mtwist_internal.h
Examining data/flickcurl-1.26/libmtwist/mt.c
Examining data/flickcurl-1.26/libmtwist/seed.c
FINAL RESULTS:
data/flickcurl-1.26/docs/search-photos.c:53:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config_path, "%s/%s", home, config_filename);
data/flickcurl-1.26/docs/search-photos.c:55:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config_path, config_filename);
data/flickcurl-1.26/docs/search-photos.c:88:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access((const char*)config_path, R_OK)) {
data/flickcurl-1.26/examples/search-photos.c:79:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(config_path, "%s/%s", home, config_filename);
data/flickcurl-1.26/examples/search-photos.c:81:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(config_path, config_filename);
data/flickcurl-1.26/examples/search-photos.c:114:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access((const char*)config_path, R_OK)) {
data/flickcurl-1.26/src/common.c:98:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, arguments);
data/flickcurl-1.26/src/common.c:1119:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "captured/%s.xml", fc->method+7); /* skip "flickr." */
data/flickcurl-1.26/src/common.c:1132:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(filename, R_OK)) {
data/flickcurl-1.26/src/common.c:1143:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fc->uri, "file:%s", filename);
data/flickcurl-1.26/src/photo.c:183:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "https://farm%s.staticflickr.com/%s/%s_%s_o.%s",
data/flickcurl-1.26/src/photo.c:191:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "https://farm%s.staticflickr.com/%s/%s_%s_%c.jpg",
data/flickcurl-1.26/src/photo.c:199:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "https://farm%s.staticflickr.com/%s/%s_%s.jpg",
data/flickcurl-1.26/src/photo.c:228:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "https://www.flickr.com/photos/%s/%s",
data/flickcurl-1.26/src/photo.c:419:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "https://farm%d.staticflickr.com/%d/buddyicons/%s.jpg",
data/flickcurl-1.26/src/upload-api.c:75:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access((const char*)params->photo_file, R_OK)) {
data/flickcurl-1.26/src/upload-api.c:247:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access((const char*)photo_file, R_OK)) {
data/flickcurl-1.26/src/vsnprintf.c:72:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(empty_buffer, 1, message, args_copy)+1;
data/flickcurl-1.26/src/vsnprintf.c:82:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, len, message, args_copy);
data/flickcurl-1.26/src/vsnprintf.c:96:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(buffer, size, message, args_copy);
data/flickcurl-1.26/utils/cmdline.c:68:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(flickcurl_cmdline_config_path, "%s/%s", home, config_filename);
data/flickcurl-1.26/utils/codegen.c:169:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/codegen.c:186:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/codegen.c:216:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(read_auth && !access((const char*)flickcurl_cmdline_config_path, R_OK)) {
data/flickcurl-1.26/utils/codegen.c:229:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section+7, argv[1]);
data/flickcurl-1.26/utils/codegen.c:238:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(section, section+7);
data/flickcurl-1.26/utils/commands.c:1066:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access((const char*)params.photo_file, R_OK)) {
data/flickcurl-1.26/utils/commands.c:1158:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access((const char*)file, R_OK)) {
data/flickcurl-1.26/utils/flickcurl.c:149:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/flickcurl.c:240:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access((const char*)flickcurl_cmdline_config_path, R_OK)) {
data/flickcurl-1.26/utils/flickcurl.c:435:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/flickrdf.c:355:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access((const char*)flickcurl_cmdline_config_path, R_OK)) {
data/flickcurl-1.26/utils/flickrdf.c:367:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/flickrdf.c:385:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/list-methods.c:165:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/list-methods.c:182:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/list-methods.c:211:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(read_auth && !access((const char*)flickcurl_cmdline_config_path, R_OK)) {
data/flickcurl-1.26/utils/mangen.c:219:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, title_format_string, flickcurl_version_string);
data/flickcurl-1.26/utils/mangen.c:235:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(title_format_string, flickcurl_version_string);
data/flickcurl-1.26/docs/search-photos.c:51:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/flickcurl-1.26/examples/search-photos.c:77:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/flickcurl-1.26/getopt/flickcurl_getopt.h:13:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char * const argv[], const char *optstring);
data/flickcurl-1.26/getopt/getopt.c:68:1: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
getopt (int argc, char * const argv[], const char *optstring)
data/flickcurl-1.26/utils/cmdline.c:59:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/flickcurl-1.26/utils/codegen.c:127:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, GETOPT_STRING, long_options, &option_index);
data/flickcurl-1.26/utils/codegen.c:129:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, GETOPT_STRING);
data/flickcurl-1.26/utils/flickcurl.c:294:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, GETOPT_STRING, long_options, &option_index);
data/flickcurl-1.26/utils/flickcurl.c:296:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, GETOPT_STRING);
data/flickcurl-1.26/utils/flickrdf.c:224:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, GETOPT_STRING, long_options, &option_index);
data/flickcurl-1.26/utils/flickrdf.c:226:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, GETOPT_STRING);
data/flickcurl-1.26/utils/list-methods.c:128:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long (argc, argv, GETOPT_STRING, long_options, &option_index);
data/flickcurl-1.26/utils/list-methods.c:130:9: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt (argc, argv, GETOPT_STRING);
data/flickcurl-1.26/docs/search-photos.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_path[1024];
data/flickcurl-1.26/examples/search-photos.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_path[1024];
data/flickcurl-1.26/src/activity-api.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/activity-api.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/activity-api.c:69:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/activity-api.c:73:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/activity-api.c:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/activity-api.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/activity-api.c:140:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/activity-api.c:144:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/activity.c:121:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/activity.c:132:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ae->date_added = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:143:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ae->value, chnode->content, len + 1);
data/flickcurl-1.26/src/activity.c:197:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/activity.c:212:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->server = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:215:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->farm = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:218:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->comments_old = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:221:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->comments_new = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:224:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->notes_old = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:227:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->notes_new = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:230:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->views = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:233:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->photos = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:236:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->faves = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:239:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->comments = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:242:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a->more = atoi(attr_value);
data/flickcurl-1.26/src/activity.c:256:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->title, chnode->children->content, len + 1);
data/flickcurl-1.26/src/args.c:95:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg->name, attr->children->content, len + 1);
data/flickcurl-1.26/src/args.c:97:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
arg->optional = atoi((const char*)attr->children->content);
data/flickcurl-1.26/src/args.c:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(arg->description, (const char*)chnode->content, len + 1);
data/flickcurl-1.26/src/blog.c:115:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/blog.c:122:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b->needs_password = atoi(attr_value);
data/flickcurl-1.26/src/blog.c:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/blog.c:243:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->name, chnode->content, len + 1);
data/flickcurl-1.26/src/category.c:127:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/category.c:136:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c->count = atoi(attr_value);
data/flickcurl-1.26/src/collection.c:184:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_xpath, xpathExpr, xpathExpr_len + 1);
data/flickcurl-1.26/src/collection.c:241:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unix_time = atoi(string_value);
data/flickcurl-1.26/src/collection.c:260:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(string_value);
data/flickcurl-1.26/src/comments.c:129:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/comments.c:138:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
comment_object->datecreate = atoi((const char*)attr_value);
data/flickcurl-1.26/src/comments.c:151:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comment_object->text, chnode->content, len +1);
data/flickcurl-1.26/src/common.c:137:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, ptr, len);
data/flickcurl-1.26/src/common.c:231:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->service_uri, flickcurl_flickr_service_uri, len + 1);
data/flickcurl-1.26/src/common.c:235:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->upload_service_uri, flickcurl_flickr_upload_service_uri, len +1);
data/flickcurl-1.26/src/common.c:239:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->replace_service_uri, flickcurl_flickr_replace_service_uri, len +1);
data/flickcurl-1.26/src/common.c:243:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->oauth_request_token_uri, flickcurl_flickr_oauth_request_token_uri, len +1);
data/flickcurl-1.26/src/common.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->oauth_access_token_uri, flickcurl_flickr_oauth_access_token_uri, len +1);
data/flickcurl-1.26/src/common.c:483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ua_copy, user_agent, len + 1);
data/flickcurl-1.26/src/common.c:504:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(proxy_copy, proxy, len + 1);
data/flickcurl-1.26/src/common.c:532:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value_copy, "Accept:", 8); /* copy NUL */
data/flickcurl-1.26/src/common.c:536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value_copy, value, (len - 8) + 1);
data/flickcurl-1.26/src/common.c:567:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->service_uri, uri, len + 1);
data/flickcurl-1.26/src/common.c:597:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->upload_service_uri, uri, len + 1);
data/flickcurl-1.26/src/common.c:627:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->replace_service_uri, uri, len + 1);
data/flickcurl-1.26/src/common.c:656:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.client_key, api_key, len + 1);
data/flickcurl-1.26/src/common.c:700:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->secret, secret, len + 1);
data/flickcurl-1.26/src/common.c:739:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->auth_token, auth_token, len + 1);
data/flickcurl-1.26/src/common.c:1024:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fc->error_code = atoi((char*)ptr+EC_HEADER_LEN);
data/flickcurl-1.26/src/common.c:1030:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->error_msg, (char*)ptr + EM_HEADER_LEN, len + 1);
data/flickcurl-1.26/src/common.c:1071:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwait, &fc->last_request_time, sizeof(struct timeval));
data/flickcurl-1.26/src/common.c:1111:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[200];
data/flickcurl-1.26/src/common.c:1121:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "captured/upload.xml");
data/flickcurl-1.26/src/common.c:1140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->uri, uri_string, len + 1);
data/flickcurl-1.26/src/common.c:1168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&uwait, &fc->last_request_time, sizeof(struct timeval));
data/flickcurl-1.26/src/common.c:1210:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nwait, &rem, sizeof(struct timeval));
data/flickcurl-1.26/src/common.c:1222:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fc->last_request_time, &now, sizeof(struct timeval));
data/flickcurl-1.26/src/common.c:1226:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fc->fh = fopen(filename, "wb");
data/flickcurl-1.26/src/common.c:1385:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, chunks[i]->content, chunks[i]->size);
data/flickcurl-1.26/src/common.c:1460:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fc->error_code = atoi(attr_value);
data/flickcurl-1.26/src/common.c:1464:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->error_msg, attr_value, attr_len + 1);
data/flickcurl-1.26/src/common.c:1621:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char date_buffer[ISO_DATE_LEN + 1];
data/flickcurl-1.26/src/common.c:1630:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, date_buffer, len + 1);
data/flickcurl-1.26/src/common.c:1641:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char date_buffer[SQL_DATETIME_LEN + 1];
data/flickcurl-1.26/src/common.c:1650:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, date_buffer, len + 1);
data/flickcurl-1.26/src/common.c:1666:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, timestamp, SQL_DATE_LEN);
data/flickcurl-1.26/src/common.c:1712:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, node->children->content, len + 1);
data/flickcurl-1.26/src/common.c:1767:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, xmlBufferContent(buffer), value_len + 1);
data/flickcurl-1.26/src/common.c:1946:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, array[i], item_len);
data/flickcurl-1.26/src/common.c:1996:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array[i], str, item_len);
data/flickcurl-1.26/src/common.c:2268:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char per_page_s[FLICKCURL_MAX_LIST_PARAM_COUNT];
data/flickcurl-1.26/src/common.c:2269:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char page_s[FLICKCURL_MAX_LIST_PARAM_COUNT];
data/flickcurl-1.26/src/common.c:2284:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", list_params->per_page);
data/flickcurl-1.26/src/common.c:2291:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", list_params->page);
data/flickcurl-1.26/src/config.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INI_BUF_SIZE+1];
data/flickcurl-1.26/src/config.c:75:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(filename, "r");
data/flickcurl-1.26/src/config.c:274:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fh = fopen(filename, "w");
data/flickcurl-1.26/src/contacts-api.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/contacts-api.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/contacts-api.c:77:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/contacts-api.c:81:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/contacts-api.c:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_lastupload_str[20];
data/flickcurl-1.26/src/contacts-api.c:151:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(date_lastupload_str, "%d", date_lastupload);
data/flickcurl-1.26/src/contacts-api.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/contacts-api.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/contacts-api.c:225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/contacts-api.c:229:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/contacts-api.c:296:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/contacts-api.c:297:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/contacts-api.c:306:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/contacts-api.c:310:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/contacts.c:127:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/contacts.c:134:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contact_object->iconserver = atoi((const char*)attr_value);
data/flickcurl-1.26/src/contacts.c:139:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contact_object->is_friend = atoi((const char*)attr_value);
data/flickcurl-1.26/src/contacts.c:142:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contact_object->is_family = atoi((const char*)attr_value);
data/flickcurl-1.26/src/contacts.c:145:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contact_object->ignored = atoi((const char*)attr_value);
data/flickcurl-1.26/src/contacts.c:148:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
contact_object->uploaded = atoi((const char*)attr_value);
data/flickcurl-1.26/src/context.c:165:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/context.c:172:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context->server = atoi(attr_value);
data/flickcurl-1.26/src/context.c:175:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
context->farm = atoi(attr_value);
data/flickcurl-1.26/src/exif.c:127:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/exif.c:132:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e->tagspaceid = atoi(attr_value);
data/flickcurl-1.26/src/exif.c:135:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
e->tag = atoi(attr_value);
data/flickcurl-1.26/src/exif.c:150:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->raw, chnode->children->content, len + 1);
data/flickcurl-1.26/src/exif.c:154:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->clean, chnode->children->content, len + 1);
data/flickcurl-1.26/src/favorites-api.c:119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_prev_str[10];
data/flickcurl-1.26/src/favorites-api.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_next_str[10];
data/flickcurl-1.26/src/favorites-api.c:131:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_prev_str, "%d", num_prev);
data/flickcurl-1.26/src/favorites-api.c:135:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_next_str, "%d", num_next);
data/flickcurl-1.26/src/flickcurl_internal.h:352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buffer[CURL_ERROR_SIZE];
data/flickcurl-1.26/src/flickcurl_internal.h:459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *parameters[FLICKCURL_TOTAL_PARAM_COUNT][2];
data/flickcurl-1.26/src/galleries-api.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/galleries-api.c:414:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/galleries-api.c:423:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/galleries-api.c:427:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/galleries-api.c:489:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/galleries-api.c:490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/galleries-api.c:499:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/galleries-api.c:503:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/gallery.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->primary_photo->media_type, "photo", PHOTO_STR_LEN + 1);
data/flickcurl-1.26/src/gallery.c:144:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/gallery.c:153:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->date_create = atoi(attr_value);
data/flickcurl-1.26/src/gallery.c:156:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->date_update = atoi(attr_value);
data/flickcurl-1.26/src/gallery.c:161:92: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->primary_photo->fields[PHOTO_FIELD_server].integer = (flickcurl_photo_field_type)atoi(attr_value);
data/flickcurl-1.26/src/gallery.c:164:90: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->primary_photo->fields[PHOTO_FIELD_farm].integer = (flickcurl_photo_field_type)atoi(attr_value);
data/flickcurl-1.26/src/gallery.c:169:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->count_photos = atoi(attr_value);
data/flickcurl-1.26/src/gallery.c:172:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->count_videos = atoi(attr_value);
data/flickcurl-1.26/src/gallery.c:187:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->title, chnode->children->content, len + 1);
data/flickcurl-1.26/src/gallery.c:193:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->description, chnode->children->content, len + 1);
data/flickcurl-1.26/src/group.c:131:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/group.c:140:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->is_admin = atoi(attr_value);
data/flickcurl-1.26/src/group.c:143:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->is_moderator = atoi(attr_value);
data/flickcurl-1.26/src/group.c:146:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->is_member = atoi(attr_value);
data/flickcurl-1.26/src/group.c:149:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->privacy = atoi(attr_value);
data/flickcurl-1.26/src/group.c:152:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->photos = atoi(attr_value);
data/flickcurl-1.26/src/group.c:155:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->iconserver = atoi(attr_value);
data/flickcurl-1.26/src/group.c:158:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->is_pool_moderated = atoi(attr_value);
data/flickcurl-1.26/src/group.c:161:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->iconfarm = atoi(attr_value);
data/flickcurl-1.26/src/group.c:184:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/group.c:186:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->throttle_count = atoi(attr_value);
data/flickcurl-1.26/src/group.c:191:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->throttle_remaining = atoi(attr_value);
data/flickcurl-1.26/src/group.c:205:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->photos_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:207:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->videos_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:209:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->images_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:211:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->screens_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:213:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->art_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:215:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->safe_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:217:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->moderate_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:219:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->restricted_ok = atoi(attr_value);
data/flickcurl-1.26/src/group.c:221:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->has_geo = atoi(attr_value);
data/flickcurl-1.26/src/group.c:231:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, chnode->children->content, value_len + 1);
data/flickcurl-1.26/src/group.c:238:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->members = atoi(value);
data/flickcurl-1.26/src/group.c:241:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->privacy = atoi(value);
data/flickcurl-1.26/src/group.c:246:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->pool_count = atoi(value);
data/flickcurl-1.26/src/group.c:249:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->topic_count = atoi(value);
data/flickcurl-1.26/src/groups-api.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cat_id_str[10];
data/flickcurl-1.26/src/groups-api.c:67:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cat_id_str, "%d", cat_id);
data/flickcurl-1.26/src/groups-api.c:345:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[10];
data/flickcurl-1.26/src/groups-api.c:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[10];
data/flickcurl-1.26/src/groups-api.c:354:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/groups-api.c:356:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/groups-members-api.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[10];
data/flickcurl-1.26/src/groups-members-api.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[10];
data/flickcurl-1.26/src/groups-members-api.c:87:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/groups-members-api.c:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/groups-pools-api.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[10];
data/flickcurl-1.26/src/groups-pools-api.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[10];
data/flickcurl-1.26/src/groups-pools-api.c:165:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/groups-pools-api.c:167:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/institution.c:233:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
institution->date_launch = atoi(value);
data/flickcurl-1.26/src/legacy-auth.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->method, method, len + 1);
data/flickcurl-1.26/src/legacy-auth.c:155:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_fields[i], fc->parameters[i][0], param_len + 1);
data/flickcurl-1.26/src/legacy-auth.c:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_values[i], fc->parameters[i][1], values_len[i] + 1);
data/flickcurl-1.26/src/legacy-auth.c:167:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->upload_field, upload_field, len + 1);
data/flickcurl-1.26/src/legacy-auth.c:171:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->upload_value, upload_value, len + 1);
data/flickcurl-1.26/src/legacy-auth.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, fc->secret, secret_len);
data/flickcurl-1.26/src/legacy-auth.c:192:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, fc->parameters[i][0], len);
data/flickcurl-1.26/src/legacy-auth.c:194:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, fc->parameters[i][1], values_len[i]);
data/flickcurl-1.26/src/legacy-auth.c:210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_fields[fc->count], fc->parameters[fc->count][0], 7 + 1);
data/flickcurl-1.26/src/legacy-auth.c:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_values[fc->count], fc->parameters[fc->count][1], 32 + 1);
data/flickcurl-1.26/src/legacy-auth.c:237:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->uri, service_uri, fc_uri_len);
data/flickcurl-1.26/src/legacy-auth.c:254:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, fc->parameters[i][0], len);
data/flickcurl-1.26/src/legacy-auth.c:267:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, value, len);
data/flickcurl-1.26/src/location.c:96:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_value_len + 1);
data/flickcurl-1.26/src/location.c:103:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
location->accuracy = atoi(attr_value);
data/flickcurl-1.26/src/machinetags-api.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:72:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/machinetags-api.c:74:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/machinetags-api.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:146:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/machinetags-api.c:148:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/machinetags-api.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:218:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/machinetags-api.c:220:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/machinetags-api.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[4];
data/flickcurl-1.26/src/machinetags-api.c:296:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/machinetags-api.c:298:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/machinetags-api.c:359:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char added_since_s[20];
data/flickcurl-1.26/src/machinetags-api.c:372:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(added_since_s, "%d", added_since);
data/flickcurl-1.26/src/machinetags.c:106:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, (const char*)attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/machinetags.c:109:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tn->usage_count = atoi(attr_value);
data/flickcurl-1.26/src/machinetags.c:111:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tn->predicates_count = atoi(attr_value);
data/flickcurl-1.26/src/machinetags.c:122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tn->name, chnode->content, len + 1);
data/flickcurl-1.26/src/machinetags.c:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/machinetags.c:260:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tpv->usage_count = atoi(attr_value);
data/flickcurl-1.26/src/machinetags.c:263:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tpv->used_in_namespace_count = atoi(attr_value);
data/flickcurl-1.26/src/machinetags.c:280:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr, chnode->content, len + 1);
data/flickcurl-1.26/src/md5.c:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[64];
data/flickcurl-1.26/src/md5.c:78:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/flickcurl-1.26/src/md5.c:155:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, len);
data/flickcurl-1.26/src/md5.c:158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, buf, t);
data/flickcurl-1.26/src/md5.c:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, 64);
data/flickcurl-1.26/src/md5.c:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->in, buf, len);
data/flickcurl-1.26/src/md5.c:223:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->digest, ctx->buf, 16);
data/flickcurl-1.26/src/md5.c:351:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(b+(i<<1), "%02x", (unsigned int)md5.digest[i]);
data/flickcurl-1.26/src/members.c:123:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/members.c:130:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
member_object->iconserver = atoi((const char*)attr_value);
data/flickcurl-1.26/src/members.c:133:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
member_object->iconserver = atoi((const char*)attr_value);
data/flickcurl-1.26/src/members.c:136:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
member_object->member_type = atoi((const char*)attr_value);
data/flickcurl-1.26/src/method.c:130:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
method->needslogin = atoi(string_value);
data/flickcurl-1.26/src/note.c:104:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/note.c:107:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n->id = atoi(attr_value);
data/flickcurl-1.26/src/note.c:114:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n->x = atoi(attr_value);
data/flickcurl-1.26/src/note.c:117:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n->y = atoi(attr_value);
data/flickcurl-1.26/src/note.c:120:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n->w = atoi(attr_value);
data/flickcurl-1.26/src/note.c:123:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n->h = atoi(attr_value);
data/flickcurl-1.26/src/note.c:134:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->text, chnode->content, len + 1);
data/flickcurl-1.26/src/oauth.c:216:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, od->client_secret, od->client_secret_len);
data/flickcurl-1.26/src/oauth.c:221:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, od->request_token_secret, od->request_token_secret_len);
data/flickcurl-1.26/src/oauth.c:224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, od->token_secret, od->token_secret_len);
data/flickcurl-1.26/src/oauth.c:342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->method, method, len + 1);
data/flickcurl-1.26/src/oauth.c:376:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nonce, "%ld", mtwist_u32rand(fc->mt));
data/flickcurl-1.26/src/oauth.c:388:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timestamp, "%ld", (long)od->timestamp);
data/flickcurl-1.26/src/oauth.c:392:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(timestamp, "%ld", (long)tp.tv_sec);
data/flickcurl-1.26/src/oauth.c:445:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_fields[i], fc->parameters[i][0], param_len + 1);
data/flickcurl-1.26/src/oauth.c:451:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_values[i], fc->parameters[i][1], values_len[i] + 1);
data/flickcurl-1.26/src/oauth.c:463:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->upload_field, upload_field, len + 1);
data/flickcurl-1.26/src/oauth.c:470:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->upload_value, upload_value, len + 1);
data/flickcurl-1.26/src/oauth.c:500:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, fc->parameters[i][0], len);
data/flickcurl-1.26/src/oauth.c:507:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, escaped_value, escaped_value_len);
data/flickcurl-1.26/src/oauth.c:529:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, http_method, http_method_len);
data/flickcurl-1.26/src/oauth.c:536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, escaped_value, escaped_value_len);
data/flickcurl-1.26/src/oauth.c:544:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, escaped_value, escaped_value_len);
data/flickcurl-1.26/src/oauth.c:583:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_fields[fc->count], fc->parameters[fc->count][0], 15 + 1);
data/flickcurl-1.26/src/oauth.c:589:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->param_values[fc->count], fc->parameters[fc->count][1], vlen + 1);
data/flickcurl-1.26/src/oauth.c:618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->uri, service_uri, fc_uri_len);
data/flickcurl-1.26/src/oauth.c:634:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, fc->parameters[i][0], len);
data/flickcurl-1.26/src/oauth.c:640:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, value, len);
data/flickcurl-1.26/src/oauth.c:757:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(od->request_token, request_token, len + 1);
data/flickcurl-1.26/src/oauth.c:762:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(od->request_token_secret, request_token_secret, len + 1);
data/flickcurl-1.26/src/oauth.c:818:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, flickcurl_flickr_oauth_authorize_uri, len);
data/flickcurl-1.26/src/oauth.c:820:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, param, PARAM_LEN);
data/flickcurl-1.26/src/oauth.c:822:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, od->request_token, od->request_token_len);
data/flickcurl-1.26/src/oauth.c:910:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(od->token, access_token, len + 1);
data/flickcurl-1.26/src/oauth.c:915:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(od->token_secret, access_token_secret, len + 1);
data/flickcurl-1.26/src/oauth.c:921:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(od->username, username, len + 1);
data/flickcurl-1.26/src/oauth.c:931:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(od->user_nsid, user_nsid, len + 1);
data/flickcurl-1.26/src/oauth.c:1019:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.client_key, client_key, len + 1);
data/flickcurl-1.26/src/oauth.c:1046:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.client_secret, client_secret, len + 1);
data/flickcurl-1.26/src/oauth.c:1088:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.token, token, len + 1);
data/flickcurl-1.26/src/oauth.c:1158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.token_secret, secret, len + 1);
data/flickcurl-1.26/src/oauth.c:1218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.request_token, token, len + 1);
data/flickcurl-1.26/src/oauth.c:1247:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fc->od.request_token_secret, secret, len + 1);
data/flickcurl-1.26/src/oauth.c:1381:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, http_request_method, s_len);
data/flickcurl-1.26/src/oauth.c:1388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, escaped_s, s_len);
data/flickcurl-1.26/src/oauth.c:1396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, escaped_s, s_len);
data/flickcurl-1.26/src/panda-api.c:82:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(panda, chnode->content, len + 1);
data/flickcurl-1.26/src/people-api.c:449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safe_search_s[4];
data/flickcurl-1.26/src/people-api.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_type_s[4];
data/flickcurl-1.26/src/people-api.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char privacy_filter_s[4];
data/flickcurl-1.26/src/people-api.c:460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(safe_search_s, "%d", safe_search);
data/flickcurl-1.26/src/people-api.c:476:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(content_type_s, "%d", content_type);
data/flickcurl-1.26/src/people-api.c:480:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(privacy_filter_s, "%d", privacy_filter);
data/flickcurl-1.26/src/perms.c:90:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/perms.c:95:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perms->is_public = atoi(attr_value);
data/flickcurl-1.26/src/perms.c:97:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perms->is_contact = atoi(attr_value);
data/flickcurl-1.26/src/perms.c:99:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perms->is_friend = atoi(attr_value);
data/flickcurl-1.26/src/perms.c:101:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perms->is_family = atoi(attr_value);
data/flickcurl-1.26/src/perms.c:103:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perms->perm_comment = atoi(attr_value);
data/flickcurl-1.26/src/perms.c:105:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
perms->perm_addmeta = atoi(attr_value);
data/flickcurl-1.26/src/person.c:247:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_xpath, xpathExpr, xpathExpr_len + 1);
data/flickcurl-1.26/src/person.c:311:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unix_time = atoi(string_value);
data/flickcurl-1.26/src/person.c:332:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(string_value);
data/flickcurl-1.26/src/photo.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/flickcurl-1.26/src/photo.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, buf, len + 1);
data/flickcurl-1.26/src/photo.c:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/flickcurl-1.26/src/photo.c:233:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, buf, len + 1);
data/flickcurl-1.26/src/photo.c:239:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char short_uri_alphabet[SHORT_URI_ALPHABET_SIZE+1]=
data/flickcurl-1.26/src/photo.c:243:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char short_uri_prefix[SHORT_URI_PREFIX_LEN+1] =
data/flickcurl-1.26/src/photo.c:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SHORT_URI_ALPHABET_SIZE + 1];
data/flickcurl-1.26/src/photo.c:289:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, short_uri_prefix, SHORT_URI_PREFIX_LEN);
data/flickcurl-1.26/src/photo.c:319:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char source_uri_match1[SOURCE_URI_MATCH1_LENGTH+1] = "http://farm";
data/flickcurl-1.26/src/photo.c:321:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char source_uri_match2[SOURCE_URI_MATCH2_LENGTH+1] = ".static.flickr.com/";
data/flickcurl-1.26/src/photo.c:323:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char source_uri_match3[SOURCE_URI_MATCH3_LENGTH+1] = ".staticflickr.com/";
data/flickcurl-1.26/src/photo.c:386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(photo_id, p, len);
data/flickcurl-1.26/src/photo.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/flickcurl-1.26/src/photo.c:423:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, buf, len + 1);
data/flickcurl-1.26/src/photo.c:427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, "https://www.flickr.com/images/buddyicon.jpg", MAGIC_LEN + 1);
data/flickcurl-1.26/src/photo.c:981:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_xpath, xpathExpr, xpathExpr_len + 1);
data/flickcurl-1.26/src/photo.c:1062:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unix_time = atoi(string_value);
data/flickcurl-1.26/src/photo.c:1090:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int_value = atoi(string_value);
data/flickcurl-1.26/src/photo.c:1152:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(photo->media_type, "photo", PHOTO_STR_LEN + 1);
data/flickcurl-1.26/src/photo.c:1304:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
photos_list->page = atoi(value);
data/flickcurl-1.26/src/photo.c:1311:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
photos_list->per_page = atoi(value);
data/flickcurl-1.26/src/photo.c:1318:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
photos_list->total_count = atoi(value);
data/flickcurl-1.26/src/photo.c:1330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(photosXpathExpr, xpathExpr, xpathExprLen);
data/flickcurl-1.26/src/photo.c:1331:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(photosXpathExpr + xpathExprLen, SUFFIX, SUFFIX_LEN + 1);
data/flickcurl-1.26/src/photo.c:1349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(photos_list->format, nformat, format_len + 1);
data/flickcurl-1.26/src/photos-api.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char true_s[2] = "1";
data/flickcurl-1.26/src/photos-api.c:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count_s[20];
data/flickcurl-1.26/src/photos-api.c:209:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(count_s, "%d", contact_count);
data/flickcurl-1.26/src/photos-api.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char true_s[2] = "1";
data/flickcurl-1.26/src/photos-api.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char photo_count_s[10];
data/flickcurl-1.26/src/photos-api.c:337:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(photo_count_s, "%d", photo_count);
data/flickcurl-1.26/src/photos-api.c:519:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/photos-api.c:522:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row[0] = atoi(attr_value);
data/flickcurl-1.26/src/photos-api.c:525:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row[1] = atoi(attr_value);
data/flickcurl-1.26/src/photos-api.c:528:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row[2] = atoi(attr_value);
data/flickcurl-1.26/src/photos-api.c:724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_s[4];
data/flickcurl-1.26/src/photos-api.c:725:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_s[4];
data/flickcurl-1.26/src/photos-api.c:733:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_s, "%d", page);
data/flickcurl-1.26/src/photos-api.c:735:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_s, "%d", per_page);
data/flickcurl-1.26/src/photos-api.c:861:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_upload_date_s[20];
data/flickcurl-1.26/src/photos-api.c:862:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_upload_date_s[20];
data/flickcurl-1.26/src/photos-api.c:863:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char privacy_filter_s[20];
data/flickcurl-1.26/src/photos-api.c:870:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_upload_date_s, "%d", min_upload_date);
data/flickcurl-1.26/src/photos-api.c:874:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_upload_date_s, "%d", max_upload_date);
data/flickcurl-1.26/src/photos-api.c:884:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(privacy_filter_s, "%d", privacy_filter);
data/flickcurl-1.26/src/photos-api.c:1520:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_date_s[20];
data/flickcurl-1.26/src/photos-api.c:1530:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_date_s, "%d", min_date);
data/flickcurl-1.26/src/photos-api.c:1703:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_upload_date_s[15];
data/flickcurl-1.26/src/photos-api.c:1704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_upload_date_s[15];
data/flickcurl-1.26/src/photos-api.c:1705:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accuracy_s[3];
data/flickcurl-1.26/src/photos-api.c:1706:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safe_search_s[2];
data/flickcurl-1.26/src/photos-api.c:1707:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_type_s[2];
data/flickcurl-1.26/src/photos-api.c:1708:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lat_s[32];
data/flickcurl-1.26/src/photos-api.c:1709:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lon_s[32];
data/flickcurl-1.26/src/photos-api.c:1710:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radius_s[32];
data/flickcurl-1.26/src/photos-api.c:1711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_s[32];
data/flickcurl-1.26/src/photos-api.c:1712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char geo_context_s[2];
data/flickcurl-1.26/src/photos-api.c:1729:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_upload_date_s, "%d", params->min_upload_date);
data/flickcurl-1.26/src/photos-api.c:1733:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_upload_date_s, "%d", params->max_upload_date);
data/flickcurl-1.26/src/photos-api.c:1750:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(accuracy_s, "%d", params->accuracy);
data/flickcurl-1.26/src/photos-api.c:1756:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(safe_search_s, "%d", params->safe_search);
data/flickcurl-1.26/src/photos-api.c:1762:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(content_type_s, "%d", params->content_type);
data/flickcurl-1.26/src/photos-api.c:1779:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(geo_context_s, "%d", params->geo_context);
data/flickcurl-1.26/src/photos-api.c:1784:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lat_s, "%f", params->lat);
data/flickcurl-1.26/src/photos-api.c:1788:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lon_s, "%f", params->lon);
data/flickcurl-1.26/src/photos-api.c:1793:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(radius_s, "%f", params->radius);
data/flickcurl-1.26/src/photos-api.c:1805:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_s, "%d", params->woe_id);
data/flickcurl-1.26/src/photos-api.c:1905:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_type_str[2];
data/flickcurl-1.26/src/photos-api.c:1916:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(content_type_str, "%d", content_type);
data/flickcurl-1.26/src/photos-api.c:1960:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_posted_str[20];
data/flickcurl-1.26/src/photos-api.c:1962:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_taken_granularity_str[3];
data/flickcurl-1.26/src/photos-api.c:1979:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(date_posted_str, "%d", date_posted);
data/flickcurl-1.26/src/photos-api.c:1988:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(date_taken_granularity_str, "%d", date_taken_granularity);
data/flickcurl-1.26/src/photos-api.c:2104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_public_str[2];
data/flickcurl-1.26/src/photos-api.c:2105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_friend_str[2];
data/flickcurl-1.26/src/photos-api.c:2106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_family_str[2];
data/flickcurl-1.26/src/photos-api.c:2107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_comment_str[2];
data/flickcurl-1.26/src/photos-api.c:2108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perm_addmeta_str[2];
data/flickcurl-1.26/src/photos-api.c:2122:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_public_str, "%d", (perms->is_public ? 1 : 0));
data/flickcurl-1.26/src/photos-api.c:2124:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_friend_str, "%d", (perms->is_friend ? 1 : 0));
data/flickcurl-1.26/src/photos-api.c:2126:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_family_str, "%d", (perms->is_family ? 1 : 0));
data/flickcurl-1.26/src/photos-api.c:2128:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(perm_comment_str, "%d", perms->perm_comment);
data/flickcurl-1.26/src/photos-api.c:2130:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(perm_addmeta_str, "%d", perms->perm_addmeta);
data/flickcurl-1.26/src/photos-api.c:2183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safety_level_str[2];
data/flickcurl-1.26/src/photos-api.c:2184:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hidden_str[2];
data/flickcurl-1.26/src/photos-api.c:2196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(safety_level_str, "%d", safety_level);
data/flickcurl-1.26/src/photos-api.c:2200:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hidden_str, "%d", hidden ? 1 : 0);
data/flickcurl-1.26/src/photos-comments-api.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date_lastcomment_str[20];
data/flickcurl-1.26/src/photos-comments-api.c:283:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(date_lastcomment_str, "%d", date_lastcomment);
data/flickcurl-1.26/src/photos-geo-api.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latitude_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longitude_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accuracy_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/photos-geo-api.c:94:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(latitude_s, "%f", location->latitude);
data/flickcurl-1.26/src/photos-geo-api.c:96:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(longitude_s, "%f", location->longitude);
data/flickcurl-1.26/src/photos-geo-api.c:98:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(accuracy_s, "%d", location->accuracy);
data/flickcurl-1.26/src/photos-geo-api.c:104:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/photos-geo-api.c:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/photos-geo-api.c:158:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/photos-geo-api.c:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latitude_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longitude_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:328:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accuracy_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:348:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(latitude_s, "%f", location->latitude);
data/flickcurl-1.26/src/photos-geo-api.c:350:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(longitude_s, "%f", location->longitude);
data/flickcurl-1.26/src/photos-geo-api.c:352:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(accuracy_s, "%d", location->accuracy);
data/flickcurl-1.26/src/photos-geo-api.c:482:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char context_str[3];
data/flickcurl-1.26/src/photos-geo-api.c:491:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(context_str, "%d", context);
data/flickcurl-1.26/src/photos-geo-api.c:542:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char latitude_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:543:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longitude_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accuracy_s[50];
data/flickcurl-1.26/src/photos-geo-api.c:565:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(latitude_s, "%f", location->latitude);
data/flickcurl-1.26/src/photos-geo-api.c:567:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(longitude_s, "%f", location->longitude);
data/flickcurl-1.26/src/photos-geo-api.c:570:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(accuracy_s, "%d", location->accuracy);
data/flickcurl-1.26/src/photos-geo-api.c:610:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_public_str[2];
data/flickcurl-1.26/src/photos-geo-api.c:611:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_contact_str[2];
data/flickcurl-1.26/src/photos-geo-api.c:612:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_friend_str[2];
data/flickcurl-1.26/src/photos-geo-api.c:613:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_family_str[2];
data/flickcurl-1.26/src/photos-geo-api.c:621:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_public_str, "%d", (perms->is_public ? 1 : 0));
data/flickcurl-1.26/src/photos-geo-api.c:623:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_contact_str, "%d", (perms->is_contact ? 1 : 0));
data/flickcurl-1.26/src/photos-geo-api.c:625:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_friend_str, "%d", (perms->is_friend ? 1 : 0));
data/flickcurl-1.26/src/photos-geo-api.c:627:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(is_family_str, "%d", (perms->is_family ? 1 : 0));
data/flickcurl-1.26/src/photos-licenses-api.c:121:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/photos-licenses-api.c:124:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
l->id = atoi(attr_value);
data/flickcurl-1.26/src/photos-licenses-api.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char license_id_s[5];
data/flickcurl-1.26/src/photos-licenses-api.c:234:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(license_id_s, "%d", license_id);
data/flickcurl-1.26/src/photos-notes-api.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_x_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_y_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_w_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_h_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:83:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_x_s, "%d", note_x);
data/flickcurl-1.26/src/photos-notes-api.c:85:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_y_s, "%d", note_y);
data/flickcurl-1.26/src/photos-notes-api.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_w_s, "%d", note_w);
data/flickcurl-1.26/src/photos-notes-api.c:89:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_h_s, "%d", note_h);
data/flickcurl-1.26/src/photos-notes-api.c:194:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_x_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_y_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_w_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char note_h_s[10];
data/flickcurl-1.26/src/photos-notes-api.c:205:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_x_s, "%d", note_x);
data/flickcurl-1.26/src/photos-notes-api.c:207:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_y_s, "%d", note_y);
data/flickcurl-1.26/src/photos-notes-api.c:209:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_w_s, "%d", note_w);
data/flickcurl-1.26/src/photos-notes-api.c:211:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(note_h_s, "%d", note_h);
data/flickcurl-1.26/src/photos-people-api.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_x_str[10];
data/flickcurl-1.26/src/photos-people-api.c:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_y_str[10];
data/flickcurl-1.26/src/photos-people-api.c:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_w_str[10];
data/flickcurl-1.26/src/photos-people-api.c:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_h_str[10];
data/flickcurl-1.26/src/photos-people-api.c:83:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_x_str, "%d", person_x);
data/flickcurl-1.26/src/photos-people-api.c:87:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_y_str, "%d", person_y);
data/flickcurl-1.26/src/photos-people-api.c:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_w_str, "%d", person_w);
data/flickcurl-1.26/src/photos-people-api.c:95:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_h_str, "%d", person_h);
data/flickcurl-1.26/src/photos-people-api.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_x_str[10];
data/flickcurl-1.26/src/photos-people-api.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_y_str[10];
data/flickcurl-1.26/src/photos-people-api.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_w_str[10];
data/flickcurl-1.26/src/photos-people-api.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char person_h_str[10];
data/flickcurl-1.26/src/photos-people-api.c:287:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_x_str, "%d", person_x);
data/flickcurl-1.26/src/photos-people-api.c:289:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_y_str, "%d", person_y);
data/flickcurl-1.26/src/photos-people-api.c:291:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_w_str, "%d", person_w);
data/flickcurl-1.26/src/photos-people-api.c:293:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(person_h_str, "%d", person_h);
data/flickcurl-1.26/src/photos-transform-api.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char degrees_str[4];
data/flickcurl-1.26/src/photos-transform-api.c:71:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(degrees_str, "%d", degrees);
data/flickcurl-1.26/src/photoset.c:134:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/photoset.c:143:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ps->server = atoi(attr_value);
data/flickcurl-1.26/src/photoset.c:146:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ps->farm = atoi(attr_value);
data/flickcurl-1.26/src/photoset.c:149:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ps->photos_count = atoi(attr_value);
data/flickcurl-1.26/src/photoset.c:165:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->title, chnode->children->content, len + 1);
data/flickcurl-1.26/src/photoset.c:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ps->description, chnode->children->content, len + 1);
data/flickcurl-1.26/src/photosets-api.c:497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char privacy_filter_str[2];
data/flickcurl-1.26/src/photosets-api.c:508:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(privacy_filter_str, "%d", privacy_filter);
data/flickcurl-1.26/src/place.c:526:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
place->count = atoi(value);
data/flickcurl-1.26/src/place.c:697:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/place.c:700:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pt->id = atoi(attr_value);
data/flickcurl-1.26/src/place.c:712:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pt->name, chnode->content, len + 1);
data/flickcurl-1.26/src/places-api.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lat_str[20];
data/flickcurl-1.26/src/places-api.c:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lon_str[20];
data/flickcurl-1.26/src/places-api.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char accuracy_str[4];
data/flickcurl-1.26/src/places-api.c:151:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lat_str, "%f", lat);
data/flickcurl-1.26/src/places-api.c:153:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lon_str, "%f", lon);
data/flickcurl-1.26/src/places-api.c:155:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(accuracy_str, "%d", accuracy);
data/flickcurl-1.26/src/places-api.c:213:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id_i = atoi(woe_id);
data/flickcurl-1.26/src/places-api.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/places-api.c:247:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:313:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id_i = atoi(woe_id);
data/flickcurl-1.26/src/places-api.c:338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/places-api.c:345:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:528:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[20];
data/flickcurl-1.26/src/places-api.c:539:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/places-api.c:603:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char place_type_id_str[3];
data/flickcurl-1.26/src/places-api.c:611:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(place_type_id_str, "%d", place_type_id);
data/flickcurl-1.26/src/places-api.c:618:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:690:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char place_type_id_str[3];
data/flickcurl-1.26/src/places-api.c:692:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bbox[255];
data/flickcurl-1.26/src/places-api.c:700:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bbox, "%f,%f,%f,%f", minimum_longitude, minimum_latitude,
data/flickcurl-1.26/src/places-api.c:707:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(place_type_id_str, "%d", place_type_id);
data/flickcurl-1.26/src/places-api.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char place_type_id_str[3];
data/flickcurl-1.26/src/places-api.c:783:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_upload_date_s[20];
data/flickcurl-1.26/src/places-api.c:784:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_upload_date_s[20];
data/flickcurl-1.26/src/places-api.c:785:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_taken_date_s[20];
data/flickcurl-1.26/src/places-api.c:786:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_taken_date_s[20];
data/flickcurl-1.26/src/places-api.c:787:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/places-api.c:788:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threshold_str[10];
data/flickcurl-1.26/src/places-api.c:803:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(place_type_id_str, "%d", place_type_id);
data/flickcurl-1.26/src/places-api.c:806:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:812:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(threshold_str, "%d", threshold);
data/flickcurl-1.26/src/places-api.c:819:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_upload_date_s, "%d", min_upload_date);
data/flickcurl-1.26/src/places-api.c:823:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_upload_date_s, "%d", max_upload_date);
data/flickcurl-1.26/src/places-api.c:827:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_taken_date_s, "%d", min_taken_date);
data/flickcurl-1.26/src/places-api.c:831:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_taken_date_s, "%d", max_taken_date);
data/flickcurl-1.26/src/places-api.c:920:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char place_type_id_str[3];
data/flickcurl-1.26/src/places-api.c:922:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[10];
data/flickcurl-1.26/src/places-api.c:930:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(place_type_id_str, "%d", place_type_id);
data/flickcurl-1.26/src/places-api.c:932:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:1119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[20];
data/flickcurl-1.26/src/places-api.c:1120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char threshold_str[4];
data/flickcurl-1.26/src/places-api.c:1142:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:1151:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(threshold_str, "%d", threshold);
data/flickcurl-1.26/src/places-api.c:1237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char woe_id_str[20];
data/flickcurl-1.26/src/places-api.c:1238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_upload_date_str[20];
data/flickcurl-1.26/src/places-api.c:1239:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_upload_date_str[20];
data/flickcurl-1.26/src/places-api.c:1240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char min_taken_date_str[20];
data/flickcurl-1.26/src/places-api.c:1241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max_taken_date_str[20];
data/flickcurl-1.26/src/places-api.c:1250:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(woe_id_str, "%d", woe_id);
data/flickcurl-1.26/src/places-api.c:1257:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_upload_date_str, "%d", min_upload_date);
data/flickcurl-1.26/src/places-api.c:1261:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_upload_date_str, "%d", min_upload_date);
data/flickcurl-1.26/src/places-api.c:1265:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(max_upload_date_str, "%d", max_upload_date);
data/flickcurl-1.26/src/places-api.c:1269:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(min_taken_date_str, "%d", min_taken_date);
data/flickcurl-1.26/src/prefs-api.c:81:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_type = atoi(content_type_str);
data/flickcurl-1.26/src/prefs-api.c:119:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r = atoi(v);
data/flickcurl-1.26/src/prefs-api.c:167:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
hidden = atoi(hidden_str);
data/flickcurl-1.26/src/prefs-api.c:225:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
privacy_level = atoi(privacy_level_str);
data/flickcurl-1.26/src/prefs-api.c:281:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
safety_level = atoi(safety_level_str);
data/flickcurl-1.26/src/reflection-api.c:115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(methods[count], chnode->content, len + 1);
data/flickcurl-1.26/src/serializer.c:227:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->prefix, prefix, ns->prefix_len + 1);
data/flickcurl-1.26/src/serializer.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->uri, uri, ns->uri_len + 1);
data/flickcurl-1.26/src/serializer.c:643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char place_bnode[7] = {'p', 'l', 'a', 'c', 'e', 'X', '\0'};
data/flickcurl-1.26/src/serializer.c:707:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/flickcurl-1.26/src/serializer.c:733:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", size->width);
data/flickcurl-1.26/src/serializer.c:739:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", size->height);
data/flickcurl-1.26/src/sha1.c:110:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/flickcurl-1.26/src/sha1.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_DIGEST_LENGTH];
data/flickcurl-1.26/src/sha1.c:115:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void SHA1Transform(u32 state[5], const unsigned char buffer[64]);
data/flickcurl-1.26/src/sha1.c:146:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
SHA1Transform(u32 state[5], const unsigned char buffer[64])
data/flickcurl-1.26/src/sha1.c:150:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[64];
data/flickcurl-1.26/src/sha1.c:155:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char workspace[64];
data/flickcurl-1.26/src/sha1.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/flickcurl-1.26/src/sha1.c:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/flickcurl-1.26/src/sha1.c:238:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/flickcurl-1.26/src/sha1.c:248:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char finalcount[8];
data/flickcurl-1.26/src/sha1.c:305:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char kpad[HMAC_SHA1_BLOCKSIZE];
data/flickcurl-1.26/src/sha1.c:326:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kpad, key, key_len);
data/flickcurl-1.26/src/sha1.c:337:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kpad, key, key_len);
data/flickcurl-1.26/src/sha1.c:349:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, outer.digest, SHA1_DIGEST_LENGTH);
data/flickcurl-1.26/src/shape.c:236:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shape->created = atoi(value);
data/flickcurl-1.26/src/shape.c:246:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shape->points = atoi(value);
data/flickcurl-1.26/src/shape.c:251:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shape->edges = atoi(value);
data/flickcurl-1.26/src/shape.c:256:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shape->is_donuthole = atoi(value);
data/flickcurl-1.26/src/shape.c:261:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shape->has_donuthole = atoi(value);
data/flickcurl-1.26/src/shape.c:276:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shapefile_urls, shape->file_urls, size * sizeof(char*));
data/flickcurl-1.26/src/size.c:127:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/size.c:132:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->width = atoi(attr_value);
data/flickcurl-1.26/src/size.c:135:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->height = atoi(attr_value);
data/flickcurl-1.26/src/stat.c:137:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/stat.c:140:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->views = atoi(attr_value);
data/flickcurl-1.26/src/stat.c:143:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->comments = atoi(attr_value);
data/flickcurl-1.26/src/stat.c:146:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->favorites = atoi(attr_value);
data/flickcurl-1.26/src/stats-api.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:105:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:109:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:192:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:196:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:289:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:345:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:349:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:418:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:431:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:435:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:502:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:519:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:588:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:602:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:606:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:700:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:818:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:819:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:828:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:832:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char per_page_str[10];
data/flickcurl-1.26/src/stats-api.c:900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char page_str[10];
data/flickcurl-1.26/src/stats-api.c:910:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(per_page_str, "%d", per_page);
data/flickcurl-1.26/src/stats-api.c:914:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(page_str, "%d", page);
data/flickcurl-1.26/src/stats-api.c:1005:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:1157:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
views->total = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:1163:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
views->photos = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:1169:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
views->photostreams = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:1175:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
views->sets = atoi(count_str);
data/flickcurl-1.26/src/stats-api.c:1181:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
views->collections = atoi(count_str);
data/flickcurl-1.26/src/tags-api.c:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_count_str[10];
data/flickcurl-1.26/src/tags-api.c:195:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tag_count_str, "%d", tag_count);
data/flickcurl-1.26/src/tags-api.c:368:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pop_count_str[10];
data/flickcurl-1.26/src/tags-api.c:379:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pop_count_str, "%d", pop_count);
data/flickcurl-1.26/src/tags.c:127:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/tags.c:144:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->machine_tag = atoi(attr_value);
data/flickcurl-1.26/src/tags.c:147:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->count = atoi(attr_value);
data/flickcurl-1.26/src/tags.c:151:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->count = atoi(attr_value);
data/flickcurl-1.26/src/tags.c:164:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->raw, chnode->children->content, len + 1);
data/flickcurl-1.26/src/tags.c:170:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->cooked, chnode->content, len + 1);
data/flickcurl-1.26/src/tags.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t->cooked, string, len);
data/flickcurl-1.26/src/tags.c:342:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tags_count = atoi(attr_value);
data/flickcurl-1.26/src/tags.c:359:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag_name, (const char*)chnode->children->content, len + 1);
data/flickcurl-1.26/src/ticket.c:115:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/ticket.c:118:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->id = atoi(attr_value);
data/flickcurl-1.26/src/ticket.c:121:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->complete = atoi(attr_value);
data/flickcurl-1.26/src/ticket.c:124:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->photoid = atoi(attr_value);
data/flickcurl-1.26/src/ticket.c:127:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->invalid = atoi(attr_value);
data/flickcurl-1.26/src/upload-api.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_public_s[2];
data/flickcurl-1.26/src/upload-api.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_friend_s[2];
data/flickcurl-1.26/src/upload-api.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_family_s[2];
data/flickcurl-1.26/src/upload-api.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safety_level_s[2];
data/flickcurl-1.26/src/upload-api.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char content_type_s[2];
data/flickcurl-1.26/src/upload-api.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hidden_s[2];
data/flickcurl-1.26/src/upload-api.c:240:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char async_s[2];
data/flickcurl-1.26/src/user_upload_status.c:102:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u->username, chnode->content, len + 1);
data/flickcurl-1.26/src/user_upload_status.c:108:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int attr_value = atoi((const char*)attr->children->content);
data/flickcurl-1.26/src/user_upload_status.c:125:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int attr_value = atoi((const char*)attr->children->content);
data/flickcurl-1.26/src/user_upload_status.c:138:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(attr_value, attr->children->content, attr_len + 1);
data/flickcurl-1.26/src/user_upload_status.c:141:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
u->sets_created = atoi(attr_value);
data/flickcurl-1.26/src/video.c:111:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int attr_value = atoi((const char*)attr->children->content);
data/flickcurl-1.26/src/vsnprintf.c:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty_buffer[1];
data/flickcurl-1.26/utils/cmdline.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(flickcurl_cmdline_config_path, config_filename, config_len + 1);
data/flickcurl-1.26/utils/codegen.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[50];
data/flickcurl-1.26/utils/codegen.c:142:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
request_delay = atoi(optarg);
data/flickcurl-1.26/utils/codegen.c:228:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(section, "flickr.");
data/flickcurl-1.26/utils/codegen.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char function_name[100];
data/flickcurl-1.26/utils/codegen.c:326:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(function_name, "flickcurl_");
data/flickcurl-1.26/utils/commands.c:637:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pop_count = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:756:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:1213:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
date_taken_granularity = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:1260:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int perm_comment = atoi(argv[5]);
data/flickcurl-1.26/utils/commands.c:1261:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int perm_addmeta = atoi(argv[6]);
data/flickcurl-1.26/utils/commands.c:1488:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.accuracy = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1492:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.safe_search = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1497:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.content_type = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1531:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.lat = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1535:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.lon = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1539:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.radius = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1552:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.woe_id = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1556:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params.geo_context = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:1664:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int accuracy = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:1700:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_x = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:1701:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_y = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:1702:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_w = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:1703:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_h = atoi(argv[5]);
data/flickcurl-1.26/utils/commands.c:1732:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_x = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:1733:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_y = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:1734:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_w = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:1735:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int note_h = atoi(argv[5]);
data/flickcurl-1.26/utils/commands.c:1748:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int license_id = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:2136:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_date = atoi(argv[1]);
data/flickcurl-1.26/utils/commands.c:2226:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
privacy_filter = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:2387:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cat_id = atoi(argv[1]);
data/flickcurl-1.26/utils/commands.c:2496:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int degrees = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:2850:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int accuracy = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:2976:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:2980:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threshold = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:3012:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:3056:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:3306:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:3309:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threshold = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:3320:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_upload_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3323:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_upload_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3326:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_taken_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3329:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_taken_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3416:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
date_lastupload = atoi(argv[1]);
data/flickcurl-1.26/utils/commands.c:3476:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[2]);
data/flickcurl-1.26/utils/commands.c:3516:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3524:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_upload_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3527:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_upload_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3530:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
min_taken_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3533:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
max_taken_date = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3769:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
added_since = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:3804:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
date_lastcomment = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:3902:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
woe_id = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:3985:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_x = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:3986:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_y = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:3987:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_w = atoi(argv[5]);
data/flickcurl-1.26/utils/commands.c:3988:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_h = atoi(argv[6]);
data/flickcurl-1.26/utils/commands.c:4020:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_x = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:4021:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_y = atoi(argv[4]);
data/flickcurl-1.26/utils/commands.c:4022:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_w = atoi(argv[5]);
data/flickcurl-1.26/utils/commands.c:4023:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int person_h = atoi(argv[6]);
data/flickcurl-1.26/utils/commands.c:4602:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
safe_search = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:4617:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
content_type = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:4620:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
privacy_filter = atoi(argv[0]);
data/flickcurl-1.26/utils/commands.c:4828:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_prev = atoi(argv[3]);
data/flickcurl-1.26/utils/commands.c:4832:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_next = atoi(argv[4]);
data/flickcurl-1.26/utils/flickcurl.c:333:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
request_delay = atoi(optarg);
data/flickcurl-1.26/utils/flickcurl.c:343:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output_fh = fopen(output_filename, "w");
data/flickcurl-1.26/utils/flickrdf.c:239:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
request_delay = atoi(optarg);
data/flickcurl-1.26/utils/raptor_fake.c:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u, uri_string, len + 1);
data/flickcurl-1.26/utils/raptor_fake.c:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newu, uri, len1);
data/flickcurl-1.26/utils/raptor_fake.c:80:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newu + len1, local_name, len2 + 1);
data/flickcurl-1.26/utils/raptor_fake.c:114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newt->value.blank.string, blank, blank_len + 1);
data/flickcurl-1.26/utils/raptor_fake.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newt->value.literal.string, literal, literal_len + 1);
data/flickcurl-1.26/src/activity.c:116:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/activity.c:141:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/activity.c:192:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/activity.c:254:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/args.c:93:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/args.c:103:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/auth-api.c:308:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->token_len = strlen(auth_token);
data/flickcurl-1.26/src/auth-api.c:310:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->token_secret_len = strlen(auth_token_secret);
data/flickcurl-1.26/src/blog.c:110:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/blog.c:226:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/blog.c:241:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/category.c:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/collection.c:183:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xpathExpr_len = strlen((const char*)xpathExpr);
data/flickcurl-1.26/src/comments.c:124:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/comments.c:149:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/common.c:229:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flickcurl_flickr_service_uri);
data/flickcurl-1.26/src/common.c:233:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flickcurl_flickr_upload_service_uri);
data/flickcurl-1.26/src/common.c:237:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flickcurl_flickr_replace_service_uri);
data/flickcurl-1.26/src/common.c:241:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flickcurl_flickr_oauth_request_token_uri);
data/flickcurl-1.26/src/common.c:245:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flickcurl_flickr_oauth_access_token_uri);
data/flickcurl-1.26/src/common.c:478:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(user_agent);
data/flickcurl-1.26/src/common.c:499:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(proxy);
data/flickcurl-1.26/src/common.c:524:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += 1 + strlen(value); /* " "+value */
data/flickcurl-1.26/src/common.c:565:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uri);
data/flickcurl-1.26/src/common.c:595:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uri);
data/flickcurl-1.26/src/common.c:625:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uri);
data/flickcurl-1.26/src/common.c:654:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(api_key);
data/flickcurl-1.26/src/common.c:698:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(secret);
data/flickcurl-1.26/src/common.c:737:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(auth_token);
data/flickcurl-1.26/src/common.c:996:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(msec * 1000);
data/flickcurl-1.26/src/common.c:1139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(uri_string);
data/flickcurl-1.26/src/common.c:1462:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen(attr_value);
data/flickcurl-1.26/src/common.c:1710:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((char*)node->children->content);
data/flickcurl-1.26/src/common.c:1936:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(array[i])+1;
data/flickcurl-1.26/src/common.c:1945:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t item_len = strlen(array[i]);
data/flickcurl-1.26/src/config.c:82:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section_len = strlen(section);
data/flickcurl-1.26/src/config.c:93:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fh);
data/flickcurl-1.26/src/contacts.c:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/context.c:160:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/exif.c:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/exif.c:148:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/exif.c:152:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/gallery.c:139:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/gallery.c:185:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/gallery.c:191:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/group.c:126:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/group.c:179:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/group.c:229:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/legacy-auth.c:112:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(method);
data/flickcurl-1.26/src/legacy-auth.c:136:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fc_uri_len = strlen(service_uri);
data/flickcurl-1.26/src/legacy-auth.c:145:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t param_len = strlen(fc->parameters[i][0]);
data/flickcurl-1.26/src/legacy-auth.c:148:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values_len[i] = strlen(fc->parameters[i][1]);
data/flickcurl-1.26/src/legacy-auth.c:165:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(upload_field);
data/flickcurl-1.26/src/legacy-auth.c:169:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(upload_value);
data/flickcurl-1.26/src/legacy-auth.c:180:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secret_len = strlen(fc->secret);
data/flickcurl-1.26/src/legacy-auth.c:183:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += strlen(fc->parameters[i][0]) + values_len[i];
data/flickcurl-1.26/src/legacy-auth.c:191:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fc->parameters[i][0]);
data/flickcurl-1.26/src/legacy-auth.c:253:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fc->parameters[i][0]);
data/flickcurl-1.26/src/legacy-auth.c:263:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/flickcurl-1.26/src/legacy-auth.c:283:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FLICKCURL_ASSERT((strlen(fc->uri) != fc_uri_len),
data/flickcurl-1.26/src/location.c:93:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_value_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/machinetags.c:101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/machinetags.c:120:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/machinetags.c:252:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/machinetags.c:277:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/md5.c:337:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(string);
data/flickcurl-1.26/src/members.c:118:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/note.c:99:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/note.c:132:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/oauth.c:337:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(method);
data/flickcurl-1.26/src/oauth.c:425:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fc_uri_len = strlen(service_uri);
data/flickcurl-1.26/src/oauth.c:433:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t param_len = strlen(fc->parameters[i][0]);
data/flickcurl-1.26/src/oauth.c:436:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values_len[i] = strlen(fc->parameters[i][1]);
data/flickcurl-1.26/src/oauth.c:458:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(upload_field);
data/flickcurl-1.26/src/oauth.c:465:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(upload_value);
data/flickcurl-1.26/src/oauth.c:487:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
param_buf_len += strlen(fc->parameters[i][0]) + 3 + (3 * values_len[i]) + 3;
data/flickcurl-1.26/src/oauth.c:497:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fc->parameters[i][0]);
data/flickcurl-1.26/src/oauth.c:506:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped_value_len = strlen(escaped_value);
data/flickcurl-1.26/src/oauth.c:518:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len += (3 * strlen(service_uri));
data/flickcurl-1.26/src/oauth.c:535:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped_value_len = strlen(escaped_value);
data/flickcurl-1.26/src/oauth.c:543:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped_value_len = strlen(escaped_value);
data/flickcurl-1.26/src/oauth.c:561:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->data_len = strlen((const char*)od->data);
data/flickcurl-1.26/src/oauth.c:633:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fc->parameters[i][0]);
data/flickcurl-1.26/src/oauth.c:639:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(value);
data/flickcurl-1.26/src/oauth.c:654:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t m_len = strlen(fc->uri);
data/flickcurl-1.26/src/oauth.c:755:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(request_token);
data/flickcurl-1.26/src/oauth.c:760:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(request_token_secret);
data/flickcurl-1.26/src/oauth.c:812:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(flickcurl_flickr_oauth_authorize_uri);
data/flickcurl-1.26/src/oauth.c:866:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->verifier_len = strlen(verifier);
data/flickcurl-1.26/src/oauth.c:908:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(access_token);
data/flickcurl-1.26/src/oauth.c:913:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(access_token_secret);
data/flickcurl-1.26/src/oauth.c:919:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(username);
data/flickcurl-1.26/src/oauth.c:929:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(user_nsid);
data/flickcurl-1.26/src/oauth.c:1017:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(client_key);
data/flickcurl-1.26/src/oauth.c:1044:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(client_secret);
data/flickcurl-1.26/src/oauth.c:1086:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(token);
data/flickcurl-1.26/src/oauth.c:1156:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(secret);
data/flickcurl-1.26/src/oauth.c:1216:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(token);
data/flickcurl-1.26/src/oauth.c:1245:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(secret);
data/flickcurl-1.26/src/oauth.c:1298:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->client_secret_len = strlen(od->client_secret);
data/flickcurl-1.26/src/oauth.c:1302:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->token_secret_len = strlen(od->token_secret);
data/flickcurl-1.26/src/oauth.c:1316:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->client_key_len = strlen(od->client_key);
data/flickcurl-1.26/src/oauth.c:1341:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->client_key_len = strlen(od->client_key);
data/flickcurl-1.26/src/oauth.c:1368:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
od->data_len = strlen(http_request_method) +
data/flickcurl-1.26/src/oauth.c:1370:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(uri_base_string) * 3) + /* PESSIMAL; every char %-escaped */
data/flickcurl-1.26/src/oauth.c:1372:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(request_parameters) * 3); /* PESSIMAL */
data/flickcurl-1.26/src/oauth.c:1380:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(http_request_method);
data/flickcurl-1.26/src/oauth.c:1386:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped_s = curl_escape(uri_base_string, strlen(uri_base_string));
data/flickcurl-1.26/src/oauth.c:1387:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(escaped_s);
data/flickcurl-1.26/src/oauth.c:1394:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped_s = curl_escape(request_parameters, strlen(request_parameters));
data/flickcurl-1.26/src/oauth.c:1395:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(escaped_s);
data/flickcurl-1.26/src/oauth.c:1446:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
escaped_s_len = strlen(escaped_s);
data/flickcurl-1.26/src/panda-api.c:80:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/perms.c:85:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/person.c:246:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xpathExpr_len = strlen((const char*)xpathExpr);
data/flickcurl-1.26/src/photo.c:205:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/flickcurl-1.26/src/photo.c:231:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/flickcurl-1.26/src/photo.c:421:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/flickcurl-1.26/src/photo.c:980:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xpathExpr_len = strlen((const char*)xpathExpr);
data/flickcurl-1.26/src/photo.c:1239:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
format_len = strlen(format);
data/flickcurl-1.26/src/photo.c:1251:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t xpathExprLen = strlen((const char*)xpathExpr);
data/flickcurl-1.26/src/photos-api.c:514:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/photos-licenses-api.c:116:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/photos-licenses-api.c:129:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(attr_value))
data/flickcurl-1.26/src/photoset.c:129:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/photoset.c:163:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/photoset.c:169:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/place.c:692:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/place.c:710:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/reflection-api.c:113:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/serializer.c:155:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namespace_table[i].uri_len = strlen(namespace_table[i].uri);
data/flickcurl-1.26/src/serializer.c:156:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namespace_table[i].prefix_len = strlen(namespace_table[i].prefix);
data/flickcurl-1.26/src/serializer.c:223:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns->prefix_len = strlen(prefix);
data/flickcurl-1.26/src/serializer.c:224:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ns->uri_len = strlen(uri);
data/flickcurl-1.26/src/serializer.c:243:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_len = prefix ? strlen(prefix) : 0;
data/flickcurl-1.26/src/serializer.c:244:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t uri_len = nspace_uri ? strlen(nspace_uri) : 0;
data/flickcurl-1.26/src/serializer.c:280:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_len = strlen(prefix);
data/flickcurl-1.26/src/serializer.c:614:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_len = strlen(v);
data/flickcurl-1.26/src/size.c:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/stat.c:132:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/tags.c:122:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/tags.c:162:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/tags.c:168:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/tags.c:356:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->children->content);
data/flickcurl-1.26/src/ticket.c:110:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/src/user_upload_status.c:98:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((const char*)chnode->content);
data/flickcurl-1.26/src/user_upload_status.c:133:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t attr_len = strlen((const char*)attr->children->content);
data/flickcurl-1.26/utils/cmdline.c:61:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
config_len += strlen(home) + 1;
data/flickcurl-1.26/utils/codegen.c:239:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
section_len = strlen(section);
data/flickcurl-1.26/utils/commands.c:1106:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tags_len+= strlen(argv[i])+1;
data/flickcurl-1.26/utils/commands.c:1111:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tag_len = strlen(argv[i]);
data/flickcurl-1.26/utils/commands.c:1112:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, argv[i], tag_len); p+= tag_len;
data/flickcurl-1.26/utils/commands.c:1569:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tags_len+= strlen(argv[j])+1;
data/flickcurl-1.26/utils/commands.c:1574:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tag_len = strlen(argv[j]);
data/flickcurl-1.26/utils/commands.c:1575:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, argv[j], tag_len); p+= tag_len;
data/flickcurl-1.26/utils/flickrdf.c:201:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prefix_uri_len = strlen(prefix_uri);
data/flickcurl-1.26/utils/flickrdf.c:308:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(photo_id);
data/flickcurl-1.26/utils/raptor_fake.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char*)uri_string);
data/flickcurl-1.26/utils/raptor_fake.c:75:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen((const char*)uri);
data/flickcurl-1.26/utils/raptor_fake.c:76:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen((const char*)local_name);
data/flickcurl-1.26/utils/raptor_fake.c:108:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blank_len = strlen((const char*)blank);
data/flickcurl-1.26/utils/raptor_fake.c:152:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
literal_len = strlen((const char*)literal);
ANALYSIS SUMMARY:
Hits = 921
Lines analyzed = 41208 in approximately 2.22 seconds (18579 lines/second)
Physical Source Lines of Code (SLOC) = 26020
Hits@level = [0] 409 [1] 162 [2] 707 [3] 13 [4] 39 [5] 0
Hits@level+ = [0+] 1330 [1+] 921 [2+] 759 [3+] 52 [4+] 39 [5+] 0
Hits/KSLOC@level+ = [0+] 51.1145 [1+] 35.3958 [2+] 29.1699 [3+] 1.99846 [4+] 1.49885 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.