Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fontforge-20201107~dfsg/Unicode/ArabicForms.c
Examining data/fontforge-20201107~dfsg/Unicode/char.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/alphabet.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/big5.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/big5hkscs.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/gb2312.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_1.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_10.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_11.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_13.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_14.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_15.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_16.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_2.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_3.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_4.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_5.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_6.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_7.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_8.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_9.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/jis.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/jis201.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/johab.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/ksc5601.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/mac.c
Examining data/fontforge-20201107~dfsg/Unicode/charset/win.c
Examining data/fontforge-20201107~dfsg/Unicode/combiners.h
Examining data/fontforge-20201107~dfsg/Unicode/dump.c
Examining data/fontforge-20201107~dfsg/Unicode/gwwiconv.c
Examining data/fontforge-20201107~dfsg/Unicode/is_Ligature.c
Examining data/fontforge-20201107~dfsg/Unicode/is_Ligature_data.h
Examining data/fontforge-20201107~dfsg/Unicode/makebuildtables.c
Examining data/fontforge-20201107~dfsg/Unicode/makeutype.c
Examining data/fontforge-20201107~dfsg/Unicode/memory.c
Examining data/fontforge-20201107~dfsg/Unicode/ucharmap.c
Examining data/fontforge-20201107~dfsg/Unicode/unialt.c
Examining data/fontforge-20201107~dfsg/Unicode/ustring.c
Examining data/fontforge-20201107~dfsg/Unicode/utype.c
Examining data/fontforge-20201107~dfsg/contrib/admintools/copyright.c
Examining data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c
Examining data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c
Examining data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c
Examining data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan2.c
Examining data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/findtable.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp
Examining data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/stripttc.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c
Examining data/fontforge-20201107~dfsg/contrib/fonttools/woff.c
Examining data/fontforge-20201107~dfsg/fontforge/PfEd.h
Examining data/fontforge-20201107~dfsg/fontforge/activeinui.c
Examining data/fontforge-20201107~dfsg/fontforge/asmfpst.c
Examining data/fontforge-20201107~dfsg/fontforge/asmfpst.h
Examining data/fontforge-20201107~dfsg/fontforge/autohint.c
Examining data/fontforge-20201107~dfsg/fontforge/autohint.h
Examining data/fontforge-20201107~dfsg/fontforge/autosave.c
Examining data/fontforge-20201107~dfsg/fontforge/autosave.h
Examining data/fontforge-20201107~dfsg/fontforge/autotrace.c
Examining data/fontforge-20201107~dfsg/fontforge/autotrace.h
Examining data/fontforge-20201107~dfsg/fontforge/autowidth.c
Examining data/fontforge-20201107~dfsg/fontforge/autowidth.h
Examining data/fontforge-20201107~dfsg/fontforge/autowidth2.c
Examining data/fontforge-20201107~dfsg/fontforge/autowidth2.h
Examining data/fontforge-20201107~dfsg/fontforge/baseviews.h
Examining data/fontforge-20201107~dfsg/fontforge/bezctx_ff.c
Examining data/fontforge-20201107~dfsg/fontforge/bezctx_ff.h
Examining data/fontforge-20201107~dfsg/fontforge/bitmapchar.c
Examining data/fontforge-20201107~dfsg/fontforge/bitmapchar.h
Examining data/fontforge-20201107~dfsg/fontforge/bitmapcontrol.c
Examining data/fontforge-20201107~dfsg/fontforge/bitmapcontrol.h
Examining data/fontforge-20201107~dfsg/fontforge/bvedit.c
Examining data/fontforge-20201107~dfsg/fontforge/bvedit.h
Examining data/fontforge-20201107~dfsg/fontforge/clipnoui.c
Examining data/fontforge-20201107~dfsg/fontforge/clipnoui.h
Examining data/fontforge-20201107~dfsg/fontforge/crctab.c
Examining data/fontforge-20201107~dfsg/fontforge/crctab.h
Examining data/fontforge-20201107~dfsg/fontforge/cvexport.c
Examining data/fontforge-20201107~dfsg/fontforge/cvexport.h
Examining data/fontforge-20201107~dfsg/fontforge/cvimages.c
Examining data/fontforge-20201107~dfsg/fontforge/cvimages.h
Examining data/fontforge-20201107~dfsg/fontforge/cvundoes.c
Examining data/fontforge-20201107~dfsg/fontforge/cvundoes.h
Examining data/fontforge-20201107~dfsg/fontforge/delta.h
Examining data/fontforge-20201107~dfsg/fontforge/dumpbdf.c
Examining data/fontforge-20201107~dfsg/fontforge/dumpbdf.h
Examining data/fontforge-20201107~dfsg/fontforge/dumppfa.c
Examining data/fontforge-20201107~dfsg/fontforge/dumppfa.h
Examining data/fontforge-20201107~dfsg/fontforge/edgelist.h
Examining data/fontforge-20201107~dfsg/fontforge/edgelist2.h
Examining data/fontforge-20201107~dfsg/fontforge/effects.c
Examining data/fontforge-20201107~dfsg/fontforge/effects.h
Examining data/fontforge-20201107~dfsg/fontforge/encoding.c
Examining data/fontforge-20201107~dfsg/fontforge/encoding.h
Examining data/fontforge-20201107~dfsg/fontforge/featurefile.c
Examining data/fontforge-20201107~dfsg/fontforge/featurefile.h
Examining data/fontforge-20201107~dfsg/fontforge/fffreetype.h
Examining data/fontforge-20201107~dfsg/fontforge/ffpython.h
Examining data/fontforge-20201107~dfsg/fontforge/flaglist.c
Examining data/fontforge-20201107~dfsg/fontforge/flaglist.h
Examining data/fontforge-20201107~dfsg/fontforge/fontforge.h
Examining data/fontforge-20201107~dfsg/fontforge/fontforgeui.h
Examining data/fontforge-20201107~dfsg/fontforge/fontforgevw.h
Examining data/fontforge-20201107~dfsg/fontforge/fontviewbase.c
Examining data/fontforge-20201107~dfsg/fontforge/freetype.c
Examining data/fontforge-20201107~dfsg/fontforge/ftdelta.c
Examining data/fontforge-20201107~dfsg/fontforge/fvcomposite.c
Examining data/fontforge-20201107~dfsg/fontforge/fvcomposite.h
Examining data/fontforge-20201107~dfsg/fontforge/fvfonts.c
Examining data/fontforge-20201107~dfsg/fontforge/fvfonts.h
Examining data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c
Examining data/fontforge-20201107~dfsg/fontforge/fvimportbdf.h
Examining data/fontforge-20201107~dfsg/fontforge/fvmetrics.c
Examining data/fontforge-20201107~dfsg/fontforge/fvmetrics.h
Examining data/fontforge-20201107~dfsg/fontforge/glif_name_hash.c
Examining data/fontforge-20201107~dfsg/fontforge/glif_name_hash.h
Examining data/fontforge-20201107~dfsg/fontforge/glyphcomp.c
Examining data/fontforge-20201107~dfsg/fontforge/glyphcomp.h
Examining data/fontforge-20201107~dfsg/fontforge/groups.c
Examining data/fontforge-20201107~dfsg/fontforge/groups.h
Examining data/fontforge-20201107~dfsg/fontforge/ikarus.c
Examining data/fontforge-20201107~dfsg/fontforge/ikarus.h
Examining data/fontforge-20201107~dfsg/fontforge/langfreq.c
Examining data/fontforge-20201107~dfsg/fontforge/langfreq.h
Examining data/fontforge-20201107~dfsg/fontforge/lookups.c
Examining data/fontforge-20201107~dfsg/fontforge/lookups.h
Examining data/fontforge-20201107~dfsg/fontforge/macbinary.c
Examining data/fontforge-20201107~dfsg/fontforge/macbinary.h
Examining data/fontforge-20201107~dfsg/fontforge/macenc.c
Examining data/fontforge-20201107~dfsg/fontforge/macenc.h
Examining data/fontforge-20201107~dfsg/fontforge/mathconstants.c
Examining data/fontforge-20201107~dfsg/fontforge/mathconstants.h
Examining data/fontforge-20201107~dfsg/fontforge/mem.c
Examining data/fontforge-20201107~dfsg/fontforge/mem.h
Examining data/fontforge-20201107~dfsg/fontforge/mm.c
Examining data/fontforge-20201107~dfsg/fontforge/mm.h
Examining data/fontforge-20201107~dfsg/fontforge/namehash.h
Examining data/fontforge-20201107~dfsg/fontforge/namelist.c
Examining data/fontforge-20201107~dfsg/fontforge/namelist.h
Examining data/fontforge-20201107~dfsg/fontforge/nonlineartrans.c
Examining data/fontforge-20201107~dfsg/fontforge/nonlineartrans.h
Examining data/fontforge-20201107~dfsg/fontforge/noprefs.c
Examining data/fontforge-20201107~dfsg/fontforge/nouiutil.c
Examining data/fontforge-20201107~dfsg/fontforge/nowakowskittfinstr.c
Examining data/fontforge-20201107~dfsg/fontforge/ofl.c
Examining data/fontforge-20201107~dfsg/fontforge/ofl.h
Examining data/fontforge-20201107~dfsg/fontforge/othersubrs.c
Examining data/fontforge-20201107~dfsg/fontforge/othersubrs.h
Examining data/fontforge-20201107~dfsg/fontforge/palmfonts.c
Examining data/fontforge-20201107~dfsg/fontforge/palmfonts.h
Examining data/fontforge-20201107~dfsg/fontforge/parsepdf.c
Examining data/fontforge-20201107~dfsg/fontforge/parsepdf.h
Examining data/fontforge-20201107~dfsg/fontforge/parsepfa.c
Examining data/fontforge-20201107~dfsg/fontforge/parsepfa.h
Examining data/fontforge-20201107~dfsg/fontforge/parsettf.c
Examining data/fontforge-20201107~dfsg/fontforge/parsettf.h
Examining data/fontforge-20201107~dfsg/fontforge/parsettfatt.c
Examining data/fontforge-20201107~dfsg/fontforge/parsettfatt.h
Examining data/fontforge-20201107~dfsg/fontforge/parsettfbmf.c
Examining data/fontforge-20201107~dfsg/fontforge/parsettfbmf.h
Examining data/fontforge-20201107~dfsg/fontforge/parsettfvar.c
Examining data/fontforge-20201107~dfsg/fontforge/parsettfvar.h
Examining data/fontforge-20201107~dfsg/fontforge/print.c
Examining data/fontforge-20201107~dfsg/fontforge/print.h
Examining data/fontforge-20201107~dfsg/fontforge/psfont.h
Examining data/fontforge-20201107~dfsg/fontforge/psread.c
Examining data/fontforge-20201107~dfsg/fontforge/psread.h
Examining data/fontforge-20201107~dfsg/fontforge/pua.c
Examining data/fontforge-20201107~dfsg/fontforge/pua.h
Examining data/fontforge-20201107~dfsg/fontforge/python.c
Examining data/fontforge-20201107~dfsg/fontforge/savefont.c
Examining data/fontforge-20201107~dfsg/fontforge/savefont.h
Examining data/fontforge-20201107~dfsg/fontforge/scriptfuncs.h
Examining data/fontforge-20201107~dfsg/fontforge/scripting.c
Examining data/fontforge-20201107~dfsg/fontforge/scripting.h
Examining data/fontforge-20201107~dfsg/fontforge/scstyles.c
Examining data/fontforge-20201107~dfsg/fontforge/scstyles.h
Examining data/fontforge-20201107~dfsg/fontforge/sd.h
Examining data/fontforge-20201107~dfsg/fontforge/search.c
Examining data/fontforge-20201107~dfsg/fontforge/search.h
Examining data/fontforge-20201107~dfsg/fontforge/sfd.c
Examining data/fontforge-20201107~dfsg/fontforge/sfd.h
Examining data/fontforge-20201107~dfsg/fontforge/sfd1.c
Examining data/fontforge-20201107~dfsg/fontforge/sfd1.h
Examining data/fontforge-20201107~dfsg/fontforge/sflayout.c
Examining data/fontforge-20201107~dfsg/fontforge/sflayoutP.h
Examining data/fontforge-20201107~dfsg/fontforge/spiro.c
Examining data/fontforge-20201107~dfsg/fontforge/spiro.h
Examining data/fontforge-20201107~dfsg/fontforge/splinechar.c
Examining data/fontforge-20201107~dfsg/fontforge/splinefill.c
Examining data/fontforge-20201107~dfsg/fontforge/splinefill.h
Examining data/fontforge-20201107~dfsg/fontforge/splinefit.c
Examining data/fontforge-20201107~dfsg/fontforge/splinefit.h
Examining data/fontforge-20201107~dfsg/fontforge/splinefont.c
Examining data/fontforge-20201107~dfsg/fontforge/splinefont.h
Examining data/fontforge-20201107~dfsg/fontforge/splineorder2.c
Examining data/fontforge-20201107~dfsg/fontforge/splineorder2.h
Examining data/fontforge-20201107~dfsg/fontforge/splineoverlap.c
Examining data/fontforge-20201107~dfsg/fontforge/splineoverlap.h
Examining data/fontforge-20201107~dfsg/fontforge/splinerefigure.c
Examining data/fontforge-20201107~dfsg/fontforge/splinerefigure.h
Examining data/fontforge-20201107~dfsg/fontforge/splinesave.c
Examining data/fontforge-20201107~dfsg/fontforge/splinesave.h
Examining data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c
Examining data/fontforge-20201107~dfsg/fontforge/splinesaveafm.h
Examining data/fontforge-20201107~dfsg/fontforge/splinestroke.c
Examining data/fontforge-20201107~dfsg/fontforge/splinestroke.h
Examining data/fontforge-20201107~dfsg/fontforge/splineutil.c
Examining data/fontforge-20201107~dfsg/fontforge/splineutil.h
Examining data/fontforge-20201107~dfsg/fontforge/splineutil2.c
Examining data/fontforge-20201107~dfsg/fontforge/splineutil2.h
Examining data/fontforge-20201107~dfsg/fontforge/start.c
Examining data/fontforge-20201107~dfsg/fontforge/start.h
Examining data/fontforge-20201107~dfsg/fontforge/stemdb.c
Examining data/fontforge-20201107~dfsg/fontforge/stemdb.h
Examining data/fontforge-20201107~dfsg/fontforge/svg.c
Examining data/fontforge-20201107~dfsg/fontforge/svg.h
Examining data/fontforge-20201107~dfsg/fontforge/tottf.c
Examining data/fontforge-20201107~dfsg/fontforge/tottf.h
Examining data/fontforge-20201107~dfsg/fontforge/tottfaat.c
Examining data/fontforge-20201107~dfsg/fontforge/tottfaat.h
Examining data/fontforge-20201107~dfsg/fontforge/tottfgpos.c
Examining data/fontforge-20201107~dfsg/fontforge/tottfgpos.h
Examining data/fontforge-20201107~dfsg/fontforge/tottfvar.c
Examining data/fontforge-20201107~dfsg/fontforge/tottfvar.h
Examining data/fontforge-20201107~dfsg/fontforge/ttf.h
Examining data/fontforge-20201107~dfsg/fontforge/ttfinstrs.c
Examining data/fontforge-20201107~dfsg/fontforge/ttfinstrs.h
Examining data/fontforge-20201107~dfsg/fontforge/ttfspecial.c
Examining data/fontforge-20201107~dfsg/fontforge/ttfspecial.h
Examining data/fontforge-20201107~dfsg/fontforge/ufo.c
Examining data/fontforge-20201107~dfsg/fontforge/uiinterface.h
Examining data/fontforge-20201107~dfsg/fontforge/unicoderange.c
Examining data/fontforge-20201107~dfsg/fontforge/unicoderange.h
Examining data/fontforge-20201107~dfsg/fontforge/utanvec.c
Examining data/fontforge-20201107~dfsg/fontforge/utanvec.h
Examining data/fontforge-20201107~dfsg/fontforge/views.h
Examining data/fontforge-20201107~dfsg/fontforge/winfonts.c
Examining data/fontforge-20201107~dfsg/fontforge/winfonts.h
Examining data/fontforge-20201107~dfsg/fontforge/woff.c
Examining data/fontforge-20201107~dfsg/fontforge/woff.h
Examining data/fontforge-20201107~dfsg/fontforge/woff2.cc
Examining data/fontforge-20201107~dfsg/fontforge/zapfnomen.c
Examining data/fontforge-20201107~dfsg/fontforge/zapfnomen.h
Examining data/fontforge-20201107~dfsg/fontforgeexe/alignment.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/bitmapdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/charview.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/charview_private.h
Examining data/fontforge-20201107~dfsg/fontforgeexe/clipui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/combinations.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cursors.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvaddpoints.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvdgloss.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvfreehand.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvgridfit.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvhand.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvpointer.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvruler.h
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvshapes.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/cvtranstools.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/fontview.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/freetypeui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/gotodlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/histograms.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/images.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/layer2layer.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/macencui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/main.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/math.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/nonlineartransui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/openfontdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/prefs.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/problems.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/pythonui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/savefontdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/scriptingdlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/scstylesui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/searchview.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/sftextfield.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/sftextfieldP.h
Examining data/fontforge-20201107~dfsg/fontforgeexe/sfundo.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/sfundo.h
Examining data/fontforge-20201107~dfsg/fontforgeexe/showatt.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/simplifydlg.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/splashimage.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/startnoui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/startui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/statemachine.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/tilepath.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/transform.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/ttfinstrsui.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/usermenu.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/usermenu.h
Examining data/fontforge-20201107~dfsg/fontforgeexe/windowmenu.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/wordlistparser.c
Examining data/fontforge-20201107~dfsg/fontforgeexe/wordlistparser.h
Examining data/fontforge-20201107~dfsg/gdraw/choosericons.c
Examining data/fontforge-20201107~dfsg/gdraw/colorP.h
Examining data/fontforge-20201107~dfsg/gdraw/ctlvalues.c
Examining data/fontforge-20201107~dfsg/gdraw/div_tables.c
Examining data/fontforge-20201107~dfsg/gdraw/drawboxborder.c
Examining data/fontforge-20201107~dfsg/gdraw/fontP.h
Examining data/fontforge-20201107~dfsg/gdraw/gaskdlg.c
Examining data/fontforge-20201107~dfsg/gdraw/gbuttons.c
Examining data/fontforge-20201107~dfsg/gdraw/gchardlg.c
Examining data/fontforge-20201107~dfsg/gdraw/gcolor.c
Examining data/fontforge-20201107~dfsg/gdraw/gcontainer.c
Examining data/fontforge-20201107~dfsg/gdraw/gdraw.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawP.h
Examining data/fontforge-20201107~dfsg/gdraw/gdrawable.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawbuildchars.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawerror.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawgimage.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawtxt.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawtxtinit.c
Examining data/fontforge-20201107~dfsg/gdraw/gdrawwacomdriver.c
Examining data/fontforge-20201107~dfsg/gdraw/genkeysym.c
Examining data/fontforge-20201107~dfsg/gdraw/gfilechooser.c
Examining data/fontforge-20201107~dfsg/gdraw/gfiledlg.c
Examining data/fontforge-20201107~dfsg/gdraw/ggadgetP.h
Examining data/fontforge-20201107~dfsg/gdraw/ggadgets.c
Examining data/fontforge-20201107~dfsg/gdraw/ggdkcdraw.c
Examining data/fontforge-20201107~dfsg/gdraw/ggdkdraw.c
Examining data/fontforge-20201107~dfsg/gdraw/ggdkdrawP.h
Examining data/fontforge-20201107~dfsg/gdraw/ggdkdrawlogger.c
Examining data/fontforge-20201107~dfsg/gdraw/ggroupbox.c
Examining data/fontforge-20201107~dfsg/gdraw/ghvbox.c
Examining data/fontforge-20201107~dfsg/gdraw/gimageclut.c
Examining data/fontforge-20201107~dfsg/gdraw/gimagecvt.c
Examining data/fontforge-20201107~dfsg/gdraw/gimagexdraw.c
Examining data/fontforge-20201107~dfsg/gdraw/gkeysym.c
Examining data/fontforge-20201107~dfsg/gdraw/glist.c
Examining data/fontforge-20201107~dfsg/gdraw/gmatrixedit.c
Examining data/fontforge-20201107~dfsg/gdraw/gmenu.c
Examining data/fontforge-20201107~dfsg/gdraw/gprogress.c
Examining data/fontforge-20201107~dfsg/gdraw/gradio.c
Examining data/fontforge-20201107~dfsg/gdraw/gresedit.c
Examining data/fontforge-20201107~dfsg/gdraw/gresource.c
Examining data/fontforge-20201107~dfsg/gdraw/gresourceP.h
Examining data/fontforge-20201107~dfsg/gdraw/gresourceimage.c
Examining data/fontforge-20201107~dfsg/gdraw/growcol.c
Examining data/fontforge-20201107~dfsg/gdraw/gsavefiledlg.c
Examining data/fontforge-20201107~dfsg/gdraw/gscrollbar.c
Examining data/fontforge-20201107~dfsg/gdraw/gspacer.c
Examining data/fontforge-20201107~dfsg/gdraw/gtabset.c
Examining data/fontforge-20201107~dfsg/gdraw/gtextfield.c
Examining data/fontforge-20201107~dfsg/gdraw/gtextinfo.c
Examining data/fontforge-20201107~dfsg/gdraw/gwidgetP.h
Examining data/fontforge-20201107~dfsg/gdraw/gwidgets.c
Examining data/fontforge-20201107~dfsg/gdraw/gxcdraw.c
Examining data/fontforge-20201107~dfsg/gdraw/gxcdrawP.h
Examining data/fontforge-20201107~dfsg/gdraw/gxdraw.c
Examining data/fontforge-20201107~dfsg/gdraw/gxdrawP.h
Examining data/fontforge-20201107~dfsg/gdraw/hotkeys.c
Examining data/fontforge-20201107~dfsg/gdraw/xkeysyms_unicode.c
Examining data/fontforge-20201107~dfsg/gutils/dlist.c
Examining data/fontforge-20201107~dfsg/gutils/fsys.c
Examining data/fontforge-20201107~dfsg/gutils/g_giomime.c
Examining data/fontforge-20201107~dfsg/gutils/gcol.c
Examining data/fontforge-20201107~dfsg/gutils/gimage.c
Examining data/fontforge-20201107~dfsg/gutils/gimagebmpP.h
Examining data/fontforge-20201107~dfsg/gutils/gimageread.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadbmp.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadgif.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadjpeg.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadpng.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadras.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadrgb.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadtiff.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadxbm.c
Examining data/fontforge-20201107~dfsg/gutils/gimagereadxpm.c
Examining data/fontforge-20201107~dfsg/gutils/gimagewritebmp.c
Examining data/fontforge-20201107~dfsg/gutils/gimagewritegimage.c
Examining data/fontforge-20201107~dfsg/gutils/gimagewritejpeg.c
Examining data/fontforge-20201107~dfsg/gutils/gimagewritepng.c
Examining data/fontforge-20201107~dfsg/gutils/gimagewritexbm.c
Examining data/fontforge-20201107~dfsg/gutils/gimagewritexpm.c
Examining data/fontforge-20201107~dfsg/gutils/gio.c
Examining data/fontforge-20201107~dfsg/gutils/giofile.c
Examining data/fontforge-20201107~dfsg/gutils/giofuncP.h
Examining data/fontforge-20201107~dfsg/gutils/giotrans.c
Examining data/fontforge-20201107~dfsg/gutils/gutils.c
Examining data/fontforge-20201107~dfsg/gutils/gwwintl.c
Examining data/fontforge-20201107~dfsg/gutils/prefs.c
Examining data/fontforge-20201107~dfsg/gutils/unicodelibinfo.c
Examining data/fontforge-20201107~dfsg/inc/basics.h
Examining data/fontforge-20201107~dfsg/inc/carbon.h
Examining data/fontforge-20201107~dfsg/inc/chardata.h
Examining data/fontforge-20201107~dfsg/inc/charset.h
Examining data/fontforge-20201107~dfsg/inc/dlist.h
Examining data/fontforge-20201107~dfsg/inc/ffgdk.h
Examining data/fontforge-20201107~dfsg/inc/ffglib.h
Examining data/fontforge-20201107~dfsg/inc/gdraw.h
Examining data/fontforge-20201107~dfsg/inc/gfile.h
Examining data/fontforge-20201107~dfsg/inc/ggadget.h
Examining data/fontforge-20201107~dfsg/inc/gicons.h
Examining data/fontforge-20201107~dfsg/inc/gimage.h
Examining data/fontforge-20201107~dfsg/inc/gio.h
Examining data/fontforge-20201107~dfsg/inc/gkeysym.h
Examining data/fontforge-20201107~dfsg/inc/gprogress.h
Examining data/fontforge-20201107~dfsg/inc/gresedit.h
Examining data/fontforge-20201107~dfsg/inc/gresource.h
Examining data/fontforge-20201107~dfsg/inc/gutils.h
Examining data/fontforge-20201107~dfsg/inc/gwidget.h
Examining data/fontforge-20201107~dfsg/inc/gwwiconv.h
Examining data/fontforge-20201107~dfsg/inc/hotkeys.h
Examining data/fontforge-20201107~dfsg/inc/intl.h
Examining data/fontforge-20201107~dfsg/inc/prefs.h
Examining data/fontforge-20201107~dfsg/inc/unicodelibinfo.h
Examining data/fontforge-20201107~dfsg/inc/ustring.h
Examining data/fontforge-20201107~dfsg/inc/utype.h
Examining data/fontforge-20201107~dfsg/po/toengb.c
Examining data/fontforge-20201107~dfsg/pyhook/fontforgepyhook.c
Examining data/fontforge-20201107~dfsg/pyhook/psMatpyhook.c
Examining data/fontforge-20201107~dfsg/tests/link_test.c
Examining data/fontforge-20201107~dfsg/tests/randomtest.c
Examining data/fontforge-20201107~dfsg/tests/systestdriver.c

FINAL RESULTS:

data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1213:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(buffer,statb.st_mode|S_IXUSR|S_IXGRP|S_IXOTH);	/* Set the execute bits (in case it's windows) */
data/fontforge-20201107~dfsg/Unicode/dump.c:131:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, CantReadFile, alphabets[j]);
data/fontforge-20201107~dfsg/Unicode/dump.c:140:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, LineLengthBg,alphabets[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:154:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:172:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:358:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, adobecjk[j]);
data/fontforge-20201107~dfsg/Unicode/dump.c:363:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LineLengthBg,adobecjk[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:387:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:404:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:422:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, adobecjk[j]);
data/fontforge-20201107~dfsg/Unicode/dump.c:427:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LineLengthBg,adobecjk[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:451:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:471:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:557:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, adobecjk[j]);
data/fontforge-20201107~dfsg/Unicode/dump.c:565:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LineLengthBg,adobecjk[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:606:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:617:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:690:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, cjk[j] );
data/fontforge-20201107~dfsg/Unicode/dump.c:698:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LineLengthBg,cjk[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:719:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:730:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:809:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, CantReadFile, adobecjk[j]);
data/fontforge-20201107~dfsg/Unicode/dump.c:815:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, LineLengthBg,adobecjk[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:846:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:865:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:880:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:894:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			    fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:1026:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, CantReadFile, adobecjk[j]);
data/fontforge-20201107~dfsg/Unicode/dump.c:1031:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( stderr, LineLengthBg,adobecjk[j],buffer );
data/fontforge-20201107~dfsg/Unicode/dump.c:1055:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:1069:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/dump.c:1136:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( output, GeneratedFileMessage );
data/fontforge-20201107~dfsg/Unicode/dump.c:1153:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( output, GeneratedFileMessage );
data/fontforge-20201107~dfsg/Unicode/dump.c:1187:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "alphabet.c" );
data/fontforge-20201107~dfsg/Unicode/dump.c:1191:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "chardata.h" );
data/fontforge-20201107~dfsg/Unicode/dump.c:1196:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( output, GeneratedFileMessage );
data/fontforge-20201107~dfsg/Unicode/dump.c:1197:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( header, GeneratedFileMessage );
data/fontforge-20201107~dfsg/Unicode/dump.c:1213:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "cjk.c" );
data/fontforge-20201107~dfsg/Unicode/dump.c:1227:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "backtrns.c" );
data/fontforge-20201107~dfsg/Unicode/makebuildtables.c:368:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(bpt,names[i].name);
data/fontforge-20201107~dfsg/Unicode/makeutype.c:437:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LgFrcTooMany, "ligatures", "ligature", lgm, (unsigned)index );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:441:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LgFrcConfuse, "ligature", lgm, (unsigned)index );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:453:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LgFrcTooMany, "fractions", "vulgfrac", vfm, (unsigned)index );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:457:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LgFrcConfuse, "vulgfrac", vfm, (unsigned)index );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:470:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LgFrcTooMany, "fractions", "fraction", frm, (unsigned)index );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:474:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, LgFrcConfuse, "fraction", frm, (unsigned)index );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:509:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile,"UnicodeData.txt" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:514:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, LineLengthBg,"UnicodeData.txt",buffer );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:651:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(buf2, oldname);
data/fontforge-20201107~dfsg/Unicode/makeutype.c:660:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, "LineBreak.txt" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:666:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, LineLengthBg,"LineBreak.txt",buffer );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:715:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, "PropList.txt" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:722:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, LineLengthBg,"PropList.txt",buffer );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:769:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, "NamesList.txt" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:776:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, LineLengthBg,"NamesList.txt",buffer );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:817:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantReadFile, corp );		/* Not essential */
data/fontforge-20201107~dfsg/Unicode/makeutype.c:822:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( stderr, LineLengthBg,corp,buffer );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:845:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( stderr, NoMoreMemory );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:850:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(names[index],prefix); strcat(names[index],buf2);
data/fontforge-20201107~dfsg/Unicode/makeutype.c:850:35:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcpy(names[index],prefix); strcat(names[index],buf2);
data/fontforge-20201107~dfsg/Unicode/makeutype.c:862:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(name,base);
data/fontforge-20201107~dfsg/Unicode/makeutype.c:863:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(name,suffix);
data/fontforge-20201107~dfsg/Unicode/makeutype.c:916:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "ArabicForms.c" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:924:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( data, GeneratedFileMessage, UnicodeMajor, UnicodeMinor );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1083:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( data, (j==0) ? "\n  0x%02x" : ", 0x%02x", k );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1109:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( data, (j==0) ? "\n  0x" : ", 0x" ); ++j;
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1110:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( data, (tds<254) ? "%02x" : "%04x", cs );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1118:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( data, (j==0) ? "\n  0x" : ", 0x" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1119:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( data, (tds<254) ? "%02x" : "%04x", cs );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1142:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( data, (j==0) ? "\n  0x" : ", 0x" ); ++j;
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1143:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( data, (tdl<254) ? "%02x" : "%04x", cl );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1151:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( data, (j==0) ? "\n  0x" : ", 0x" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1152:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( data, (til<254) ? "%02x" : "%04x", cl );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1201:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "is_Ligature_data.h" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1213:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( data, GeneratedFileMessage, UnicodeMajor, UnicodeMinor );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1241:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf( stderr, CantSaveFile, "(utype.[ch])" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1254:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( header, GeneratedFileMessage, UnicodeMajor, UnicodeMinor );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1400:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( data, GeneratedFileMessage, UnicodeMajor, UnicodeMinor );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1578:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, CantSaveFile, "unialt.c" );
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1584:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(file, GeneratedFileMessage, UnicodeMajor, UnicodeMinor );
data/fontforge-20201107~dfsg/Unicode/memory.c:77:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(NULL, 0, fmt, args2);
data/fontforge-20201107~dfsg/Unicode/memory.c:91:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf(ret, len + 1, fmt, args);
data/fontforge-20201107~dfsg/Unicode/ustring.c:1091:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy( output, remains );
data/fontforge-20201107~dfsg/Unicode/ustring.c:1096:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat( output, replacement );
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:31:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,NEW);
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:34:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,NEW);
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:36:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,OLD);
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:38:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,NEW);
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:42:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer,pt+strlen(OLD));
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:470:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buffer,dirname);
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:472:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buffer,ent->d_name);
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:498:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,dir);
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:500:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,pattern);
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:711:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(otherdir,filename);
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:855:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer,outline.fontname);
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:178:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outname,start);
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:179:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outname+(ext-start),iscff ? ".otf" : ".ttf" );
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1004:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(family,hdr->fontname);
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1020:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( unique, "pcl2ttf: %s", hdr->fontname );
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:251:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(rdtok,temptok);
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:449:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer,"%s.decrypt", pt);
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:59:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer,name);
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:650:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf( id==0?"Copyright\n":id==1?"Family\n":id==2?"Subfamily\n":id==3?
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:2518:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf( m2b ? "\t  Mark To Base Sub Table[%d]\n" : "\t  Mark To Mark Sub Table[%d]\n", which );
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:3058:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf( lval==0 ? "Alphabetic\n" :
data/fontforge-20201107~dfsg/contrib/fonttools/stripttc.c:78:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outfile,filename);
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:1092:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%s.eps", name);
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:191:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(outname,start);
data/fontforge-20201107~dfsg/fontforge/asmfpst.c:483:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,classglyphs[i]->name);
data/fontforge-20201107~dfsg/fontforge/asmfpst.c:523:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,glyphs[i]->name);
data/fontforge-20201107~dfsg/fontforge/autosave.c:59:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buffer,"%s/autosave", dir);
data/fontforge-20201107~dfsg/fontforge/autosave.c:61:14:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if ( access(buffer,F_OK)==-1 )
data/fontforge-20201107~dfsg/fontforge/autosave.c:80:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer, "%s/auto%06x-%d.asfd", autosavedir, getpid(), ++cnt );
data/fontforge-20201107~dfsg/fontforge/autosave.c:81:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ( access(buffer,F_OK)==-1 ) {
data/fontforge-20201107~dfsg/fontforge/autosave.c:109:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%s/%s",recoverdir,entry->d_name);
data/fontforge-20201107~dfsg/fontforge/autosave.c:144:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%s/%s",recoverdir,entry->d_name);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:204:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,dir);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:209:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,P_tmpdir);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:227:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,P_tmpdir);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:276:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tempname_in,  _tempnam(NULL, "FontForge_in_"));
data/fontforge-20201107~dfsg/fontforge/autotrace.c:277:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tempname_out, _tempnam(NULL, "FontForge_out_"));
data/fontforge-20201107~dfsg/fontforge/autotrace.c:308:2:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	system(command);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:425:11:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    exit(execvp(prog,(char * const *)arglist)==-1);	/* If exec fails, then die */
data/fontforge-20201107~dfsg/fontforge/autotrace.c:502:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(rpt,args[j]);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:620:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buffer,prog);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:623:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if ( access(buffer,X_OK)!=-1 ) {
data/fontforge-20201107~dfsg/fontforge/autotrace.c:692:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(buffer,tempdir);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:694:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(buffer,ent->d_name);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:713:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,tempdir);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:719:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(eod,ent->d_name);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:790:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(arglist[1],mf_args);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:792:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(arglist[1],filename);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:807:7:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	exit(execvp(arglist[0],arglist)==-1);	/* If exec fails, then die */
data/fontforge-20201107~dfsg/fontforge/autowidth.c:1234:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(pt,sclist[i]->name);
data/fontforge-20201107~dfsg/fontforge/autowidth2.c:992:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(str,leftglyphs[j]->name);
data/fontforge-20201107~dfsg/fontforge/autowidth2.c:1027:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(str,rightglyphs[j]->name);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:324:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer , EncodingName(map->enc) );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:345:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( pt+1, "%s-%s", reg, enc);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:367:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(buffer2,bpt);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:369:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(buffer2,sf->familyname);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:371:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(buffer2,pt);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:406:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(enc, pt );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:420:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy( reg, EncodingName(map->enc) );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:425:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy( enc, pt+1 );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:486:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(family_name,fontname);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:489:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(weight_name,bold);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:493:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(weight_name,sfweight);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:496:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(stylename,style);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:501:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(squeeze,compress);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:508:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(family_name,sffamily);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:510:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,pt+1);
data/fontforge-20201107~dfsg/fontforge/cvexport.c:725:7:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		    sprintf( unicode,ch=='u' ? "%04x" : "%04X", sc->unicodeenc );
data/fontforge-20201107~dfsg/fontforge/cvimages.c:1106:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf (start, "%s/%s", dirname, entry->d_name);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:1285:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"(%g%s%g)", (double) sp->me.x, coord_sep, (double) sp->me.y );
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2887:8:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
			    sprintf(space, format, otl->lookup_name );
data/fontforge-20201107~dfsg/fontforge/dumpbdf.c:280:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( file, font->clut!=NULL ? "STARTFONT 2.3\n" :
data/fontforge-20201107~dfsg/fontforge/dumpbdf.c:436:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%s-%s.%d.bdf", font->sf->fontname, encodingname, font->pixelsize );
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:247:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf( buffer, format, args);
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2718:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%s-%d.pt3", sf->fontname, font->pixelsize );
data/fontforge-20201107~dfsg/fontforge/encoding.c:213:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(from,escape_sequence);
data/fontforge-20201107~dfsg/fontforge/encoding.c:238:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(enc->iso_2022_escape, escape_sequence);
data/fontforge-20201107~dfsg/fontforge/encoding.c:510:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%s/Encodings.ps", ffdir);
data/fontforge-20201107~dfsg/fontforge/encoding.c:904:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buffer,temp);
data/fontforge-20201107~dfsg/fontforge/encoding.c:995:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(ret,dir);
data/fontforge-20201107~dfsg/fontforge/encoding.c:997:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(ret,ent->d_name);
data/fontforge-20201107~dfsg/fontforge/encoding.c:1002:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(maybe,ent->d_name);
data/fontforge-20201107~dfsg/fontforge/encoding.c:1008:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret,dir);
data/fontforge-20201107~dfsg/fontforge/encoding.c:1010:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(ret,maybe);
data/fontforge-20201107~dfsg/fontforge/encoding.c:1086:15:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		} else if ( fscanf(f," /%s", name )==1 )
data/fontforge-20201107~dfsg/fontforge/featurefile.c:807:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(start+len,r->u.coverage.ncovers[n]);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:992:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( out, r->lookup_cnt==0 ? "    ignore pos " : "    pos " );
data/fontforge-20201107~dfsg/fontforge/featurefile.c:994:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( out, !r->u.rcoverage.replacements
data/fontforge-20201107~dfsg/fontforge/featurefile.c:998:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( out, r->lookup_cnt==0 ? "    ignore sub " : "    sub " );
data/fontforge-20201107~dfsg/fontforge/featurefile.c:1930:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( namebuf, "%s_%s_%s%s_%d", isgpos ? "pos" : "sub",
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2082:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cpt,names[i]);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2786:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt,sames->glyphs);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2840:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(glyphs+cnt,contents);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2987:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(last_glyph,tok->tokbuf); last_val = -1;
data/fontforge-20201107~dfsg/fontforge/featurefile.c:3037:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			    sprintf( last_glyph, "%.*s%c%s", (int) (start2-tok->tokbuf),
data/fontforge-20201107~dfsg/fontforge/featurefile.c:3051:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf( last_glyph, "%.*s%02d%s", (int) (start2-tok->tokbuf),
data/fontforge-20201107~dfsg/fontforge/featurefile.c:3054:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf( last_glyph, "%.*s%03d%s", (int) (start2-tok->tokbuf),
data/fontforge-20201107~dfsg/fontforge/featurefile.c:4053:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(next,temp->name);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:4085:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,g->name_or_class);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:4398:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(mult+len,g->name_or_class);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:4449:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt,sames->glyphs);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:6355:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(acs[i]->name,"%s_%d", classes[i]->name+1, classes[i]->name_used);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:7145:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(namebuf,"%s-%d", otl->lookup_name, cnt++ );
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1693:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf,old->filename);
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1696:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buf,compressors[old->compression-1].ext);
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1715:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf,old->filename);
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1716:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(buf,compressors[old->compression-1].ext);
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1827:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(uc_accent,rsc->name);
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1844:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf( buffer,"%.70s.%s", StdGlyphName(buffer,acc,ui_none,(NameList *) -1), suffixes[i]);
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1848:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf( buffer,"uni%04X.%s", acc, suffixes[i]);
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1863:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( buffer,"%.70s.%s", StdGlyphName(buffer,acc,ui_none,(NameList *) -1), suffixes[i]);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:587:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(family,buf);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:676:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mods,"%s%s", weight, italic );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:867:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(full,family);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1074:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(full,family);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1497:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(family,props[i].value);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1501:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(full,props[i].value);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1557:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mods,"%s%s", weight, italic );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1560:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(full,"%s-%s", family, mods );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1562:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(full,family);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1950:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(n,family); strcat(n," "); strcat(n,mods);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1950:38:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcpy(n,family); strcat(n," "); strcat(n,mods);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2205:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buf, "%s %s", compressors[i].decomp, filename );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2206:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ( system(buf)==0 )
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2213:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp,dir);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2215:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(temp,GFileNameTail(filename));
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2217:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( buf, "%s -c %s > %s", compressors[i].decomp, filename, temp );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2218:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    if ( system(buf)==0 )
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2232:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buf, "%s %s", compressors[i].recomp, filename );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2233:2:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	system(buf);
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:964:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( fd->diffs, U_("Glyph “%s” differs\n"), sc->name );
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:969:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(fd->diffs,format,ap);
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:971:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(fd->held,sizeof(fd->held),format,ap);
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1215:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( fd->diffs, U_("Glyph “%s” missing from %s\n"), sc->name, fd->name2 );
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1230:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( fd->diffs, U_("Glyph “%s” missing from %s\n"), sc->name, fd->name1 );
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1289:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( fd->diffs, U_("Glyph “%s” missing from %s at %d@%d\n"),
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1312:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( fd->diffs, U_("Glyph “%s” missing from %s at %d@%d\n"),
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1343:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf( fd->diffs, U_("Glyph “%s” differs at %d@%d\n"),
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1349:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf(fd->diffs,U_("Glyph “%s” has advance width %d in %s but %d in %s at %d@%d\n"),
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1355:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf(fd->diffs,U_("Glyph “%s” has vertical advance width %d in %s but %d in %s at %d@%d\n"),
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1361:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		    fprintf(fd->diffs,U_("Glyph “%s” has a different bitmap at %d@%d\n"),
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:2008:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( fd->diffs, U_("Glyph “%s” differs\n"), sc->name );
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:2015:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(fd->diffs,format,ap);
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:2017:2:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	vsnprintf(fd->held,sizeof(fd->held),format,ap);
data/fontforge-20201107~dfsg/fontforge/groups.c:90:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(buffer,"%s/groups", userConfigDir);
data/fontforge-20201107~dfsg/fontforge/ikarus.c:549:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fullname,fnam);
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2072:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,freq[cur].utf8_letter);
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2192:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,ScriptRandomChar(chrs));
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2212:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,RandomWord(lf,sf));
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2214:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,ScriptRandomWord(chrs));
data/fontforge-20201107~dfsg/fontforge/lookups.c:1609:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat( ubuf, setname );
data/fontforge-20201107~dfsg/fontforge/lookups.c:1678:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( userfriendly, "%s '%c%c%c%c'", lookuptype,
data/fontforge-20201107~dfsg/fontforge/lookups.c:1735:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( otl->lookup_name, format, userfriendly, script, otl->lookup_index );
data/fontforge-20201107~dfsg/fontforge/lookups.c:1739:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( otl->lookup_name, format, userfriendly, otl->lookup_index );
data/fontforge-20201107~dfsg/fontforge/lookups.c:1770:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( subtable->subtable_name, format, otl->lookup_name, cnt );
data/fontforge-20201107~dfsg/fontforge/lookups.c:3892:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(new+(start-base)+rlen,pt);
data/fontforge-20201107~dfsg/fontforge/lookups.c:4347:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret+len,names[i]);
data/fontforge-20201107~dfsg/fontforge/lookups.c:4926:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(newr,parsed[cnt].replacements);
data/fontforge-20201107~dfsg/fontforge/lookups.c:5070:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(rule->u.glyph.back,parsed[i].entity);
data/fontforge-20201107~dfsg/fontforge/lookups.c:5074:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(rule->u.glyph.names,parsed[i].entity);
data/fontforge-20201107~dfsg/fontforge/lookups.c:5078:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(rule->u.glyph.fore,parsed[i].entity);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1390:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buffer+1,pt);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1630:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(header.macfilename,filename);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1633:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pt+1,buffer);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1736:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(binfilename,filename);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1748:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dpt,is_dfont?".bmap.dfont":__Mac?".bmap":".bmap.bin");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1819:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tempname,filename);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1822:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt+1,buffer);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1825:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(tf,filename);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2402:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt,strings[ 0 ]+1);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2406:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pt,strings[ strings[format][k+1]-1 ]+1);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2937:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(respath,tempfn);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2941:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(respath,tempfn);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3143:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer,filename);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3148:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(spt,pt);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3168:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dpt,exten);
data/fontforge-20201107~dfsg/fontforge/mm.c:104:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ret,mm->normal->familyname);
data/fontforge-20201107~dfsg/fontforge/mm.c:107:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(hyphen+1,styles);
data/fontforge-20201107~dfsg/fontforge/mm.c:115:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,mm->normal->familyname);
data/fontforge-20201107~dfsg/fontforge/mm.c:120:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( pt, " %d%s", (int) rint(MMAxisUnmap(mm,i,normalized[i])),
data/fontforge-20201107~dfsg/fontforge/mm.c:123:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( pt, " %.1f%s", (double) MMAxisUnmap(mm,i,normalized[i]),
data/fontforge-20201107~dfsg/fontforge/mm.c:238:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,hold[j]);
data/fontforge-20201107~dfsg/fontforge/namelist.c:437:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(pt,refs[i]->name);
data/fontforge-20201107~dfsg/fontforge/namelist.c:714:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf( buffer, "%s/%s", dir, ent->d_name );
data/fontforge-20201107~dfsg/fontforge/namelist.c:761:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(space,sc->name);
data/fontforge-20201107~dfsg/fontforge/namelist.c:882:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(last,bits[i].rpl->name);
data/fontforge-20201107~dfsg/fontforge/namelist.c:886:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(last,last_orig);
data/fontforge-20201107~dfsg/fontforge/noprefs.c:448:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%s/prefs", getFontForgeUserDir(Config));
data/fontforge-20201107~dfsg/fontforge/noprefs.c:578:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,enc);
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:43:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer,sizeof(buffer),format,ap);
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:54:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer,sizeof(buffer),format,ap);
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:88:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(sf->fontname,family);
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:91:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(sf->fontname,style);
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:402:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fn,filename);
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1702:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(name, nname);
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1711:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(name, suffix);
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2195:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(rdtok,temptok);
data/fontforge-20201107~dfsg/fontforge/parsettf.c:1512:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(str+1,old);
data/fontforge-20201107~dfsg/fontforge/parsettf.c:4531:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%d (%s) %d %s %s  %s",
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5197:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(info->xuid,"[%s %d]", xuid, (rand()&0xffffff));
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:86:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(ret[class[i]]+lens[class[i]], info->chars[i]->name );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:130:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy( ret+len, info->chars[i]->name );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:195:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,info->chars[glyphs[i]]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:1918:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(str,"%s.%s", basename, pt );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:2058:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(pt,info->chars[glyph2s[j]]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:2176:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			    strcat(str,info->chars[lig_glyphs[k]]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:2181:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pt,tag);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:2204:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(pt,info->chars[lig_glyphs[k]]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3063:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( info->mark_class_names[i], format_spec, i );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3082:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf( info->mark_set_names[i], format_spec, i );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3330:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf( name, format, parent->lookup_name, nest_index );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3752:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			    strcat(comp,sm->info->chars[sm->lig_comp_glyphs[j]]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3878:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(comp,sm->info->chars[sm->lig_comp_glyphs[j]]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:4234:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(classes[st->classes2[i]],info->chars[i]->name );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:4239:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(classes[st->classes2[info->badgids[i]->orig_pos]],info->badgids[i]->name );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:4244:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(classes[st->classes[i-st->first_glyph]],info->chars[i]->name );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:4277:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(str+len,info->chars[glyph]->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:5364:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pt+len,sc->name);
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:5968:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(buffer,sizeof(buffer),format,otl->lookup_name,cnt );
data/fontforge-20201107~dfsg/fontforge/print.c:450:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer,"%s_ly%d_%s_%s", sc->name, layer,
data/fontforge-20201107~dfsg/fontforge/print.c:456:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer,"%s_trans_%g,%g,%g,%g,%g,%g_ly%d_%s_%s", sc->name,
data/fontforge-20201107~dfsg/fontforge/print.c:656:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer, "%s_ly%d_%d_image", sc->name, layer, icnt );
data/fontforge-20201107~dfsg/fontforge/print.c:1446:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(sfbit->psfontname,"%s__%d", sfbit->sf->fontname, pi->pointsize );
data/fontforge-20201107~dfsg/fontforge/print.c:1672:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(sfbit->psfontname,"%s-%x__%d", sfbit->sf->fontname, pi->lastbase,
data/fontforge-20201107~dfsg/fontforge/print.c:2912:2:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execvp(argv[0],argv);
data/fontforge-20201107~dfsg/fontforge/print.c:2915:6:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    execvp(argv[0],argv);
data/fontforge-20201107~dfsg/fontforge/print.c:3091:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buf,"pr-%.90s.%s", pi.mainsf->fontname,
data/fontforge-20201107~dfsg/fontforge/psread.c:294:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( io->fogbuf, "%d %s ", ch-233+17, io->fogns
data/fontforge-20201107~dfsg/fontforge/psread.c:865:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf( dict->entries[i].type==ps_lit ? "/" :
data/fontforge-20201107~dfsg/fontforge/psread.c:868:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf( dict->entries[i].type==ps_lit ? "" :
data/fontforge-20201107~dfsg/fontforge/psread.c:2703:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf( stack[sp].type==ps_lit ? "/" :
data/fontforge-20201107~dfsg/fontforge/psread.c:2707:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf( stack[sp].type==ps_lit ? "" :
data/fontforge-20201107~dfsg/fontforge/psread.c:2777:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf( stack[sp-1].u.str, "%s", stack[sp-2].u.tf ? "true" : "false" );
data/fontforge-20201107~dfsg/fontforge/psread.c:2780:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf( stack[sp-1].u.str, "%s", stack[sp-2].u.str );
data/fontforge-20201107~dfsg/fontforge/python.c:1964:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%s(%g,%g,%s)", Py_TYPE(self)->tp_name, (double)self->x, (double)self->y,
data/fontforge-20201107~dfsg/fontforge/python.c:1972:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"<FFPoint (%g,%g) %s>", (double)self->x, (double)self->y, self->on_curve?"on":"off" );
data/fontforge-20201107~dfsg/fontforge/python.c:2219:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, self->is_quadratic? "<Contour(quadratic)\n":"<Contour(cubic)\n");
data/fontforge-20201107~dfsg/fontforge/python.c:2222:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( pt, "  (%g,%g) %s\n", (double)self->points[i]->x, (double)self->points[i]->y,
data/fontforge-20201107~dfsg/fontforge/python.c:3869:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, self->is_quadratic? "<Layer(quadratic)\n":"<Layer(cubic)\n");
data/fontforge-20201107~dfsg/fontforge/python.c:3876:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( pt, "  (%g,%g) %s\n", (double)contour->points[j]->x, (double)contour->points[j]->y,
data/fontforge-20201107~dfsg/fontforge/python.c:6483:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    at = sprintf(repr, "<%s at 0x%p sc=0x%p",
data/fontforge-20201107~dfsg/fontforge/python.c:6486:10:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    at = sprintf(repr, "<%s at 0x%p", Py_TYPENAME(self), self);
data/fontforge-20201107~dfsg/fontforge/python.c:6499:8:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	at += sprintf( &repr[at], " \"%s\">", self->sc->name);
data/fontforge-20201107~dfsg/fontforge/python.c:7595:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,g->sc->name);
data/fontforge-20201107~dfsg/fontforge/python.c:8457:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if ( access(locfilename,R_OK)!=0 ) {
data/fontforge-20201107~dfsg/fontforge/python.c:8754:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,str);
data/fontforge-20201107~dfsg/fontforge/python.c:16380:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(locfilename,fn);
data/fontforge-20201107~dfsg/fontforge/savefont.c:111:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:139:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:143:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,sf->fontname);
data/fontforge-20201107~dfsg/fontforge/savefont.c:158:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:185:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:248:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:303:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:331:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:377:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf,filename);
data/fontforge-20201107~dfsg/fontforge/savefont.c:388:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( pt, "-%d%s", bdf->pixelsize, ext );
data/fontforge-20201107~dfsg/fontforge/savefont.c:390:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( pt, "-%d@%d%s", bdf->pixelsize, BDFDepth(bdf), ext );
data/fontforge-20201107~dfsg/fontforge/savefont.c:470:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(bpt,buffer);
data/fontforge-20201107~dfsg/fontforge/savefont.c:639:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename,newname);
data/fontforge-20201107~dfsg/fontforge/savefont.c:649:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(filename,names[subfont]);
data/fontforge-20201107~dfsg/fontforge/savefont.c:657:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt+len,pt+2);
data/fontforge-20201107~dfsg/fontforge/savefont.c:662:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp.fullname,sf->fullname);
data/fontforge-20201107~dfsg/fontforge/savefont.c:664:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp.fullname,names[subfont]);
data/fontforge-20201107~dfsg/fontforge/savefont.c:665:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(spt,subtype==ff_pfb ? ".pfb" : ".pfa" );
data/fontforge-20201107~dfsg/fontforge/savefont.c:671:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(temp.xuid,sf->xuid);
data/fontforge-20201107~dfsg/fontforge/savefont.c:676:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt+1,buf);
data/fontforge-20201107~dfsg/fontforge/savefont.c:927:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp,newname);
data/fontforge-20201107~dfsg/fontforge/savefont.c:928:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(temp,oldbitmapstate==bf_otb ? "otb" : "ttf" );
data/fontforge-20201107~dfsg/fontforge/savefont.c:938:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp,newname);
data/fontforge-20201107~dfsg/fontforge/savefont.c:1123:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(freeme,filename);
data/fontforge-20201107~dfsg/fontforge/scripting.c:408:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(errbuf,sizeof(errbuf),format,ap);
data/fontforge-20201107~dfsg/fontforge/scripting.c:694:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(c->return_val.u.sval+len,arr->vals[i].u.sval);
data/fontforge-20201107~dfsg/fontforge/scripting.c:695:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(c->return_val.u.sval+len,str2);
data/fontforge-20201107~dfsg/fontforge/scripting.c:1526:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,results[0]); pt += strlen(pt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:1532:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt,results[j]); pt += strlen(pt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:1707:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    c->return_val.u.ival = access(c->a.vals[1].u.sval,c->a.argc==3 ? c->a.vals[2].u.ival : R_OK );
data/fontforge-20201107~dfsg/fontforge/scripting.c:1819:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(temp,filename);
data/fontforge-20201107~dfsg/fontforge/scripting.c:1824:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp,filename);
data/fontforge-20201107~dfsg/fontforge/scripting.c:9774:18:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		sub.filename = strcpy(malloc(strlen(c->filename)+strlen(name)+4),c->filename);
data/fontforge-20201107~dfsg/fontforge/scripting.c:9776:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt+1,name);
data/fontforge-20201107~dfsg/fontforge/scripting.c:9782:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    sub.filename = strcpy(malloc(strlen(name)+4),name);
data/fontforge-20201107~dfsg/fontforge/scripting.c:9859:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(name,c->tok_text);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10048:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name,"%s", FONTFORGE_VERSION);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10311:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ret,val->u.sval);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10312:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ret,temp);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10540:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ret,val->u.lval->u.sval);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10541:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ret,temp);
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2069:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buffer,pt);
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2071:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,ext);
data/fontforge-20201107~dfsg/fontforge/search.c:1380:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(namebuf, "%s.ref%d", base->name, index++ );
data/fontforge-20201107~dfsg/fontforge/search.c:1394:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf( ret->comment, reason, base->name, morereason );
data/fontforge-20201107~dfsg/fontforge/sfd.c:1506:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( sfd, v ? "VKerns2:" : "Kerns2:" );
data/fontforge-20201107~dfsg/fontforge/sfd.c:1710:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf( sfd, v ? "VKerns2:" : "Kerns2:" );
data/fontforge-20201107~dfsg/fontforge/sfd.c:1814:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dest,dir);
data/fontforge-20201107~dfsg/fontforge/sfd.c:1816:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dest,dir_char);
data/fontforge-20201107~dfsg/fontforge/sfd.c:1852:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dest,ext);
data/fontforge-20201107~dfsg/fontforge/sfd.c:2873:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf( subfont,"%s/%s" SUBFONT_EXT, dirname, sf->subfonts[i]->fontname );
data/fontforge-20201107~dfsg/fontforge/sfd.c:2876:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fontprops,subfont); strcat(fontprops,"/" FONT_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:2876:30:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcpy(fontprops,subfont); strcat(fontprops,"/" FONT_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:2951:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( strike,"%s/%d" STRIKE_EXT, dirname, bdf->pixelsize );
data/fontforge-20201107~dfsg/fontforge/sfd.c:2954:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(strikeprops,strike); strcat(strikeprops,"/" STRIKE_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:2954:34:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcpy(strikeprops,strike); strcat(strikeprops,"/" STRIKE_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:2967:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(sfd, sf->cidmaster==NULL?"EndSplineFont\n":"EndSubSplineFont\n" );
data/fontforge-20201107~dfsg/fontforge/sfd.c:2980:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf( instance,"%s/mm%d" INSTANCE_EXT, dirname, mm_pos );
data/fontforge-20201107~dfsg/fontforge/sfd.c:2983:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fontprops,instance); strcat(fontprops,"/" FONT_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:2983:33:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcpy(fontprops,instance); strcat(fontprops,"/" FONT_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3108:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer,"%s/%s", filename, ent->d_name );
data/fontforge-20201107~dfsg/fontforge/sfd.c:3144:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer,"%s/%s", filename, ent->d_name );
data/fontforge-20201107~dfsg/fontforge/sfd.c:3149:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf( markerfile,"%s/" STRIKE_PROPS, buffer );
data/fontforge-20201107~dfsg/fontforge/sfd.c:3151:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf( markerfile,"%s/" FONT_PROPS, buffer );
data/fontforge-20201107~dfsg/fontforge/sfd.c:3172:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tempfilename,filename); strcat(tempfilename,"/" FONT_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3172:33:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcpy(tempfilename,filename); strcat(tempfilename,"/" FONT_PROPS);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3279:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf2,filename);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3280:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf2,compressors[sf->compression-1].ext);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3281:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf,buf2);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3321:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buf, "%s %s", compressors[sf->compression-1].recomp, filename );
data/fontforge-20201107~dfsg/fontforge/sfd.c:3322:7:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	if ( system( buf )!=0 )
data/fontforge-20201107~dfsg/fontforge/sfd.c:5283:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy( ret, line+len );
data/fontforge-20201107~dfsg/fontforge/sfd.c:6269:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name,"%s/%s", dirname, ent->d_name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7056:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(sofar+len,buffer);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7151:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name,"%s/%s", dirname, ent->d_name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7174:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name,"%s/%s", dirname, ent->d_name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7175:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(props,"%s/" FONT_PROPS, name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7199:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name,"%s/%s", dirname, ent->d_name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7200:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(props,"%s/" FONT_PROPS, name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7239:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name,"%s/%s", dirname, ent->d_name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7240:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(props,"%s/" STRIKE_PROPS, name);
data/fontforge-20201107~dfsg/fontforge/sfd.c:9077:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf(tok,sizeof(tok),"%s/" FONT_PROPS, filename );
data/fontforge-20201107~dfsg/fontforge/sfd.c:9140:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(tok,sizeof(tok),"%s/" FONT_PROPS,cur_sf->filename);
data/fontforge-20201107~dfsg/fontforge/sfd.c:9214:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(tok,sizeof(tok),"%s/%s" GLYPH_EXT,cur_sf->filename,name);
data/fontforge-20201107~dfsg/fontforge/sfd1.c:466:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf( lac->ac.name, format, ac->ac.name );
data/fontforge-20201107~dfsg/fontforge/sflayout.c:1299:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( filename, "%s/ff-preview-%s-%d-%d.bmp", dir, sf->fontname, getpid(), ++cnt );
data/fontforge-20201107~dfsg/fontforge/sflayout.c:1301:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( filename, "%s/ff-preview-%s-%d-%d.png", dir, sf->fontname, getpid(), ++cnt );
data/fontforge-20201107~dfsg/fontforge/splinefont.c:833:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( archivedir, "%s/ffarchive-%d-%d", dir, getpid(), ++cnt );
data/fontforge-20201107~dfsg/fontforge/splinefont.c:840:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf( listfile, "%s/" TOC_NAME, archivedir );
data/fontforge-20201107~dfsg/fontforge/splinefont.c:846:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( listcommand, "%s %s %s > %s", archivers[i].unarchive,
data/fontforge-20201107~dfsg/fontforge/splinefont.c:848:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if ( system(listcommand)!=0 ) {
data/fontforge-20201107~dfsg/fontforge/splinefont.c:869:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( unarchivecmd, "( cd %s ; %s %s %s %s ) > /dev/null", archivedir,
data/fontforge-20201107~dfsg/fontforge/splinefont.c:872:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if ( system(unarchivecmd)!=0 ) {
data/fontforge-20201107~dfsg/fontforge/splinefont.c:880:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( finalfile, "%s/%s", archivedir, desiredfile );
data/fontforge-20201107~dfsg/fontforge/splinefont.c:905:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmpfn,dir);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:907:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmpfn,GFileNameTail(name));
data/fontforge-20201107~dfsg/fontforge/splinefont.c:910:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if ( system(buf)==0 )
data/fontforge-20201107~dfsg/fontforge/splinefont.c:922:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf( tmpfilename, P_tmpdir "/fontforge%d-%d", getpid(), try++ );
data/fontforge-20201107~dfsg/fontforge/splinefont.c:924:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(tmpfilename,exten);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:925:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ( access( tmpfilename, F_OK )==-1 &&
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1031:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(fullname,strippedname);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1032:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(fullname,paren);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1067:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(fullname,strippedname);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1068:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(fullname,paren);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1108:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(temp,strippedname);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1114:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp,strippedname);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1272:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	        strcpy(norm->origname,fname);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1274:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	        strcat(norm->origname,sf->chosenname);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1359:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tobefreed1,filename);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1362:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ept,extens[i]);
data/fontforge-20201107~dfsg/fontforge/splineoverlap.c:101:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,format,ap);
data/fontforge-20201107~dfsg/fontforge/splineoverlap.c:113:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr,format,ap);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:155:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf( buf2, "%s %s", name, second);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:190:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp, amfm_filename);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:194:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pt,fontname);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:215:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(afmname+(pt-filename),isupper(pt[1])?".AFM":".afm");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:260:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(new,psname);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:266:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,wasuc?".AMFM":".amfm");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:268:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,wasuc?".amfm":".AMFM");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:274:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,wasuc?".AFM":".afm");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:276:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,wasuc?".afm":".AFM");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:321:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(components,sc1->name);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:323:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(components,sc2->name);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:436:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(components,sf->glyphs[used[i]]->name);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1183:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf( afm, ismm ? "StartMasterFontMetrics 4.0\n" :
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1375:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ret,this->base->name);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1379:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,cca->accent->name);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1754:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(amfm, i==mm->instance_count-1 ? "]" : "] " );
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1763:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(amfm, i==mm->axis_count-1 ? "]" : "] " );
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1950:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(lig->u.lig.components,"%s %s",sublig->name,
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2997:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(full,sf->fontname);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:3006:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(header.encoding+1,encname);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:3015:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(header.family+1,familyname);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:121:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret,str1);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:122:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret+len1,str2);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:131:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret,str1);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:132:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret+len1,str2);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:133:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret+len1+len2,str3);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:7943:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((char *)gb->pt, str);
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2952:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "%s.sfd", sf->fontname);
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2968:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(sf->xuid,"[%s %d]", xuid, (rand()&0xffffff));
data/fontforge-20201107~dfsg/fontforge/svg.c:887:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf( file, isv ? "    <vkern " : "    <hkern " );
data/fontforge-20201107~dfsg/fontforge/svg.c:910:25:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                        fprintf( file, isv ? "    <vkern g1=\"" : "    <hkern g1=\"" );
data/fontforge-20201107~dfsg/fontforge/svg.c:3010:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(pt,chars[len]->name);
data/fontforge-20201107~dfsg/fontforge/svg.c:3073:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt,temp->name);
data/fontforge-20201107~dfsg/fontforge/svg.c:3393:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(sf->xuid,"[%s %d]", xuid, (rand()&0xffffff));
data/fontforge-20201107~dfsg/fontforge/tottf.c:5904:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(newname,fontname);
data/fontforge-20201107~dfsg/fontforge/tottf.c:5978:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buffer, "/%s %ld StartData\n", sf->fontname, len );
data/fontforge-20201107~dfsg/fontforge/ttfinstrs.c:553:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt, ff_ttf_instrnames[iv->instrdata->instrs[i]]);
data/fontforge-20201107~dfsg/fontforge/ttfspecial.c:2007:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(str+len,bdf->props[i].u.atom );
data/fontforge-20201107~dfsg/fontforge/ufo.c:86:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fname, basedir);
data/fontforge-20201107~dfsg/fontforge/ufo.c:89:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fname,sub);
data/fontforge-20201107~dfsg/fontforge/ufo.c:193:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(disposable, output); // strtok rewrites the input string, so we make a copy.
data/fontforge-20201107~dfsg/fontforge/ufo.c:1244:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(styleMapFamily, preferredFamilyName);
data/fontforge-20201107~dfsg/fontforge/ufo.c:1246:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(styleMapFamily, preferredSubfamilyName);
data/fontforge-20201107~dfsg/fontforge/ufo.c:3587:10:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	        strcat(current_group->glyphs, member_native_current->sc->name);
data/fontforge-20201107~dfsg/fontforge/ufo.c:3906:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(pt,valName);
data/fontforge-20201107~dfsg/fontforge/winfonts.c:286:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp,sf->familyname);
data/fontforge-20201107~dfsg/fontforge/winfonts.c:289:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(temp,sf->weight);
data/fontforge-20201107~dfsg/fontforge/winfonts.c:834:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(non_resident_name, "FONTRES 100,%d,%d : %s %d", dpi[0], dpi[1], name, point_size);
data/fontforge-20201107~dfsg/fontforge/winfonts.c:835:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(resident_name, name);
data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c:306:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer,sizeof(buffer),is_vertical ? _("Vertical Extents for %c%c%c%c") : _("Horizontal Extents for %c%c%c%c"),
data/fontforge-20201107~dfsg/fontforgeexe/bitmapdlg.c:231:56:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    GGadgetSetEnabled(GWidgetGetControl(gw,CID_100Lab),system!=CID_Mac);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapdlg.c:232:53:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    GGadgetSetEnabled(GWidgetGetControl(gw,CID_100),system!=CID_Mac);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:209:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf+strlen(buf), uniname);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:654:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(refinfo,"%s XOff: %d YOff: %d", ref->bdfc->sc->name, ref->xoff, ref->yoff);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:830:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%d%s%d", bv->info_x, coord_sep, bv->info_y );
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:835:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%d%s%d", bv->info_x-bv->pressed_x, coord_sep, bv->info_y-bv->pressed_y );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1810:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(components+len,temp);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1844:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(components,next);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1942:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( namebuf, "uni%04X.%s", tolower(sc->unicodeenc), suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1946:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( namebuf, "%c%s.%s", tolower(*sc->name), sc->name+1, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1952:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( namebuf, "uni%04X.%s", toupper(sc->unicodeenc), suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1956:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( namebuf, "%c%s.%s", toupper(*sc->name), sc->name+1, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3749:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(lblbuf, "%s%s", lblprefix, inp_l);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4107:29:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        codepoints_as_hex = strcat(codepoints_as_hex, buffer);
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2275:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ubuf,ap->type==at_basemark ? _("Base") : _("Mark") );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2281:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(ubuf,ap->type==at_centry ? _("Entry") : _("Exit") );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4040:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buffer,"%d%s%d", (int) cv->info.x, coord_sep, (int) cv->info.y );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4042:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buffer,"%.4g%s%.4g", (double) cv->info.x, coord_sep, (double) cv->info.y );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4121:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buffer,"%d%s%d", (int) selx, coord_sep, (int) sely );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4123:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buffer,"%.4g%s%.4g", (double) selx, coord_sep, (double) sely );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4141:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buffer,"%d%%%s%d%%", (int) xdiff, coord_sep, (int) ydiff );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4143:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buffer,"%.3g%%%s%.3g%%", (double) xdiff, coord_sep, (double) ydiff );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4145:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%d%s%d", (int) xdiff, coord_sep, (int) ydiff );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4147:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%.4g%s%.4g", (double) xdiff, coord_sep, (double) ydiff );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:5786:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buffer,format,(double)val); /* formats are given as for doubles */
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:5802:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buffer,format,(double)val); /* formats are given as for doubles */
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:8910:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( hd->ret, u_to_c(hd->label.text));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:8911:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy( hd->ret, GGadgetGetTitle8(GWidgetGetControl(hd->gw,CID_getValueFromUser)));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:12100:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		    snprintf(buf,sizeof(buf),
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:80:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pt,sc->name);
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:96:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy( pt,start );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:201:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(rpt,rpl);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:234:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt, classnames[cols*classes[i]+0].u.md_str);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:265:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt, classnames[cols*classes[i]+0].u.md_str);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:305:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( pt," %d <%s>,", r->lookups[i].seq, r->lookups[i].lookup->lookup_name);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:367:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,temp);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:374:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pt,r->u.glyph.names);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:380:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,r->u.glyph.fore);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:442:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,classes[1][cols*c+0].u.md_str);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:454:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,classes[0][cols*c+0].u.md_str);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:467:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pt,classes[2][cols*c+0].u.md_str);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1437:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( space, " @<%s> ", otl->lookup_name );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:179:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, " zp0: %s", exc->GS.gep0?"Normal":"Twilight" );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:181:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, " zp1: %s", exc->GS.gep1?"Normal":"Twilight" );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:183:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, " zp2: %s", exc->GS.gep2?"Normal":"Twilight" );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:208:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "AutoFlip: %s", exc->GS.auto_flip?"True": "False" );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:214:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "RndState: %s",
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:233:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "ScanControl: %s", exc->GS.scan_control?"True": "False" );
data/fontforge-20201107~dfsg/fontforgeexe/cvdgloss.c:93:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer,sizeof(buffer),format,ap);
data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c:823:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( bpt, "_%.40s.%s", sc->parent->fontname, ext);
data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c:826:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "%.40s_%.40s.%s", sc->name, sc->parent->fontname, ext);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1910:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf( buffer, format, (double) v );
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:106:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat( buffer, hd->ishstem ? " hstem3" : " vstem3" );
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:672:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( text, "*.{%s}", ae );
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:674:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( text, "*.%s", ae );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2491:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(namebuf, "%s", sc->parent->layers[i].name);
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2493:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(namebuf,"%s", i==-1 ? _("Guide") : (i==0 ?_("Back") : _("Fore")) );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2605:19:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        if (i==1) sprintf( buffer,"%s",basestr );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2606:14:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        else sprintf( buffer,"%s %d",basestr, i );
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:52:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buf, _("%s No Slope"), label );
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:54:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buf, "%s dy/dx= ∞, %4g°", label, atan2(dy,dx)*180/FF_PI);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:56:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( buf, "%s dy/dx= %4g, %4g°", label, dy/dx, atan2(dy,dx)*180/FF_PI);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:732:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	    snprintf( buffer, blen, U_("∆Curvature: %g"), (kappa-kappa2)*emsize );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:688:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buf,"pr-%.90s.%s", pi->pi.mainsf->fontname,
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:363:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buffer,"%s-%s-%d", map->registry, map->ordering, map->supplement);
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:389:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(filename,block.dirs[ret-1]);
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:391:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(filename,block.maps[ret-1]);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1999:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(npt,rpl);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2929:8:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			    strcat(strings[3*r+2].u.md_str,stylelist[i][other_pos].str);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2939:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(temp+(pt-new),stylelist[i][other_pos].str);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2940:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(temp+(pt-new),pt+strlen(stylelist[i][j].str));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2955:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(strings[3*r+2].u.md_str,new);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3316:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
				sprintf( buffer, data[l], tm->tm_year+1900, author );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3319:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
				sprintf( buffer, data[l], reservedname );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3324:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy( pt, bpt );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:593:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(newname,oldname);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:597:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,s2d ? ".sfdir" : ".sfd" );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:640:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(temp,fn);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:651:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(temp,save_to_dir ? ".sfdir" : ".sfd");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1101:21:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                    strcpy(full,temp); strcat(full,"/"); strcat(full,file);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1101:58:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                    strcpy(full,temp); strcat(full,"/"); strcat(full,file);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3658:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(filename,buf2);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4057:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(buf,fv->b.sf->filename);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4059:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(buf,compressors[fv->b.sf->compression-1].ext);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4061:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		    if ( access(buf,F_OK)==0 )
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4896:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if ( access(buffer,F_OK)==0 ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5693:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( feat_sc->name, "%s.%s", base_sc->name, fv->cur_subtable->suffix );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5699:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( feat_sc->name,"%s.m%d_%d", base_sc->name,
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5705:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( feat_sc->name,"%s.%c%c%c%c", base_sc->name,
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:6405:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(data+cnt,sf->glyphs[gid]->name);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:7793:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(rpt,repr);
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:52:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(full,filename); strcat(full,"/"); strcat(full,file);
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:52:43:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcpy(full,filename); strcat(full,"/"); strcat(full,file);
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:1469:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( ret, "%s: %s", prefix, first->name);
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:1473:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( ret, "%s: %s, %s", prefix, first->name, second->name );
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:1477:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( ret, "%s: %s, %s ...", prefix, first->name, second->name );
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:317:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,h->chars[i]->name);
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:172:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ret,strings[1*i+0].u.md_str);
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:379:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(ret,otl->lookup_name);
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:560:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,otll[i]->lookup_name);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:4557:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(rpt,start);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:4595:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp,sc->name);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5291:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( def, "%s-%d", sub->lookup->lookup_name, name_search++ );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6625:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(name,sourcesc->name);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6626:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(name+(pt-sourcesc->name),suffix);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:262:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(full,lang);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:266:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(full,hunh);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:268:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(full,spacer);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:269:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(full,temp);
data/fontforge-20201107~dfsg/fontforgeexe/math.c:286:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(str+len,gv->parts[i].component);
data/fontforge-20201107~dfsg/fontforgeexe/math.c:292:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(str+len,buffer);
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5137:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(temp,sname); strcat(temp,"{"); strcat(temp,lname); strcat(temp,"}");
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5137:45:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcpy(temp,sname); strcat(temp,"{"); strcat(temp,lname); strcat(temp,"}");
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5141:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(temp,sbuf); temp[4] = '{'; strcpy(temp+5,lbuf); temp[9]='}'; temp[10] = 0;
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5141:41:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(temp,sbuf); temp[4] = '{'; strcpy(temp+5,lbuf); temp[9]='}'; temp[10] = 0;
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5298:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pt, mv->chars[cnt]->name);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:128:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp,dv);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:134:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp+len,ndv);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:142:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(temp+len,cdv);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:550:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(axisnames[i],an);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:551:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(axisnames[i],axisrange);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1363:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(ret,"dup %g le {%s} {%s} ifelse", (double) positions[i+1], buffer, elsepart );
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1422:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(ret,"dup %g le {%s} {%s} ifelse", (double) axis->designs[i+1], buffer, elsepart );
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1435:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(temp,header);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1436:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(temp,ret);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1529:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(standard_cdvs[4],cdv_4axis[0]);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1530:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(standard_cdvs[4],cdv_4axis[1]);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:1531:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(standard_cdvs[4],cdv_4axis[2]);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:2825:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(designs[i]+len1, buffer );
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:2829:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(normalized[i]+len2, buffer );
data/fontforge-20201107~dfsg/fontforgeexe/nonlineartransui.c:271:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf,"inf%sinf", coord_sep);
data/fontforge-20201107~dfsg/fontforgeexe/nonlineartransui.c:276:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(buf,"%g%s%g", x, coord_sep, y );
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:781:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%s/prefs", ffdir);
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:910:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,enc);
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:2606:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buffer, "%s/FontsOpenAtLastQuit", ffdir);
data/fontforge-20201107~dfsg/fontforgeexe/problems.c:2139:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(str,end+1);	/* Skip the space */
data/fontforge-20201107~dfsg/fontforgeexe/problems.c:2143:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(res+(str-*base),new);
data/fontforge-20201107~dfsg/fontforgeexe/problems.c:2144:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(res,end);
data/fontforge-20201107~dfsg/fontforgeexe/problems.c:4284:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(ret+len,_(vserrornames[m]));
data/fontforge-20201107~dfsg/fontforgeexe/savefontdlg.c:1186:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer,dir);
data/fontforge-20201107~dfsg/fontforgeexe/savefontdlg.c:1188:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer,filename);
data/fontforge-20201107~dfsg/fontforgeexe/savefontdlg.c:1316:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(new_name, "%s-%s", timestamp, original_name);
data/fontforge-20201107~dfsg/fontforgeexe/sftextfield.c:788:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(basename, st->li.fontlist->fd->sf->fontname);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:359:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(name,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:360:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(name,kc->seconds[i]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:439:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:455:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:456:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(lines[len].label,r->u.glyph.names);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:464:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:465:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,r->u.glyph.fore);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:525:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:526:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,r->u.coverage.bcovers[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:535:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:536:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,r->u.coverage.ncovers[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:545:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:546:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,r->u.coverage.fcovers[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:573:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:574:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(lines[len].label,r->u.rcoverage.replacements);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:609:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(buf, _("%s by %s"), _(type[fpst->type-pst_contextpos]),
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:620:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:621:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,fpst->bclass[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:630:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:631:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,fpst->nclass[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:640:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:641:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(lines[len].label,fpst->fclass[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:708:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lines[len].label,buf);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:709:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(lines[len].label,sm->classes[j]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:958:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(lbuf,"%s ∆x=%d ∆y=%d ∆x_adv=%d ∆y_adv=%d",
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:963:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
				sprintf(lbuf, "%s %s %s", sc->name,
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1143:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf+7,S_((char *) languages[j].text));
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1290:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf+7,S_((char *) languages[j].text));
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1315:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(temp,_sf->mark_class_names[i]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1317:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(temp,_sf->mark_classes[i]);
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1427:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(buffer,"%.70s %s", sc->name,
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1587:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, _("Default Baseline: '%s'"),
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1608:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf( buffer, "%s: %s", sc->name,
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1715:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf( buffer, "%.70s  dir=%s", sc->name,
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1875:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf+7,S_((char*) scripts[j].text));
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1883:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf,S_("writing system|Script"));
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1913:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf+7,S_((char*) scripts[j].text));
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:1921:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf,S_("writing system|Script"));
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:2032:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		    snprintf(buffer,sizeof(buffer),
data/fontforge-20201107~dfsg/fontforgeexe/showatt.c:2042:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		    snprintf(buffer,sizeof(buffer),
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:426:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system( "DYLD_LIBRARY_PATH=\"\"; osascript -e 'tell application \"X11\" to activate'" );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:440:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system( "DYLD_LIBRARY_PATH=\"\"; osascript -e 'tell application \"X11\" to activate'" );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:454:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system( "DYLD_LIBRARY_PATH=\"\"; osascript -e 'tell application \"X11\" to activate'" );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:501:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system( "DYLD_LIBRARY_PATH=\"\"; osascript -e 'tell application \"X11\" to activate'" );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:579:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf( buffer, "%s/.FontForge-LogFile.txt", getenv("HOME"));
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:721:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(full,window_name);
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:723:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(full,cmndline_val);
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:737:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "%s/FontsOpenAtLastQuit", ffdir );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:996:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    system( "osascript -e 'tell application \"X11\" to launch'" );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:997:6:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    system( "osascript -e 'tell application \"X11\" to activate'" );
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1014:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(env, lang);
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1374:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(fname,buffer); strcat(fname,"/glyphs/contents.plist");
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1381:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(fname,buffer); strcat(fname,"/font.props");
data/fontforge-20201107~dfsg/fontforgeexe/statemachine.c:946:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( buf, i+smd->offtop<100 ? "St%d" : "%d", i+smd->offtop );
data/fontforge-20201107~dfsg/fontforgeexe/statemachine.c:1003:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(buf,indicverbs[0][this->flags&0xf]);
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:147:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer,sizeof(buffer),format,ap);
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:323:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy( ret, errdata.errlines[s_l]+s_c );
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:327:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(pt,errdata.errlines[l]);
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:581:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer,sizeof(buffer),format,ap);
data/fontforge-20201107~dfsg/fontforgeexe/wordlistparser.c:87:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy( ret, sc->name );
data/fontforge-20201107~dfsg/gdraw/gaskdlg.c:859:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buf,sizeof(buf)/sizeof(buf[0]),question,ap);
data/fontforge-20201107~dfsg/gdraw/gchardlg.c:604:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf( buffer,inschr.map<em_first2byte?"0x%02x":"0x%04x", resch );
data/fontforge-20201107~dfsg/gdraw/gchardlg.c:838:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf( buffer, inschr.map<em_first2byte?"0x%02x":"0x%04x", ch );
data/fontforge-20201107~dfsg/gdraw/gdrawerror.c:208:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), fmt, ap);
data/fontforge-20201107~dfsg/gdraw/gdrawerror.c:223:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buf, fmt, ap);
data/fontforge-20201107~dfsg/gdraw/gdrawerror.c:240:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buf+strlen(buf), fmt, ap);
data/fontforge-20201107~dfsg/gdraw/ggdkdrawlogger.c:84:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer, BUFSIZ, fmt, va);
data/fontforge-20201107~dfsg/gdraw/gmenu.c:396:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat( buffer, tmp);
data/fontforge-20201107~dfsg/gdraw/gresedit.c:103:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( fontname, "%d %s%dpt %s", rq.weight,
data/fontforge-20201107~dfsg/gdraw/gresedit.c:109:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( fontname, "%d %s%dpt %s", rq.weight,
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:390:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( path,"%s/%s", imagepath[k], bucket->filename );
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:456:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(absname,getenv("HOME"));
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:517:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf( path,"%s/%s", imagepath[k], filename );
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:575:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(absname,getenv("HOME"));
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:576:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(absname,fname+1);
data/fontforge-20201107~dfsg/gdraw/gxdraw.c:1556:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ret+len,propret[i]);
data/fontforge-20201107~dfsg/gdraw/hotkeys.c:164:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer,"%s/hotkeys%s", ffdir, extension);
data/fontforge-20201107~dfsg/gutils/fsys.c:212:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer,dirname_);
data/fontforge-20201107~dfsg/gutils/fsys.c:215:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer,name);
data/fontforge-20201107~dfsg/gutils/fsys.c:280:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(buffer,dir);
data/fontforge-20201107~dfsg/gutils/fsys.c:290:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buffer+len,fname);
data/fontforge-20201107~dfsg/gutils/fsys.c:341:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ret,dir);
data/fontforge-20201107~dfsg/gutils/fsys.c:345:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pt,name);
data/fontforge-20201107~dfsg/gutils/fsys.c:379:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
return( access(file,0)==0 );
data/fontforge-20201107~dfsg/gutils/fsys.c:383:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
return( access(file,02)==0 );
data/fontforge-20201107~dfsg/gutils/fsys.c:400:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
return( access(file,04)==0 );
data/fontforge-20201107~dfsg/gutils/fsys.c:525:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(filename,"%s/%s", path, prog);
data/fontforge-20201107~dfsg/gutils/fsys.c:526:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if ( access(filename,1)!= -1 ) {
data/fontforge-20201107~dfsg/gutils/fsys.c:540:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	  sprintf(filename,"%.*s/%s", (int)(pt-path), path, prog);
data/fontforge-20201107~dfsg/gutils/fsys.c:543:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if ( access(filename,1)!= -1 ) {
data/fontforge-20201107~dfsg/gutils/fsys.c:550:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(filename,"%s/%s", path, prog);
data/fontforge-20201107~dfsg/gutils/fsys.c:551:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    if ( access(filename,1)!= -1 )
data/fontforge-20201107~dfsg/gutils/fsys.c:762:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
return( access(buffer,0)==0 );
data/fontforge-20201107~dfsg/gutils/fsys.c:768:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
return( access(buffer,02)==0 );
data/fontforge-20201107~dfsg/gutils/fsys.c:786:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
return( access(buffer,04)==0 );
data/fontforge-20201107~dfsg/gutils/fsys.c:868:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(sharedir,prefix);
data/fontforge-20201107~dfsg/gutils/fsys.c:884:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(sharedir,prefix);
data/fontforge-20201107~dfsg/gutils/fsys.c:901:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(sharedir,prefix);
data/fontforge-20201107~dfsg/gutils/fsys.c:902:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(sharedir,postfix);
data/fontforge-20201107~dfsg/gutils/fsys.c:1117:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(ret, path);
data/fontforge-20201107~dfsg/gutils/gimagewritegimage.c:46:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(file,j==0?"    ":"\t");
data/fontforge-20201107~dfsg/gutils/gimagewritegimage.c:59:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(file,j==0?"    ":"\t");
data/fontforge-20201107~dfsg/gutils/gimagewritegimage.c:82:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(file,base->image_type==it_true?"    it_true,\n":
data/fontforge-20201107~dfsg/gutils/giofile.c:117:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer,path);
data/fontforge-20201107~dfsg/gutils/giofile.c:125:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ept,ent->d_name);
data/fontforge-20201107~dfsg/inc/basics.h:70:20:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define TRACE(...) fprintf(stderr, __VA_ARGS__)
data/fontforge-20201107~dfsg/inc/ustring.h:45:65:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#    define PRINTF_FORMAT_ATTRIBUTE(x, y) __attribute__((format(printf, x, y)))
data/fontforge-20201107~dfsg/tests/randomtest.c:358:5:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execlp(command,command,"-c","Open($1)",testfont,NULL);
data/fontforge-20201107~dfsg/tests/randomtest.c:377:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf( buffer, "%s/test%d", results_dir, test_num++ );
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:72:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (!getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:801:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/fontforge/autotrace.c:203:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( (dir=getenv("TMPDIR"))!=NULL )
data/fontforge-20201107~dfsg/fontforge/autotrace.c:221:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( (dir=getenv("TMPDIR"))!=NULL )
data/fontforge-20201107~dfsg/fontforge/autotrace.c:609:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (( path = getenv("PATH"))==NULL )
data/fontforge-20201107~dfsg/fontforge/autotrace.c:646:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (( name = getenv("POTRACE"))!=NULL )
data/fontforge-20201107~dfsg/fontforge/autotrace.c:649:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (( name = getenv("AUTOTRACE"))!=NULL )
data/fontforge-20201107~dfsg/fontforge/autotrace.c:651:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (( name = getenv("POTRACE"))!=NULL )
data/fontforge-20201107~dfsg/fontforge/autotrace.c:674:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (( name = getenv("MF"))!=NULL )
data/fontforge-20201107~dfsg/fontforge/cvexport.c:126:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/fontforge/cvexport.c:249:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/fontforge/cvexport.c:258:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( zoffset==0 || getenv("SOURCE_DATE_EPOCH") )
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2210:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    char *dir = getenv("TMPDIR");
data/fontforge-20201107~dfsg/fontforge/langfreq.c:1893:11:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    cum = g_random_double();
data/fontforge-20201107~dfsg/fontforge/langfreq.c:1943:12:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	    cum = g_random_double();
data/fontforge-20201107~dfsg/fontforge/langfreq.c:1957:8:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	cum = g_random_double();
data/fontforge-20201107~dfsg/fontforge/langfreq.c:1975:6:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	i = g_random_int_range(0, cnt);
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2027:4:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
			g_random_double() >= lf->all_consonants[len] ) {
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2048:15:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		    retry = g_random_double() >= lf->vowel_run[vlen+1]/lf->vowel_run[2];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2050:15:  [3] (random) g_random_double:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		    retry = g_random_double() >= lf->consonant_run[vlen+1]/lf->consonant_run[2];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2180:9:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    i = g_random_int_range(0, chrs->cnt);
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2202:23:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    int i, len = 20 + g_random_int_range(0, 65);
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2267:12:  [3] (random) g_random_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	int pos = g_random_int_range(0, cnt+1);
data/fontforge-20201107~dfsg/fontforge/macenc.c:1300:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    loc = getenv("LC_ALL");
data/fontforge-20201107~dfsg/fontforge/macenc.c:1301:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LC_MESSAGES");
data/fontforge-20201107~dfsg/fontforge/macenc.c:1302:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LANG");
data/fontforge-20201107~dfsg/fontforge/noprefs.c:630:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    loc = getenv("LC_ALL");
data/fontforge-20201107~dfsg/fontforge/noprefs.c:631:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LC_CTYPE");
data/fontforge-20201107~dfsg/fontforge/noprefs.c:633:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LANG");
data/fontforge-20201107~dfsg/fontforge/noprefs.c:661:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(tv.tv_usec);
data/fontforge-20201107~dfsg/fontforge/noprefs.c:667:10:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    r2 = g_random_int();
data/fontforge-20201107~dfsg/fontforge/parsettf.c:306:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	lang = getenv(envs[i]);
data/fontforge-20201107~dfsg/fontforge/print.c:1165:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/fontforge/print.c:1174:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( zoffset==0 || getenv("SOURCE_DATE_EPOCH") )
data/fontforge-20201107~dfsg/fontforge/print.c:2618:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *lang = getenv("LANG");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1115:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( (env = getenv(c->a.vals[1].u.sval))==NULL )
data/fontforge-20201107~dfsg/fontforge/scripting.c:10814:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	verbose = getenv("FONTFORGE_VERBOSE")!=NULL;
data/fontforge-20201107~dfsg/fontforge/scripting.c:10959:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    pt = getenv("FONTFORGE_LANGUAGE");
data/fontforge-20201107~dfsg/fontforge/sflayout.c:1295:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *dir = getenv("TMPDIR");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:802:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *dir = getenv("TMPDIR");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:899:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *dir = getenv("TMPDIR");
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2956:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2999:46:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
static void SFChangeXUID(SplineFont *sf, int random) {
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:3012:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    if ( random )
data/fontforge-20201107~dfsg/fontforge/start.c:72:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(tv.tv_usec);
data/fontforge-20201107~dfsg/fontforge/start.c:86:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( getenv("FF_SCRIPT_IN_LATIN1") ) use_utf8_in_script=false;
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:962:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    loc = getenv("LC_ALL");
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:963:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LC_CTYPE");
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:965:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LANG");
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:993:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(tv.tv_usec);
data/fontforge-20201107~dfsg/fontforgeexe/prefs.c:999:10:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    r2 = g_random_int();
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:577:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
 if ( getenv("HOME")!=NULL ) {
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:579:49:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  sprintf( buffer, "%s/.FontForge-LogFile.txt", getenv("HOME"));
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:919:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *load_prefs = getenv("FONTFORGE_LOADPREFS");
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:946:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if (getenv("HOME")!=NULL) chdir(getenv("HOME"));
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:946:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if (getenv("HOME")!=NULL) chdir(getenv("HOME"));
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:990:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( local_x==1 && getenv("DISPLAY")==NULL ) {
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1000:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if ( local_x==1 && *getenv("DISPLAY")!='/' && strcmp(getenv("DISPLAY"),":0.0")!=0 && strcmp(getenv("DISPLAY"),":0")!=0 )
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1000:65:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if ( local_x==1 && *getenv("DISPLAY")!='/' && strcmp(getenv("DISPLAY"),":0.0")!=0 && strcmp(getenv("DISPLAY"),":0")!=0 )
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1000:104:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if ( local_x==1 && *getenv("DISPLAY")!='/' && strcmp(getenv("DISPLAY"),":0.0")!=0 && strcmp(getenv("DISPLAY"),":0")!=0 )
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1006:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if( getenv("DISPLAY")==NULL ) {
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1009:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if( getenv("LC_ALL")==NULL ){
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1072:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ( getenv("LANG")==NULL && getenv("LC_MESSAGES")==NULL ) {
data/fontforge-20201107~dfsg/fontforgeexe/startui.c:1072:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ( getenv("LANG")==NULL && getenv("LC_MESSAGES")==NULL ) {
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:67:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *loc = getenv("LC_ALL");
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:70:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LC_CTYPE");
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:71:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LANG");
data/fontforge-20201107~dfsg/fontforgeexe/uiutil.c:72:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LC_MESSAGES");
data/fontforge-20201107~dfsg/gdraw/gfilechooser.c:1065:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    (home = getenv("HOME"))!=NULL ) {
data/fontforge-20201107~dfsg/gdraw/gfilechooser.c:1081:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    (home = getenv("HOME"))!=NULL ) {
data/fontforge-20201107~dfsg/gdraw/ggadgets.c:410:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *loc = getenv("LC_ALL");
data/fontforge-20201107~dfsg/gdraw/ggadgets.c:411:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LC_CTYPE");
data/fontforge-20201107~dfsg/gdraw/ggadgets.c:412:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ( loc==NULL ) loc = getenv("LANG");
data/fontforge-20201107~dfsg/gdraw/ggdkdraw.c:2568:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("GGDK_DEBUG")) {
data/fontforge-20201107~dfsg/gdraw/ggdkdrawlogger.c:46:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *requested = getenv("GGDK_LOGLEVEL");
data/fontforge-20201107~dfsg/gdraw/gresedit.c:2479:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if ( getenv("LC_MESSAGES")!=NULL ) {
data/fontforge-20201107~dfsg/gdraw/gresedit.c:2480:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ( strstr(getenv("LC_MESSAGES"),"_US")!=NULL )
data/fontforge-20201107~dfsg/gdraw/gresedit.c:2482:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	} else if ( getenv("LANG")!=NULL ) {
data/fontforge-20201107~dfsg/gdraw/gresedit.c:2483:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	    if ( strstr(getenv("LANG"),"_US")!=NULL )
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:453:57:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    else if ( *start=='~' && start[1]=='/' && len>=2 && getenv("HOME")!=NULL ) {
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:454:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	int hlen = strlen(getenv("HOME"));
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:456:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	strcpy(absname,getenv("HOME"));
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:573:47:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    else if ( *fname=='~' && fname[1]=='/' && getenv("HOME")!=NULL ) {
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:574:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *absname = malloc( strlen(getenv("HOME"))+strlen(fname)+8 );
data/fontforge-20201107~dfsg/gdraw/gtextinfo.c:575:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	strcpy(absname,getenv("HOME"));
data/fontforge-20201107~dfsg/gutils/fsys.c:152:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* dir = getenv("HOME");
data/fontforge-20201107~dfsg/gutils/fsys.c:154:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	dir = getenv("USERPROFILE");
data/fontforge-20201107~dfsg/gutils/fsys.c:166:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dir = getenv("HOME");
data/fontforge-20201107~dfsg/gutils/fsys.c:519:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    else if( (path = getenv("PATH")) != NULL ){
data/fontforge-20201107~dfsg/gutils/fsys.c:538:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    else if ( (path = getenv("PATH"))!=NULL ) {
data/fontforge-20201107~dfsg/gutils/fsys.c:911:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char* dir = getenv("APPDATA");
data/fontforge-20201107~dfsg/gutils/fsys.c:913:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	dir = getenv("USERPROFILE");
data/fontforge-20201107~dfsg/gutils/fsys.c:922:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	char *home = getenv("HOME");
data/fontforge-20201107~dfsg/gutils/fsys.c:963:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("FF_PORTABLE") != NULL) {
data/fontforge-20201107~dfsg/gutils/fsys.c:975:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	xdg = getenv("XDG_CACHE_HOME");
data/fontforge-20201107~dfsg/gutils/fsys.c:979:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	xdg = getenv("XDG_CONFIG_HOME");
data/fontforge-20201107~dfsg/gutils/fsys.c:983:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	xdg = getenv("XDG_DATA_HOME");
data/fontforge-20201107~dfsg/gutils/fsys.c:1064:12:  [3] (buffer) g_get_tmp_dir:
  This function is synonymous with 'getenv("TMP")';it returns untrustable
  input if the environment can beset by an attacker. It can have any content
  and length, and the same variable can be set more than once (CWE-807,
  CWE-20). Check environment variables carefully before using them.
    return g_get_tmp_dir();
data/fontforge-20201107~dfsg/gutils/gutils.c:40:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if (getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/gutils/gutils.c:41:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char *username = getenv("USER");
data/fontforge-20201107~dfsg/gutils/gutils.c:53:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	const char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
data/fontforge-20201107~dfsg/gutils/gutils.c:65:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	if (getenv("SOURCE_DATE_EPOCH")) {
data/fontforge-20201107~dfsg/gutils/gutils.c:66:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
		st_time = atol(getenv("SOURCE_DATE_EPOCH"));
data/fontforge-20201107~dfsg/tests/randomtest.c:224:17:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
return( low + ((g_random_int()>>8)%(high+1-low)) );
data/fontforge-20201107~dfsg/tests/randomtest.c:226:16:  [3] (random) g_random_int:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
return( low + (g_random_int()%(high+1-low)) );
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_3[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:116:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:139:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_21[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:162:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_22[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:185:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_23[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:208:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_25[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:231:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_26[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:254:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_30[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/MacSymbol.c:277:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char MacSymbol_from_unicode_f8[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ZapfDingbats_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ZapfDingbats_from_unicode_21[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ZapfDingbats_from_unicode_24[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:116:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ZapfDingbats_from_unicode_25[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:139:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ZapfDingbats_from_unicode_26[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/ZapfDingbats.c:162:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ZapfDingbats_from_unicode_27[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_1.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_1.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_1_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_10.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_10.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_10_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_10.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_10_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_10.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_10_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_11.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_11.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_11_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_11.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_11_from_unicode_e[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_13.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_13.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_13_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_13.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_13_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_13.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_13_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_14.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_14.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_14_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_14.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_14_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_14.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_14_from_unicode_1e[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_15.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_15.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_15_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_15.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_15_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_15.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_15_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_16.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_16.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_16_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_16.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_16_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_16.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_16_from_unicode_2[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_16.c:116:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_16_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_2.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_2.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_2_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_2.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_2_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_2.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_2_from_unicode_2[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_3.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_3.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_3_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_3.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_3_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_3.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_3_from_unicode_2[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_4.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_4.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_4_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_4.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_4_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_4.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_4_from_unicode_2[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_5.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_5.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_5_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_5.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_5_from_unicode_4[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_5.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_5_from_unicode_21[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_6.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_6.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_6_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_6.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_6_from_unicode_6[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_7.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_7.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_7_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_7.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_7_from_unicode_3[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_7.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_7_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_8.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_8.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_8_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_8.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_8_from_unicode_5[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_8.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_8_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_9.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_9.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_9_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/iso_8859_9.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char i8859_9_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/jis201.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/jis201.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char jis201_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/jis201.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char jis201_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/jis201.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char jis201_from_unicode_ff[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char koi8_r_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char koi8_r_from_unicode_4[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char koi8_r_from_unicode_22[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c:116:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char koi8_r_from_unicode_23[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/koi8_r.c:139:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char koi8_r_from_unicode_25[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_2[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:116:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_3[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:139:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:162:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_21[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:185:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_22[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:208:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_25[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:231:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_f8[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/mac.c:254:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char mac_from_unicode_fb[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/win.c:6:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char allzeros[256] = { 0 };
data/fontforge-20201107~dfsg/Unicode/charset/win.c:47:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char win_from_unicode_0[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/win.c:70:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char win_from_unicode_1[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/win.c:93:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char win_from_unicode_2[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/win.c:116:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char win_from_unicode_20[256] = {
data/fontforge-20201107~dfsg/Unicode/charset/win.c:139:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char win_from_unicode_21[256] = {
data/fontforge-20201107~dfsg/Unicode/dump.c:119:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char *table[256], *plane;
data/fontforge-20201107~dfsg/Unicode/dump.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200+1];
data/fontforge-20201107~dfsg/Unicode/dump.c:129:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen( alphabets[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400+1];
data/fontforge-20201107~dfsg/Unicode/dump.c:356:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( adobecjk[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:420:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( adobecjk[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:551:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400+1];
data/fontforge-20201107~dfsg/Unicode/dump.c:555:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( adobecjk[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:684:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400+1];
data/fontforge-20201107~dfsg/Unicode/dump.c:688:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( cjk[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:797:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400+1];
data/fontforge-20201107~dfsg/Unicode/dump.c:807:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen( adobecjk[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:1018:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400+1];
data/fontforge-20201107~dfsg/Unicode/dump.c:1024:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen( adobecjk[j], "r" );
data/fontforge-20201107~dfsg/Unicode/dump.c:1186:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( output = fopen( "alphabet.c", "w" ))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/dump.c:1190:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( header = fopen( "chardata.h", "w" ))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/dump.c:1212:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( output = fopen( "cjk.c", "w" ))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/dump.c:1226:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( output = fopen( "backtrns.c", "w" ))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:57:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    union { short s; char c[2]; } u;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:186:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(*inbuf,*outbuf,min);
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:197:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:205:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[0], lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:205:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[0], lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:221:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:223:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = *(unsigned char *) *inbuf, lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:244:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:246:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = *(unsigned char *) *inbuf, lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:275:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:277:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = *(unsigned char *) *inbuf, lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:305:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:307:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = *(unsigned char *) *inbuf, lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:344:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:346:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = *(unsigned char *) *inbuf, lowch = ((unsigned char *) *inbuf)[1];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:372:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    uch = (((unsigned char *) *inbuf)[1]<<8) | (*((unsigned char *) *inbuf));
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:374:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    uch = (*((unsigned char *) *inbuf)<<8) | (((unsigned char *) *inbuf)[1]);
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:407:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:414:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:414:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:429:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:431:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:431:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:452:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:454:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:454:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:483:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:485:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:485:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:513:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:515:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:515:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:552:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[1], lowch = *(unsigned char *) *inbuf;
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:554:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:554:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    highch = ((unsigned char *) *inbuf)[2], lowch = ((unsigned char *) *inbuf)[3];
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:580:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    uch = (((unsigned char *) *inbuf)[3]<<24) |
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:581:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (((unsigned char *) *inbuf)[2]<<16) |
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:582:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (((unsigned char *) *inbuf)[1]<<8) |
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:586:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (((unsigned char *) *inbuf)[1]<<16) |
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:587:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (((unsigned char *) *inbuf)[2]<<8) |
data/fontforge-20201107~dfsg/Unicode/gwwiconv.c:588:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    (((unsigned char *) *inbuf)[3]);
data/fontforge-20201107~dfsg/Unicode/makebuildtables.c:379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], buffer2[400];
data/fontforge-20201107~dfsg/Unicode/makebuildtables.c:381:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen("gdrawbuildchars.c","w");
data/fontforge-20201107~dfsg/Unicode/makebuildtables.c:490:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[600];
data/fontforge-20201107~dfsg/Unicode/makebuildtables.c:570:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen("UnicodeData.txt","r");
data/fontforge-20201107~dfsg/Unicode/makeutype.c:128:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *names[MAXC];
data/fontforge-20201107~dfsg/Unicode/makeutype.c:132:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char mynumericvalue[MAXC];
data/fontforge-20201107~dfsg/Unicode/makeutype.c:501:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512+1], buf2[300+1], oldname[301], *pt, *end, *pt1;
data/fontforge-20201107~dfsg/Unicode/makeutype.c:508:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen("UnicodeData.txt","r"))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/makeutype.c:659:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen("LineBreak.txt","r"))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/makeutype.c:714:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen("PropList.txt","r"))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/makeutype.c:768:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen("NamesList.txt","r"))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/makeutype.c:811:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300+1], buf2[300+1], *pt, *end, *pt1;
data/fontforge-20201107~dfsg/Unicode/makeutype.c:816:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(corp,"r"))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/makeutype.c:858:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[300+1];
data/fontforge-20201107~dfsg/Unicode/makeutype.c:914:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    data = fopen( "ArabicForms.c","w");
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1199:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    data = fopen("is_Ligature_data.h","w");
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1237:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    header=fopen("utype.h","w");
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1238:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    data = fopen("utype.c","w");
data/fontforge-20201107~dfsg/Unicode/makeutype.c:1577:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( file = fopen("unialt.c","w" ))==NULL ) {
data/fontforge-20201107~dfsg/Unicode/memory.c:58:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret,str,n);
data/fontforge-20201107~dfsg/Unicode/ucharmap.c:338:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c[4];
data/fontforge-20201107~dfsg/Unicode/ucharmap.c:356:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c[2];
data/fontforge-20201107~dfsg/Unicode/ustring.c:314:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(res,pt,n*sizeof(unichar_t));
data/fontforge-20201107~dfsg/Unicode/ustring.c:326:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(res,pt,n*sizeof(unichar_t));
data/fontforge-20201107~dfsg/Unicode/ustring.c:422:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[60], *pt, *ret;
data/fontforge-20201107~dfsg/Unicode/ustring.c:440:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[60], *pt, *ret;
data/fontforge-20201107~dfsg/Unicode/ustring.c:458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[60], *pt, *ret;
data/fontforge-20201107~dfsg/Unicode/ustring.c:503:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[400];
data/fontforge-20201107~dfsg/Unicode/ustring.c:1052:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ret[100+1];
data/fontforge-20201107~dfsg/Unicode/ustring.c:1110:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(v);
data/fontforge-20201107~dfsg/Unicode/ustring.c:1115:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[101];
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *lines[4];
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:56:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    src = fopen(filename,"rs");
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/contrib/admintools/copyright.c:114:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    output = fopen("copyright.patch","w");
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:6:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used[0x110000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:8:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *nonuni_names[0x10000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[600];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:127:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer,"CNS1.%d.vert", cid-17408+1 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:129:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer,"CNS1.%d.vert", cid-17506+13648 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:131:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy( buffer, "CNS1.17601.vert" );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:133:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy( buffer, "CNS1.17603.vert" );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:137:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"CNS1.%d.vert", cid-1 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:140:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"CNS1.%d.vert", cid-2 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:143:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.hw", (unsigned int)(cid-13648+' ') );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:146:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy( buffer, "uni203E.hw" );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:149:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"CNS1.%d", cid );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:158:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.dup%d", (unsigned int)(uni), ++used[uni] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:168:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.vert", (unsigned int)(cid_2_rotunicode[i]) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:170:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "CNS1.%d.vert", j);
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapcns1.c:194:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    pua = fopen("cns14.pua","w");
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:6:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used[0x110000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:8:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *nonuni_names[0x10000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[600];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:117:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"uni%04X.hw", (unsigned int)(uni) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:121:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"GB1.%d.vert", cid-22226+814 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:125:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"GB1.%d.vert", cid-22127+1 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:129:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"GB1.%d.vert", cid-29059+22353 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:133:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"GB1.%d", cid );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:142:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.dup%d", (unsigned int)(uni), ++used[uni] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:152:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.vert", (unsigned int)(cid_2_rotunicode[i]) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapgb1.c:154:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "GB1.%d.vert", j);
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:6:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used[0x110000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:8:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *nonuni_names[0x100000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[600];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:283:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-7894+665 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:285:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-7899+674 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:287:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-7901+676 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:290:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-8720+1 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:294:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-8950+231 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:297:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9045+599 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:299:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9079+630 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:301:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buffer, "Japan1.8719.vert" );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:304:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9084+326 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:307:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9148+391 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:310:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9179+515 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:312:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9263+423 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:315:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9265+504 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:318:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-9277+425 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:320:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy( buffer, "Japan1.390.vert" );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:323:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-12870+9354 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:326:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-12960+9444 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:329:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.vert", cid-13254+9738 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:331:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.vert", (unsigned int)((uni>=VERTMARK?uni-VERTMARK:uni)) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:333:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.vert", (unsigned int)((fakeuni>=VERTMARK?fakeuni-VERTMARK:fakeuni)) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:344:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.hw", hwtable390[cid-390] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:346:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.hw", hwtable501[cid-501] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:348:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.hw", hwtable516[cid-516] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:350:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Japan1.%d.hw", cid );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:362:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.hw", (unsigned int)(uni) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:364:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.hw", (unsigned int)(fakeuni) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:373:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.italic", (unsigned int)(fakeuni) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:378:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.dup%d", (unsigned int)(fakeuni), ++used[fakeuni] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:386:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.dup%d", (unsigned int)(uni), ++used[uni] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:396:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.vert", (unsigned int)(cid_2_rotunicode[i]) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan1.c:398:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "Japan1.%d.vert", j);
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan2.c:6:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used[0x110000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan2.c:8:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *nonuni_names[0x10000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan2.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[600];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan2.c:116:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"Japan2.%d", cid );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapjapan2.c:122:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.dup%d", (unsigned int)(uni), ++used[uni] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:6:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char used[0x110000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:8:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *nonuni_names[0x10000];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[600];
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:126:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "uni%04X.hw", (unsigned int)(fakeuni) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:130:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "Korea1.%d.vert", cid-18255+8094 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:134:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "Korea1.%d.vert", cid-18155+1 );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:141:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"Korea1.%d", cid );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:147:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.dup%d", (unsigned int)(uni), ++used[uni] );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:157:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.vert", (unsigned int)(cid_2_rotunicode[i]) );
data/fontforge-20201107~dfsg/contrib/cidmap/src/mapkorean.c:159:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "Korea1.%d.vert", j);
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:249:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[12];
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:516:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:518:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:698:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pattern[12];
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:705:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pattern,"Base *");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:712:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(otherdir,"/../Encodings");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:716:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(encfilename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:718:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(encfilename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:755:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:758:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/acorn2sfd.c:856:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(buffer,".sfd");
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[CHUNK];
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:76:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[CHUNK];
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:142:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    woff = fopen( filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:180:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    sfnt = fopen( outname,"wb+" );
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:257:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(outname+(ext-start), "_meta.xml" );
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:258:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	meta = fopen( outname,"wb" );
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:274:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(outname+(ext-start), ".priv" );
data/fontforge-20201107~dfsg/contrib/fonttools/dewoff.c:275:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	priv = fopen( outname,"wb" );
data/fontforge-20201107~dfsg/contrib/fonttools/findtable.c:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stag[4];
data/fontforge-20201107~dfsg/contrib/fonttools/findtable.c:122:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *ttf = fopen( argv[i],"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontname[17];
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:104:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char panose[10];
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:105:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char charcompl[8];
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:480:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    head = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:495:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    FILE *cmap = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:827:17:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    FILE *os2 = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:917:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    FILE *glyf = tmpfile(), *loca = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:917:37:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    FILE *glyf = tmpfile(), *loca = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:972:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    FILE *post = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:994:18:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    FILE *name = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1001:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char family[20], style[20], *version="Version 1.0", unique[32];
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1012:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(style,"Bold Italic");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1014:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(style,"Bold");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1016:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(style,"Italic");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1018:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(style,"Regular");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[32], *pt, *fpt;
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1151:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pt,".ttf");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1152:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ttf = fopen(buffer,"wb+");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1360:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[32], *pt, *fpt;
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1371:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pt,".bdf");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1372:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    bdf = fopen(buffer,"wb+");
data/fontforge-20201107~dfsg/contrib/fonttools/pcl2ttf.c:1483:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *pcl = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:117:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *commands[32] = { "?0", "hstem", "?2", "vstem", "vmoveto",
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[3000], *pt, *binstart;
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temptok[255];
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:317:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zeros[EODMARKLEN+6+1];
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:426:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rdtok[255];
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:427:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(rdtok,"RD");
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256]/*, *tempname*/;
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:442:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(fontname,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:452:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(outputfile,"wb");
data/fontforge-20201107~dfsg/contrib/fonttools/pfadecrypt.c:459:12:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    temp = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:95:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
fontfile.open (FileName);
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:105:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		enc1.push_back(atoi(encodings.at(i + 1).c_str()) );
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:106:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		enc2.push_back(atoi(encodings.at(i + 2).c_str()) );
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:107:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		enc3.push_back(atoi(encodings.at(i + 3).c_str()) );
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:123:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
fontfile.open (FileName);
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:149:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
fontfile.open (FileName);
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:154:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			glyphs.open ("glyphs.txt");
data/fontforge-20201107~dfsg/contrib/fonttools/portablecompositor.cpp:205:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
featurefile.open ("feature.fea");
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1000];
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1000];
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:61:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buffer+strlen(buffer)-4,"-new.sfd");
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:63:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"-new");
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:64:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(name,"r");
data/fontforge-20201107~dfsg/contrib/fonttools/rmligamarks.c:69:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(buffer,"w");
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:730:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *class[16] = { "No classification", "Old Style Serifs", "Transitional Serifs", "Modern Serifs", "Clarendon Serifs", "Slab Serifs", "???", "Freeform Serifs", "Sans Serif", "Ornamentals", "Scripts", "???", "Symbolic", "???", "???", "???" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:731:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass0[16] = { "", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:732:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass1[16] = { "", "ibm rounded", "garalde", "venetian", "modified venetian", "dutch modern", "dutch traditional", "contemporary", "caligraphic", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:733:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass2[16] = { "", "direct line", "script", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:734:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass3[16] = { "", "italian", "script", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:735:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass4[16] = { "", "clarendon", "modern", "traditional", "newspaper", "stub", "monotone", "typewriter", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:736:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass5[16] = { "", "monotone", "humanist", "geometric", "swiss", "typewriter", "???", "???", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:737:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass7[16] = { "", "modern", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:738:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass8[16] = { "", "ibm neogrotesque", "humanist", "low-x rounded", "high-x rounded", "neo-grotesque", "modified neo-grotesque", "???", "???", "typewriter", "matrix", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:739:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass9[16] = { "", "engraver", "black letter", "decorative", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:740:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass10[16] = { "", "???", "uncial", "brush joined", "formal joined", "monotone joined", "calligraphic", "brush unjoined", "formal unjoined", "monotone unjoined", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:741:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *subclass12[16] = { "", "???", "???", "mixed serif", "???", "???", "old style serif", "neo-grotesque sans", "???", "???", "???", "???", "???", "???", "???", "Misc" };
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:742:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char **subclasses[16] = { subclass0, subclass1, subclass2, subclass3,
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:872:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *standardnames[258] = {
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:2199:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[40];
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:2200:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer,">U+%04X<", info->glyph_unicode[i]);
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:5059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50], *pt;
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:5427:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(td->fontmatrix,stack,(sp>=6?6:sp)*sizeof(double));
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:5435:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(td->fontbb,stack,(sp>=4?4:sp)*sizeof(double));
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:7027:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    ttf = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/showttf.c:7032:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    util = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/stripttc.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outfile[2000], *pt;
data/fontforge-20201107~dfsg/contrib/fonttools/stripttc.c:82:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( pt, "_%02d.ttf", which );
data/fontforge-20201107~dfsg/contrib/fonttools/stripttc.c:84:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ttf = fopen( outfile,"wb");
data/fontforge-20201107~dfsg/contrib/fonttools/stripttc.c:136:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *ttc = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:96:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *standardnames[258] = {
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:763:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:768:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer,"glyph%d", glyph);
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:1088:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:1093:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    eps = fopen(buffer,"w");
data/fontforge-20201107~dfsg/contrib/fonttools/ttf2eps.c:1145:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ttf = fopen(filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[CHUNK];
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[CHUNK];
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:80:11:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    tmp = tmpfile();
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:146:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    sfnt = fopen( filename,"rb");
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:192:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(outname+(ext-start),".woff" );
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:193:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    woff = fopen(outname,"wb");
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:247:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	meta = fopen(metafile,"w");
data/fontforge-20201107~dfsg/contrib/fonttools/woff.c:274:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	priv = fopen(privfile,"w");
data/fontforge-20201107~dfsg/fontforge/asmfpst.c:128:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new->rules[i].lookups,fpst->rules[i].lookups,
data/fontforge-20201107~dfsg/fontforge/asmfpst.c:876:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sm->state,sm->state+sm->class_cnt,sm->class_cnt*sizeof(struct asm_state));
data/fontforge-20201107~dfsg/fontforge/asmfpst.c:985:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sm->state,sm->state+sm->class_cnt,sm->class_cnt*sizeof(struct asm_state));
data/fontforge-20201107~dfsg/fontforge/autohint.c:2086:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sc->countermasks[0],mask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/autohint.c:2169:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sc->countermasks[i],masks[i],sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/autohint.c:2218:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sc->countermasks[i],masks[i],sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/autohint.c:2357:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(to[i]->hintmask,mask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/autosave.c:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/autosave.c:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/autosave.c:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:210:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(buffer,"/PfaEdXXXXXX");
data/fontforge-20201107~dfsg/fontforge/autotrace.c:216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:228:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(buffer,"/PfaEd");
data/fontforge-20201107~dfsg/fontforge/autotrace.c:231:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( eon, "%04X_mf%d", getpid(), ++cnt );
data/fontforge-20201107~dfsg/fontforge/autotrace.c:257:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  tempname_in[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  tempname_out[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:311:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ps = fopen(tempname_out, "r");
data/fontforge-20201107~dfsg/fontforge/autotrace.c:353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempname[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:354:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char (* arglist[30]);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:684:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025], *ret=NULL;
data/fontforge-20201107~dfsg/fontforge/autotrace.c:707:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025], *eod;
data/fontforge-20201107~dfsg/fontforge/autotrace.c:708:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *todelete[100];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:762:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *arglist[8];
data/fontforge-20201107~dfsg/fontforge/autotrace.c:799:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fd = open("/dev/null",O_WRONLY);
data/fontforge-20201107~dfsg/fontforge/autotrace.c:803:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fd = open("/dev/null",O_RDONLY);
data/fontforge-20201107~dfsg/fontforge/autowidth.c:1100:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/autowidth.c:1396:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(vkc->adjusts[n].corrections,kc->adjusts[o].corrections,len);
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:294:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ASCII " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:296:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISOLatin1Encoding " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:298:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-2 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:300:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-5 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:302:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-7 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:304:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-9 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:306:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-8 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:308:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-6 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:310:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-4 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:312:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "ISO8859-11 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:314:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "JISX0208.1997 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:316:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "GB2312.1980 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:318:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "KSC5601.1992 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:320:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "BIG5 " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:322:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer , "Symbol " );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:329:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[250];
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char reg[100], enc[40], *pt;
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:355:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer2[300];
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:387:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret,props,cnt*sizeof(BDFProperties));
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:400:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( reg, "FontSpecific" );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:403:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( reg, "ISO8859" );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:408:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( reg, "ISO10646" );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:411:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( reg, "KSC5601.1992" );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:414:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( reg, "GB2312.1980" );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:417:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( reg, "JISX0208.1997" );
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:443:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(squeeze,"Normal");
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:480:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(weight_name,"Medium");
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:562:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char family_name[80], weight_name[60], slant[10], stylename[40], squeeze[40];
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char reg[100], enc[40];
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:625:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[800];
data/fontforge-20201107~dfsg/fontforge/bitmapchar.c:686:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[250];
data/fontforge-20201107~dfsg/fontforge/bvedit.c:264:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bc->bitmap,from->bitmap,bc->bytes_per_line*(bc->ymax-bc->ymin+1));
data/fontforge-20201107~dfsg/fontforge/bvedit.c:304:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(npt+bc->xmin-xmin,pt,bc->bytes_per_line);
data/fontforge-20201107~dfsg/fontforge/bvedit.c:374:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new->bitmap,sel->bitmap,sel->bytes_per_line*(sel->ymax-sel->ymin+1));
data/fontforge-20201107~dfsg/fontforge/bvedit.c:411:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new->bitmap,sel->bitmap,sel->bytes_per_line*(sel->ymax-sel->ymin+1));
data/fontforge-20201107~dfsg/fontforge/bvedit.c:455:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(npt,bpt+xmin-bc->xmin,xmax-xmin+1);
data/fontforge-20201107~dfsg/fontforge/bvedit.c:493:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bpt+sel->xmin-bc->xmin,spt,sel->xmax-sel->xmin+1);
data/fontforge-20201107~dfsg/fontforge/bvedit.c:561:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ret,bc,sizeof( BDFChar ));
data/fontforge-20201107~dfsg/fontforge/bvedit.c:563:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ret->bitmap,bc->bitmap,ret->bytes_per_line*(ret->ymax-ret->ymin+1));
data/fontforge-20201107~dfsg/fontforge/bvedit.c:668:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy( bc->backup->bitmap,bc->bitmap,bc->bytes_per_line * bmp_width );
data/fontforge-20201107~dfsg/fontforge/cvexport.c:173:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    eps = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:189:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldloc[24];
data/fontforge-20201107~dfsg/fontforge/cvexport.c:283:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pi.object_offsets,objlocs,nextobj*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/cvexport.c:321:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    eps = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldloc[24];
data/fontforge-20201107~dfsg/fontforge/cvexport.c:379:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    plate = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:392:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    svg = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:405:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    glif = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:507:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fig = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:695:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char unicode[8];
data/fontforge-20201107~dfsg/fontforge/cvexport.c:723:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(unicode,"xxxx");
data/fontforge-20201107~dfsg/fontforge/cvexport.c:729:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( unicode,"%d", (int) map->backmap[sc->orig_pos] );
data/fontforge-20201107~dfsg/fontforge/cvexport.c:741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/cvimages.c:109:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sc->layers[pos].stroke_pen.trans, e->u.splines.transform,
data/fontforge-20201107~dfsg/fontforge/cvimages.c:184:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *ps = fopen(path,"r");
data/fontforge-20201107~dfsg/fontforge/cvimages.c:233:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *pdf = fopen(path,"r");
data/fontforge-20201107~dfsg/fontforge/cvimages.c:246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforge/cvimages.c:877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/cvimages.c:881:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fig = fopen(path,"r");
data/fontforge-20201107~dfsg/fontforge/cvimages.c:1065:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char start [1025];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:82:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret,bitmap,bytes_per_line*lines);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:899:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( ref,head,sizeof( BDFRefChar ));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:1153:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( ref,head,sizeof( BDFRefChar ));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:1258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2071:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2072:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[80]; const char *name;
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2084:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[5];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[5];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2625:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(adjust->xadjust.corrections,vr->adjust->xadjust.corrections,adjust->xadjust.last_pixel_size-adjust->xadjust.first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2629:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(adjust->yadjust.corrections,vr->adjust->yadjust.corrections,adjust->yadjust.last_pixel_size-adjust->yadjust.first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2633:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(adjust->xadv.corrections,vr->adjust->xadv.corrections,adjust->xadv.last_pixel_size-adjust->xadv.first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2637:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(adjust->yadv.corrections,vr->adjust->yadv.corrections,adjust->yadv.last_pixel_size-adjust->yadv.first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2665:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pst->u.pair.vr,frompst->u.pair.vr,sizeof(struct vr[2]));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2669:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&pst->u.pos,&frompst->u.pos,sizeof(struct vr));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2690:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ap->xadjust.corrections,fromap->xadjust.corrections,ap->xadjust.last_pixel_size-ap->xadjust.first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2694:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ap->yadjust.corrections,fromap->yadjust.corrections,ap->yadjust.last_pixel_size-ap->yadjust.first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:2852:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buttons[3];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( ref,head,sizeof( BDFRefChar ));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3278:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy( ref,head,sizeof( BDFRefChar ));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3304:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &copybuffer,tmp,sizeof( Undoes ));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3340:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( cur,head,sizeof( BDFRefChar ));
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3561:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[5];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3562:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3564:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d@%d", pixelsize, depth );
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3566:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d", pixelsize );
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3653:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fv->selected,oldsel,fv->map->enccount);
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3881:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[PATH_MAX];
data/fontforge-20201107~dfsg/fontforge/cvundoes.c:3883:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen( filename, "w" );
data/fontforge-20201107~dfsg/fontforge/delta.h:46:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    uint8 open;
data/fontforge-20201107~dfsg/fontforge/dumpbdf.c:252:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[200];
data/fontforge-20201107~dfsg/fontforge/dumpbdf.c:424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/dumpbdf.c:439:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"w" );
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:118:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char randombytes[4] = { 0xaa, 0x55, 0x3e, 0x4d };
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:177:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char randombytes[10] = { 0xaa, 0x55, 0x3e, 0x4d, 0x89, 0x98, 'a', '4', 0, 0xff };
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:244:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:252:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int isStdEncoding(const char *encoding[256]) {
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:519:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[200];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:607:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[200];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:1227:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	sub->values[i] = (uint8 *) copyn((const char *) subrs[i],subrslens[i]);
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:1235:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    sub->values[i] = (uint8 *) copyn((const char *) subrs[i],subrslens[i]);
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:1331:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *privates[16], int instance_count) {
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:1367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *privates[16];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:1844:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char (*encoding[256]);
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:1847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2004:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g setlinewidth stroke", (double) sf->strokewidth );
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2006:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buffer, "fill");
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2048:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8*1024];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2613:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "(Binary) %ld StartData ", len );
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2675:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( out=fopen(fontname,"wb"))==NULL )
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2711:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/dumppfa.c:2721:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"w" );
data/fontforge-20201107~dfsg/fontforge/encoding.c:157:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char c[2];
data/fontforge-20201107~dfsg/fontforge/encoding.c:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char from[20], ucs[20];
data/fontforge-20201107~dfsg/fontforge/encoding.c:246:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforge/encoding.c:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char from[8], ucs[20];
data/fontforge-20201107~dfsg/fontforge/encoding.c:502:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/encoding.c:563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/encoding.c:590:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(item->unicode,encs,max*sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/encoding.c:616:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/fontforge-20201107~dfsg/fontforge/encoding.c:677:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(item->unicode, enc_arr->data, enc_arr->len * sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/encoding.c:684:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(item->psnames, names_arr->data, names_arr->len * sizeof(char *));
data/fontforge-20201107~dfsg/fontforge/encoding.c:722:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/encoding.c:803:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforge/encoding.c:811:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( getPfaEditEncodings(), "w");
data/fontforge-20201107~dfsg/fontforge/encoding.c:896:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buffer,".notdef");
data/fontforge-20201107~dfsg/fontforge/encoding.c:957:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char maybe[FILENAME_MAX+1];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1036:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1051:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen( file,"r" );
data/fontforge-20201107~dfsg/fontforge/encoding.c:1100:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *buts[3], *buts2[3], *buts3[3];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1260:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buttons[3];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[200];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1331:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/encoding.c:1462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1474:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer,"%g", (double)cidmaster->cidversion);
data/fontforge-20201107~dfsg/fontforge/encoding.c:1723:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buttons[3];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1861:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[130];
data/fontforge-20201107~dfsg/fontforge/encoding.c:1866:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%.50s-%.50s-%d", sf->cidregistry, sf->ordering, sf->supplement );
data/fontforge-20201107~dfsg/fontforge/encoding.c:2111:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(map->map,encoded,base*sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/encoding.c:2113:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(map->map+base,unencoded,extras*sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/encoding.c:2574:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char from[20];
data/fontforge-20201107~dfsg/fontforge/encoding.c:2628:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char to[20];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cidbuf[20], *nm;
data/fontforge-20201107~dfsg/fontforge/featurefile.c:146:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( cidbuf, "\\%d", sc2->orig_pos );
data/fontforge-20201107~dfsg/fontforge/featurefile.c:343:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char space[MAXG+1];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:1755:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
						char key[100];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:1887:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[MAXG+1], featbuf[8], scriptbuf[8], *feat, *script;
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2184:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(intersection + ix, class1 + i, length * sizeof (char));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[MAXT+1];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *filename[MAXI];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[1025], *pt, *filename;
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2442:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2493:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tok->tokbuf,"EOF");
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2583:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    unsigned char tag[4];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:2970:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char last_glyph[MAXT+1];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:3514:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nvr,ovr,sizeof(struct vr));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:4180:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(item->u2.pst->u.pair.vr,vr,sizeof(vr));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:4195:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(item->u2.pst->u.pair.vr,vr,sizeof(vr));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:5269:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(feat->u1.params,params,sizeof(params));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:5702:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(item->u2.lcaret,carets,len*sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:5729:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    item->u1.gdef_classes = chunkalloc(sizeof(char *[4]));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:5807:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(active->baseline_tags,baselines,cnt*sizeof(uint32));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:5839:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(cur->baseline_pos,poses,i*sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:6007:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    chunkfree(item->u1.gdef_classes,sizeof(char *[4]));
data/fontforge-20201107~dfsg/fontforge/featurefile.c:6474:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kc->adjusts[index].corrections,dt->corrections,dt->last_pixel_size-dt->first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:6484:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kp->adjust->corrections,dt->corrections,dt->last_pixel_size-dt->first_pixel_size+1);
data/fontforge-20201107~dfsg/fontforge/featurefile.c:7173:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[50];
data/fontforge-20201107~dfsg/fontforge/featurefile.c:7340:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *in = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/fontforgeui.h:165:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *script_filenames[SCRIPT_MENU_MAX];
data/fontforge-20201107~dfsg/fontforge/fontforgeui.h:169:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *RecentFiles[RECENT_MAX];
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[6];
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:656:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(refs->transform,t,sizeof(t));
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1021:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char *buts[5];
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1436:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:1665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/fontviewbase.c:2031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/freetype.c:114:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[60];
data/fontforge-20201107~dfsg/fontforge/freetype.c:119:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "FreeType %d.%d.%d", ma, mi, pa );
data/fontforge-20201107~dfsg/fontforge/freetype.c:412:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(bdfc->bitmap,bitmap->buffer,bitmap->rows*bdfc->bytes_per_line);
data/fontforge-20201107~dfsg/fontforge/freetype.c:731:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret->bitmap,slot->bitmap.buffer,ret->rows*ret->bytes_per_row);
data/fontforge-20201107~dfsg/fontforge/freetype.c:1057:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(clipmask,temp.buffer,bitmap.pitch*bitmap.rows);
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1001:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], namebuf[200];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1017:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], namebuf[200];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1631:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ref->transform,transform,sizeof(real [6]));
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1661:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(bc->bitmap,rbc->bitmap+(rbc->ymax-ymax)*rbc->bytes_per_line,
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1695:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], namebuf[200];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1764:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], namebuf[200];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1821:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[80];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:1822:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *suffixes[4];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:2301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300], namebuf[300];
data/fontforge-20201107~dfsg/fontforge/fvcomposite.c:2942:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[101];
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:55:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(layers,ref->layers,ref->layer_cnt*sizeof(struct reflayer));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:294:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(cur->u.pair.vr,base->u.pair.vr,sizeof(struct vr [2]));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:299:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(cur->u.lcaret.carets,base->u.lcaret.carets,cur->u.lcaret.cnt*sizeof(uint16));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:410:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(nsm->state,sm->state,nsm->class_cnt*nsm->state_cnt*sizeof(struct asm_state));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:414:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nsm->state[i].u.kern.kerns,sm->state[i].u.kern.kerns,nsm->state[i].u.kern.kcnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:502:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(nsc->ttf_instrs,sc->ttf_instrs,sc->ttf_instrs_len);
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:509:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(layers,sc->layers,lycopy*sizeof(Layer));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:541:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(nsc->countermasks,sc->countermasks,sc->countermask_cnt*sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:593:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nbc->bitmap,bc->bitmap,(nbc->ymax-nbc->ymin+1)*nbc->bytes_per_line);
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:919:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[40];
data/fontforge-20201107~dfsg/fontforge/fvfonts.c:920:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer,"glyph%d", sf->glyphcnt);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:87:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[20];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:89:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "$u%d", ++unique );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[40], tok[100];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:427:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:434:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%.150s-%d", encname, encoff );
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:512:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[100], encname[100], weight[100], italic[100], buffer[300], *buf;
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:671:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(italic,"Italic");
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:673:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(italic,"Oblique");
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:720:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:738:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "enc-%d", cc);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:764:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[257];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:879:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charname[256];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1222:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(bc->bitmap+(r+i+1)*bc->bytes_per_line,
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char encname[101], weight[101], italic[101];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1552:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(italic,"Italic");
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1554:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(italic,"Oblique");
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1699:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bc->bitmap,bitmap+offsets[i],
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1709:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bc->bitmap+(j-bc->ymin)*bc->bytes_per_line,
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1868:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char def[10];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1873:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(def,"%d",guess);
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:1893:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2027:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[100];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char family[100], mods[200], full[300], foundry[100], comments[1000], fontname[300];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2050:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    bdf = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2195:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1500];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforge/fvimportbdf.c:2526:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bdfc->bitmap,base->data,bdfc->bytes_per_line*base->height);
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:935:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char held[600];
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1450:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strnamebuf[200];
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1455:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( strnamebuf, "%.90s %.90s", TTFNameIds(strid), MSLangString(lang));
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strnamebuf[200];
data/fontforge-20201107~dfsg/fontforge/glyphcomp.c:1463:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( strnamebuf, "%.90s %.90s", TTFNameIds(strid), MSLangString(lang));
data/fontforge-20201107~dfsg/fontforge/groups.c:84:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/groups.c:124:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    groups = fopen(groupfilename,"w");
data/fontforge-20201107~dfsg/fontforge/groups.c:238:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(g->kids,glist,i*sizeof(Group *));
data/fontforge-20201107~dfsg/fontforge/groups.c:253:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    groups = fopen(groupfilename,"r");
data/fontforge-20201107~dfsg/fontforge/groups.h:40:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unsigned int open: 1;
data/fontforge-20201107~dfsg/fontforge/ikarus.c:391:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/fontforge-20201107~dfsg/fontforge/ikarus.c:411:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "urw%d", number );
data/fontforge-20201107~dfsg/fontforge/ikarus.c:601:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(fontname,"rb");
data/fontforge-20201107~dfsg/fontforge/ikarus.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnam[13], fullname[81];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:1995:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char word_buf[WORD_MAX+1];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2160:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[8];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2185:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char word_buf[WORD_MAX+1];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parabuf[PARA_MAX];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2360:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "%.70s %c%c%c%c{%c%c%c%c}",
data/fontforge-20201107~dfsg/fontforge/langfreq.c:2368:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%c%c%c%c{dflt}",
data/fontforge-20201107~dfsg/fontforge/lookups.c:1396:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *lookup_type_names[2][10] = {
data/fontforge-20201107~dfsg/fontforge/lookups.c:1590:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		lookup_type_names[j][i] = S_((char *) lookup_type_names[j][i]);
data/fontforge-20201107~dfsg/fontforge/lookups.c:1599:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ubuf[200], *end = ubuf+sizeof(ubuf), *setname;
data/fontforge-20201107~dfsg/fontforge/lookups.c:1607:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( ubuf, "<%d,%d> ", (int) (tag>>16),(int) (tag&0xffff) );
data/fontforge-20201107~dfsg/fontforge/lookups.c:1617:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(ubuf,_("Required Feature"));
data/fontforge-20201107~dfsg/fontforge/lookups.c:1632:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		strncpy(ubuf+7, (char *) friendlies[k].friendlyname,end-ubuf-7);
data/fontforge-20201107~dfsg/fontforge/lookups.c:1688:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[8];
data/fontforge-20201107~dfsg/fontforge/lookups.c:1714:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    script = copy( S_((char *) localscripts[j].text) );
data/fontforge-20201107~dfsg/fontforge/lookups.c:1872:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newsl->morelangs,sl->morelangs,(newsl->lang_cnt-MAX_LANG)*sizeof(uint32));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newkc->offsets,kc->offsets,newkc->first_cnt*newkc->second_cnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2168:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(newkc->firsts_flags,kc->firsts_flags,newkc->first_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2172:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(newkc->seconds_flags,kc->seconds_flags,newkc->second_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2176:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(newkc->offsets_flags,kc->offsets_flags,newkc->first_cnt*newkc->second_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2201:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newfpst->rules,fpst->rules,newfpst->rule_cnt*sizeof(struct fpst_rule));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2207:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r->lookups,oldr->lookups,r->lookup_cnt*sizeof(struct seqlookup));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2221:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(r->u.class.nclasses,oldr->u.class.nclasses, r->u.class.ncnt*sizeof(uint16));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2223:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(r->u.class.bclasses,oldr->u.class.bclasses, r->u.class.bcnt*sizeof(uint16));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2225:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(r->u.class.fclasses,oldr->u.class.fclasses, r->u.class.fcnt*sizeof(uint16));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2257:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newsm->state,sm->state,
data/fontforge-20201107~dfsg/fontforge/lookups.c:2262:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(newsm->state[i].u.kern.kerns,sm->state[i].u.kern.kerns,newsm->state[i].u.kern.kcnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/lookups.c:2350:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newpst->u.pair.vr,pst->u.pair.vr,sizeof(struct vr [2]));
data/fontforge-20201107~dfsg/fontforge/lookups.c:3880:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(start,rpl,rlen);
data/fontforge-20201107~dfsg/fontforge/lookups.c:3890:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new,base,start-base);
data/fontforge-20201107~dfsg/fontforge/lookups.c:3891:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new+(start-base),rpl,rlen);
data/fontforge-20201107~dfsg/fontforge/lookups.c:4510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/lookups.c:4687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], *str;
data/fontforge-20201107~dfsg/fontforge/lookups.c:4694:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%d", class_n );
data/fontforge-20201107~dfsg/fontforge/lookups.h:17:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *lookup_type_names[2][10];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1377:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    uint8 header[128], *hpt; char buffer[256], *pt, *dpt;
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1438:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(header+102,"mBIN",4);
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1557:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void MakeMacPSName(char buffer[63],SplineFont *sf) {
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[63];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1612:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	res = fopen(filename,"wb+");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1676:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	res = fopen(filename,"wb+");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1753:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	res = fopen(binfilename,"wb+");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1805:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1816:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(buffer,".bin");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1832:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(pt-1,".fam");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1834:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(pt-1,".fam.bin");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:1861:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	res = fopen(filename,"wb+");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[32];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2104:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "Nameless%d", i );
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *psnames[48];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2289:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[300];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[350];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2538:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Bold");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2540:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Italic");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2542:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Underline");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2544:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Outline");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2546:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Shadow");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2548:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Condensed");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2550:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buffer,"Extended");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2831:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[16], buffer2[16];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2938:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(respath,"/..namedfork/rsrc");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2939:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    resfork = fopen(respath,"r");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2942:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(respath,"/rsrc");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2943:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	resfork = fopen(respath,"r");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:2958:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[128];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3012:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[20]; char *pt;
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3102:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(temp,"rb");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1400];
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3147:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(spt,"resource.frk/");
data/fontforge-20201107~dfsg/fontforge/macbinary.c:3161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char exten[8];
data/fontforge-20201107~dfsg/fontforge/mm.c:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *hold[40], *ret;
data/fontforge-20201107~dfsg/fontforge/mm.c:423:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(to->hintmask,tos[0]->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/mm.c:558:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *values[MmMax], buffer[32], *space, *pt, *end;
data/fontforge-20201107~dfsg/fontforge/mm.c:601:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer,"%g",(double) sum);
data/fontforge-20201107~dfsg/fontforge/mm.c:624:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( pt,"%g ", (double) sum);
data/fontforge-20201107~dfsg/fontforge/namelist.c:162:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	i = ((unsigned char *) name)[0];
data/fontforge-20201107~dfsg/fontforge/namelist.c:210:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "u%04X", uni);
data/fontforge-20201107~dfsg/fontforge/namelist.c:212:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X", uni);
data/fontforge-20201107~dfsg/fontforge/namelist.c:323:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(refs,out,ocnt*sizeof(RefChar *));
data/fontforge-20201107~dfsg/fontforge/namelist.c:347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40], *pt;
data/fontforge-20201107~dfsg/fontforge/namelist.c:404:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer, "uni%04X", uni);
data/fontforge-20201107~dfsg/fontforge/namelist.c:410:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "u%04X", uni);
data/fontforge-20201107~dfsg/fontforge/namelist.c:418:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(names[cnt],"uni");
data/fontforge-20201107~dfsg/fontforge/namelist.c:423:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( pt,"%04X", refs[i]->unicodeenc==0x131?'i':'j' );
data/fontforge-20201107~dfsg/fontforge/namelist.c:425:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( pt,"%04X", CanonicalCombiner(refs[i]->unicodeenc));
data/fontforge-20201107~dfsg/fontforge/namelist.c:531:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/namelist.c:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/fontforge-20201107~dfsg/fontforge/namelist.c:701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/namelist.c:730:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char space[80];		/* glyph names are supposed to be less<=31 chars */
data/fontforge-20201107~dfsg/fontforge/namelist.c:731:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempbuf[32];
data/fontforge-20201107~dfsg/fontforge/namelist.c:744:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X", sc->unicodeenc );
data/fontforge-20201107~dfsg/fontforge/namelist.c:746:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "u%04X", sc->unicodeenc );
data/fontforge-20201107~dfsg/fontforge/namelist.c:868:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bits[i].start+diff,bits[i].rpl->name,len);
data/fontforge-20201107~dfsg/fontforge/namelist.c:879:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( last,last_orig,bits[i].start-last_orig);
data/fontforge-20201107~dfsg/fontforge/namelist.c:1017:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40]; const char *name;
data/fontforge-20201107~dfsg/fontforge/nonlineartrans.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:147:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *script_filenames[SCRIPT_MENU_MAX];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:150:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *RecentFiles[RECENT_MAX];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:657:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:668:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "1021 %d %d", r1, r2 );
data/fontforge-20201107~dfsg/fontforge/noprefs.c:706:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1100];
data/fontforge-20201107~dfsg/fontforge/noprefs.c:715:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( prefs!=NULL && (p=fopen(prefs,"r"))!=NULL ) {
data/fontforge-20201107~dfsg/fontforge/noprefs.c:823:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( (p=fopen(prefs,"w"))==NULL )
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], *str;
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], *str;
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:94:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int NOUI_choose_multiple(const char *title, const char **choices, char *sel,
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:94:58:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int NOUI_choose_multiple(const char *title, const char **choices, char *sel,
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:94:74:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int NOUI_choose_multiple(const char *title, const char **choices, char *sel,
data/fontforge-20201107~dfsg/fontforge/nouiutil.c:95:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	int cnt, char *buts[2], const char *question,...) {
data/fontforge-20201107~dfsg/fontforge/othersubrs.c:503:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    free( (char *) othersubrs_copyright[0][i]);
data/fontforge-20201107~dfsg/fontforge/othersubrs.c:510:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		free( (char *) othersubrs[j][i]);
data/fontforge-20201107~dfsg/fontforge/othersubrs.c:518:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *os = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/othersubrs.c:519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[500];
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[33];
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:353:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:408:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pt2,".pdb");
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:409:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(fn,"wb");
data/fontforge-20201107~dfsg/fontforge/palmfonts.c:654:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *choices[5];
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[60];
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ent->u.splines.transform,transform,6*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1297:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[100];
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1575:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(gsaves[gsp].transform,transform,sizeof(transform));
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1691:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char suffix[8], *name, *nname, buffer[400];
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1710:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(suffix, ".alt%d", ndups);
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1757:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[200], *ccval, prevtok[200]="";
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1801:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tmappings, mappings, mappings_length);
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:1846:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(prevtok,tok,200);
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:2052:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( (pc.pdf=fopen(filename,"r"))==NULL )
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:2161:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    pdf = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:2173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldloc[24];
data/fontforge-20201107~dfsg/fontforge/parsepdf.c:2209:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:84:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void copyenc(char *encoding[256], const char *std[256]) {
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:84:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void copyenc(char *encoding[256], const char *std[256]) {
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:348:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void setStdEnc(char *encoding[256]) {
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:352:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void setLatin1Enc(char *encoding[256]) {
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:941:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:1237:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024], *bpt, *bs, *end = buffer+sizeof(buffer)-1;
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:1267:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(subrs->values[index],bs,bpt-bs);
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:1466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[200], *pt;
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:1495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], *pt, *endtok;
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2005:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(chars->values[i],binstart,binlen);
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2029:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(chars->values[i],binstart,binlen);
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2094:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temptok[255];
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2275:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zeros[EODMARKLEN+6+1];
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2491:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontsetname[256];
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024]; /* 256 was okay, but need this much now when some lines are concatenated */
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2550:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rdtok[20];
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2553:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(rdtok,"RD");
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2664:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(fontname,"rb");
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2767:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2000], *pt, *end;
data/fontforge-20201107~dfsg/fontforge/parsepfa.c:2793:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
return( _NamesReadPostScript( fopen(filename,"rb")));
data/fontforge-20201107~dfsg/fontforge/parsettf.c:302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char langcountry[8], language[4];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:1626:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[5];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:2796:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50], *pt;
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3094:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(td->fontmatrix,stack,(sp>=6?6:sp)*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3101:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(td->fontbb,stack,(sp>=4?4:sp)*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3146:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(td->weightvector,stack+1,(sp-4)*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3360:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dicts[i]->fontmatrix,parent_dict->fontmatrix,6*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3621:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( pt, "%d ", array[j]);
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3642:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( pt, "%g ", (double) array[j]);
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3657:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3660:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf,"%d", val );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3668:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf,"[%d]", val );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[40];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3676:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf,"%g", val );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3717:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[40];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3718:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"UntitledSubFont_%d", ++nameless );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:3859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:4054:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    { char buffer[41];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:4435:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char buffer[32];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:4436:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(buffer, "u%04X.vs%04X", uni, vs_data[i].vs );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:4487:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[500];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[30];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5355:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "%.20s-%d", info->ordering, i );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5357:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "nounicode.%d.%d.%x", info->platform, info->specific,
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5360:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "glyph%d", i );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5565:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[4];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5808:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:5996:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char versionbuf[40];
data/fontforge-20201107~dfsg/fontforge/parsettf.c:6024:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( versionbuf, "Version %f", sf->cidversion );
data/fontforge-20201107~dfsg/fontforge/parsettf.c:6026:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(versionbuf,"Version %.20s ", sf->version);
data/fontforge-20201107~dfsg/fontforge/parsettf.c:6356:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ttf = fopen(strippedname,"rb");
data/fontforge-20201107~dfsg/fontforge/parsettf.c:6379:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *cff = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/parsettf.c:6394:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *cff = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/parsettf.c:6416:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *ttf = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:724:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[50];
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:778:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[50];
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:1905:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char tag[5], *pt=tag;
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:2168:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char tag[5];
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3576:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[60];
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:3589:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( name, "Out-Of-Range-GID-%d", badgid );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:4808:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(info->variations->tuples[ctup].chars, tscs, oldgc * sizeof(SplineChar *));
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:5326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ebuf[10], buffer[50], *ext;
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:5411:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( ebuf, "%cpart%d", isv?'v':'h', i );
data/fontforge-20201107~dfsg/fontforge/parsettfatt.c:5931:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300], *format;
data/fontforge-20201107~dfsg/fontforge/parsettfbmf.c:499:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforge/parsettfbmf.c:500:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buttons[3];
data/fontforge-20201107~dfsg/fontforge/parsettfbmf.c:557:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%d", sizes[i].ppem );
data/fontforge-20201107~dfsg/fontforge/parsettfbmf.c:559:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%d@%d", sizes[i].ppem, sizes[i].depth );
data/fontforge-20201107~dfsg/fontforge/parsettfbmf.c:991:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( bc->backup->bitmap,bc->bitmap,bc->bytes_per_line * bmp_width );
data/fontforge-20201107~dfsg/fontforge/parsettfvar.c:649:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cvt->data,orig_cvt->data,cvt->len);
data/fontforge-20201107~dfsg/fontforge/print.c:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/fontforge-20201107~dfsg/fontforge/print.c:642:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/fontforge-20201107~dfsg/fontforge/print.c:2619:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char langbuf[12], *pt;
data/fontforge-20201107~dfsg/fontforge/print.c:2727:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *randoms[100];
data/fontforge-20201107~dfsg/fontforge/print.c:2728:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[220], *pt;
data/fontforge-20201107~dfsg/fontforge/print.c:2847:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *argv[40], buf[10];
data/fontforge-20201107~dfsg/fontforge/print.c:2870:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf,"%d", pi->copies );
data/fontforge-20201107~dfsg/fontforge/print.c:2880:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf,"-#%d", pi->copies );
data/fontforge-20201107~dfsg/fontforge/print.c:3021:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( filename,"rb" );
data/fontforge-20201107~dfsg/fontforge/print.c:3044:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[400];
data/fontforge-20201107~dfsg/fontforge/print.c:3058:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/fontforge-20201107~dfsg/fontforge/print.c:3095:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	pi.out = fopen(outputfile,"wb");
data/fontforge-20201107~dfsg/fontforge/print.h:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char psfontname[300];
data/fontforge-20201107~dfsg/fontforge/psfont.h:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char (*encoding[256]);
data/fontforge-20201107~dfsg/fontforge/psfont.h:182:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char (*AdobeStandardEncoding[256]);
data/fontforge-20201107~dfsg/fontforge/psfont.h:183:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char (*AdobeExpertEncoding[256]);
data/fontforge-20201107~dfsg/fontforge/psread.c:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fogbuf[60];
data/fontforge-20201107~dfsg/fontforge/psread.c:290:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( io->fogbuf, "%d ", ch-100);
data/fontforge-20201107~dfsg/fontforge/psread.c:425:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char commentbuffer[128], *pt;
data/fontforge-20201107~dfsg/fontforge/psread.c:598:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(to,trans,sizeof(trans));
data/fontforge-20201107~dfsg/fontforge/psread.c:1000:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ent->u.splines.transform,transform,6*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/psread.c:1145:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret,base,upt-base);
data/fontforge-20201107~dfsg/fontforge/psread.c:1205:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(base->data,data,datalen);
data/fontforge-20201107~dfsg/fontforge/psread.c:1208:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(base->data+i*base->bytes_per_line,data+(height-i)*base->bytes_per_line,
data/fontforge-20201107~dfsg/fontforge/psread.c:1228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ent->u.image.transform,transform,sizeof(real[6]));
data/fontforge-20201107~dfsg/fontforge/psread.c:2020:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ref->transform,transform,sizeof(transform));
data/fontforge-20201107~dfsg/fontforge/psread.c:2424:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(ent->u.splines.transform,transform,sizeof(transform));
data/fontforge-20201107~dfsg/fontforge/psread.c:2469:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(gsaves[gsp].transform,transform,sizeof(transform));
data/fontforge-20201107~dfsg/fontforge/psread.c:2761:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( stack[sp-1].u.str, "%o", (int) stack[sp-3].u.val );
data/fontforge-20201107~dfsg/fontforge/psread.c:2763:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( stack[sp-1].u.str, "%X", (int) stack[sp-3].u.val );
data/fontforge-20201107~dfsg/fontforge/psread.c:2765:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( stack[sp-1].u.str, "%g", (double) stack[sp-3].u.val );
data/fontforge-20201107~dfsg/fontforge/psread.c:2774:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( stack[sp-1].u.str, "%g", (double) stack[sp-2].u.val );
data/fontforge-20201107~dfsg/fontforge/psread.c:2789:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( stack[sp-1].u.str, "-- nostringval --" );
data/fontforge-20201107~dfsg/fontforge/psread.c:2948:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(transform,sc->layers[layer].stroke_pen.trans,4*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/psread.c:3248:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[10];
data/fontforge-20201107~dfsg/fontforge/psread.c:3284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[100];
data/fontforge-20201107~dfsg/fontforge/psread.c:3358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *names[1024];
data/fontforge-20201107~dfsg/fontforge/psread.c:3362:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[200];
data/fontforge-20201107~dfsg/fontforge/psread.c:3422:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(item->unicode,encs,max*sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/psread.c:3425:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(item->psnames,names,max*sizeof(char *));
data/fontforge-20201107~dfsg/fontforge/psread.c:3521:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hm,&rpl,mb);
data/fontforge-20201107~dfsg/fontforge/psread.c:4036:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				    memcpy(unblended,unblended+1,context->instance_count*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/psread.c:4247:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(hint->u.unblended,unblended,sizeof(real [2][MmMax]));
data/fontforge-20201107~dfsg/fontforge/psread.c:4299:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(hint->u.unblended,unblended,sizeof(real [2][MmMax]));
data/fontforge-20201107~dfsg/fontforge/psread.c:4324:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(pending_hm,type1,bytes);
data/fontforge-20201107~dfsg/fontforge/psread.c:4327:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(counters[cp],type1,bytes);
data/fontforge-20201107~dfsg/fontforge/psread.c:4649:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&ret->countermasks[i],counters[i],sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/python.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char foo[30];
data/fontforge-20201107~dfsg/fontforge/python.c:468:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( foo,"<%d,%d>", tag>>16, tag&0xffff );
data/fontforge-20201107~dfsg/fontforge/python.c:627:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], *nlist = NULL;
data/fontforge-20201107~dfsg/fontforge/python.c:1202:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(instrs,space,len);
data/fontforge-20201107~dfsg/fontforge/python.c:1962:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/python.c:1970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/python.c:2851:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret->spiros,self->spiros,self->spiro_cnt*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/python.c:3873:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt, " <Contour\n" );
data/fontforge-20201107~dfsg/fontforge/python.c:3880:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt," >\n");
data/fontforge-20201107~dfsg/fontforge/python.c:4627:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( locfilename,"wb");
data/fontforge-20201107~dfsg/fontforge/python.c:6462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/fontforge-20201107~dfsg/fontforge/python.c:6489:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( &repr[at], " CLOSED>" );
data/fontforge-20201107~dfsg/fontforge/python.c:6493:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    at += sprintf( &repr[at], " U+%04X", self->sc->unicodeenc);
data/fontforge-20201107~dfsg/fontforge/python.c:6497:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		at += sprintf( &repr[at], " U+%04X", alt->unienc );
data/fontforge-20201107~dfsg/fontforge/python.c:7106:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sc->ttf_instrs,space,len);
data/fontforge-20201107~dfsg/fontforge/python.c:8483:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *plate = fopen(locfilename,"r");
data/fontforge-20201107~dfsg/fontforge/python.c:8578:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen( locfilename,"wb");
data/fontforge-20201107~dfsg/fontforge/python.c:9904:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(cvt->data+len1*sizeof(uint16),c2->cvt->data, 2*len2);
data/fontforge-20201107~dfsg/fontforge/python.c:11188:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforge/python.c:11558:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[256];
data/fontforge-20201107~dfsg/fontforge/python.c:12060:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(fv->selected,sel->fv->selected,len2 );
data/fontforge-20201107~dfsg/fontforge/python.c:12113:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(cvt->data,c2->cvt->data,2*len2 );
data/fontforge-20201107~dfsg/fontforge/python.c:12642:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char creationtime[200];
data/fontforge-20201107~dfsg/fontforge/python.c:13160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8];
data/fontforge-20201107~dfsg/fontforge/python.c:13764:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dummy,tab->data,tab->len);
data/fontforge-20201107~dfsg/fontforge/python.c:14312:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tab->data,instrs,icnt);
data/fontforge-20201107~dfsg/fontforge/python.c:14316:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newi,tab->data,tab->len);
data/fontforge-20201107~dfsg/fontforge/python.c:14317:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newi+tab->len,instrs,icnt);
data/fontforge-20201107~dfsg/fontforge/python.c:14354:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(instrs,space,len);
data/fontforge-20201107~dfsg/fontforge/python.c:14486:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	diffs = fopen(locfilename,"w");
data/fontforge-20201107~dfsg/fontforge/python.c:16212:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforge/python.c:16384:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(locfilename,"CID");
data/fontforge-20201107~dfsg/fontforge/python.c:16388:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(locfilename,"Var");
data/fontforge-20201107~dfsg/fontforge/python.c:16390:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(locfilename,"MM");
data/fontforge-20201107~dfsg/fontforge/python.c:16391:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(locfilename,".sfd");
data/fontforge-20201107~dfsg/fontforge/python.c:16748:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(locfilename,"w");
data/fontforge-20201107~dfsg/fontforge/python.c:19519:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(filename, "rb");
data/fontforge-20201107~dfsg/fontforge/python.c:19611:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen( pathname, "rb" );
data/fontforge-20201107~dfsg/fontforge/python.c:19633:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subdir[16];
data/fontforge-20201107~dfsg/fontforge/python.c:20067:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) sfnt_name_str_ids[i].name );
data/fontforge-20201107~dfsg/fontforge/python.c:20077:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) sfnt_name_mslangs[i].name );
data/fontforge-20201107~dfsg/fontforge/python.c:20082:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) sfnt_name_mslangs[i].name );
data/fontforge-20201107~dfsg/fontforge/savefont.c:116:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf,".afm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:118:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt,".afm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:121:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    afm = fopen(buf,"w");
data/fontforge-20201107~dfsg/fontforge/savefont.c:144:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(pt,".afm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:146:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    afm = fopen(buf,"w");
data/fontforge-20201107~dfsg/fontforge/savefont.c:163:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(buf,".amfm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:165:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(pt,".amfm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:167:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	afm = fopen(buf,"w");
data/fontforge-20201107~dfsg/fontforge/savefont.c:190:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf,".tfm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:192:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt,".tfm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:196:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tfm = fopen(buf,"wb");
data/fontforge-20201107~dfsg/fontforge/savefont.c:204:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pt,".enc");
data/fontforge-20201107~dfsg/fontforge/savefont.c:205:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    enc = fopen(buf,"wb");
data/fontforge-20201107~dfsg/fontforge/savefont.c:253:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf,".ofm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:255:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt,".ofm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:259:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tfm = fopen(buf,"wb");
data/fontforge-20201107~dfsg/fontforge/savefont.c:267:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pt,".cfg");
data/fontforge-20201107~dfsg/fontforge/savefont.c:268:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    enc = fopen(buf,"wb");
data/fontforge-20201107~dfsg/fontforge/savefont.c:308:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf,".pfm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:310:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt,".pfm");
data/fontforge-20201107~dfsg/fontforge/savefont.c:312:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    pfm = fopen(buf,"wb");
data/fontforge-20201107~dfsg/fontforge/savefont.c:334:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(buf,"FONTLOG.txt");
data/fontforge-20201107~dfsg/fontforge/savefont.c:336:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt+1,"FONTLOG.txt");
data/fontforge-20201107~dfsg/fontforge/savefont.c:337:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    flog = fopen(buf,"a"); // We changed this to append if the file exists.
data/fontforge-20201107~dfsg/fontforge/savefont.c:416:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], *bpt;
data/fontforge-20201107~dfsg/fontforge/savefont.c:424:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(wernerfilename,"r");
data/fontforge-20201107~dfsg/fontforge/savefont.c:558:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *spt, *pt, buf[8];
data/fontforge-20201107~dfsg/fontforge/savefont.c:621:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newchars,temp.glyphs,temp.glyphcnt*sizeof(SplineChar *));
data/fontforge-20201107~dfsg/fontforge/savefont.c:658:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pt,names[subfont],len);
data/fontforge-20201107~dfsg/fontforge/savefont.c:669:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", subfont );
data/fontforge-20201107~dfsg/fontforge/savefont.c:772:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/savefont.c:939:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(temp,"dfont");
data/fontforge-20201107~dfsg/fontforge/savefont.c:1125:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(freeme,"otf");
data/fontforge-20201107~dfsg/fontforge/savefont.c:1127:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(freeme,"otb");
data/fontforge-20201107~dfsg/fontforge/savefont.c:1129:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(freeme,"dfont");
data/fontforge-20201107~dfsg/fontforge/savefont.c:1131:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(freeme,"ttf");
data/fontforge-20201107~dfsg/fontforge/scripting.c:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c->vals,a->vals,c->argc*sizeof(Val));
data/fontforge-20201107~dfsg/fontforge/scripting.c:205:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest->vals+offset,src->vals,src->argc*sizeof(Val));
data/fontforge-20201107~dfsg/fontforge/scripting.c:404:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errbuf[400];
data/fontforge-20201107~dfsg/fontforge/scripting.c:545:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[300];
data/fontforge-20201107~dfsg/fontforge/scripting.c:805:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/scripting.c:1141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/fontforge-20201107~dfsg/fontforge/scripting.c:1341:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2];
data/fontforge-20201107~dfsg/fontforge/scripting.c:1509:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforge/scripting.c:1540:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d", val->u.ival );
data/fontforge-20201107~dfsg/fontforge/scripting.c:1542:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "0u%04X", val->u.ival );
data/fontforge-20201107~dfsg/fontforge/scripting.c:1544:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", (double) val->u.fval );
data/fontforge-20201107~dfsg/fontforge/scripting.c:1546:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "<void>");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1548:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "<" "???" ">");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1718:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(name,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1754:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(name,append?"ab":"wb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1820:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(temp,"/glyphs/contents.plist");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1825:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(temp,"/font.props");
data/fontforge-20201107~dfsg/fontforge/scripting.c:1833:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	foo = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:2232:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(locfilename,"wb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:2444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforge/scripting.c:2463:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%%n_%%f.%.4s", pt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:2884:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[40], *name = buffer;
data/fontforge-20201107~dfsg/fontforge/scripting.c:2886:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "%d", val->u.ival );
data/fontforge-20201107~dfsg/fontforge/scripting.c:2888:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "U+%04X", val->u.ival );
data/fontforge-20201107~dfsg/fontforge/scripting.c:3386:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(locfilename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:3425:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(locfilename,"wb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:4049:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dummy,tab->data,tab->len);
data/fontforge-20201107~dfsg/fontforge/scripting.c:4185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[400];
data/fontforge-20201107~dfsg/fontforge/scripting.c:4309:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&dest->layers[ly_back],&layers[ly_back],sizeof(Layer));
data/fontforge-20201107~dfsg/fontforge/scripting.c:4311:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&dest->layers[layer],&src->layers[layer],sizeof(Layer));
data/fontforge-20201107~dfsg/fontforge/scripting.c:4435:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[4];
data/fontforge-20201107~dfsg/fontforge/scripting.c:4891:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char errmsg[40];
data/fontforge-20201107~dfsg/fontforge/scripting.c:5073:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[12];
data/fontforge-20201107~dfsg/fontforge/scripting.c:5074:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer,"%d", i );
data/fontforge-20201107~dfsg/fontforge/scripting.c:5866:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tab->data,instrs,icnt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:5870:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newi,tab->data,tab->len);
data/fontforge-20201107~dfsg/fontforge/scripting.c:5871:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newi+tab->len,instrs,icnt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:5893:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sc->ttf_instrs,instrs,icnt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:5897:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newi,sc->ttf_instrs,sc->ttf_instrs_len);
data/fontforge-20201107~dfsg/fontforge/scripting.c:5898:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newi+sc->ttf_instrs_len,instrs,icnt);
data/fontforge-20201107~dfsg/fontforge/scripting.c:7169:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[4];
data/fontforge-20201107~dfsg/fontforge/scripting.c:7376:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforge/scripting.c:7379:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "<%d,%d>", tag>>16, tag&0xffff );
data/fontforge-20201107~dfsg/fontforge/scripting.c:8346:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	diffs = fopen(c->a.vals[2].u.sval,"wb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:8395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2], *ptr = NULL;
data/fontforge-20201107~dfsg/fontforge/scripting.c:9778:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    sub.script = fopen(sub.filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:9784:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy((char *)pt, ".ff");
data/fontforge-20201107~dfsg/fontforge/scripting.c:9785:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		sub.script = fopen(sub.filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:9787:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy((char *)pt, ".pe");
data/fontforge-20201107~dfsg/fontforge/scripting.c:9788:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    sub.script = fopen(sub.filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:9792:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		sub.script = fopen(sub.filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:9853:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[TOK_MAX+1];
data/fontforge-20201107~dfsg/fontforge/scripting.c:10304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[10];
data/fontforge-20201107~dfsg/fontforge/scripting.c:10306:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer,"%d", other.u.ival);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10530:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[20];
data/fontforge-20201107~dfsg/fontforge/scripting.c:10532:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer,"%d", other.u.ival);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10535:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer,"%g", (double) other.u.fval);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10570:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sel,c->curfv->selected,selsize);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10607:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(c->curfv->selected,sel,selsize);
data/fontforge-20201107~dfsg/fontforge/scripting.c:10882:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		c.script = fopen(c.filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:11016:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    FILE *temp = fopen(argv[i],"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.c:11017:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/scripting.c:11071:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    c.script = fopen(c.filename,"rb");
data/fontforge-20201107~dfsg/fontforge/scripting.h:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok_text[TOK_MAX+1];		/* Irrelevant for user defined funcs */
data/fontforge-20201107~dfsg/fontforge/scstyles.c:707:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( &fix->maps[j],&fix->maps[i],sizeof( struct position_maps ));
data/fontforge-20201107~dfsg/fontforge/scstyles.c:1648:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &new_b,&orig_b,sizeof( DBounds ));
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2080:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2597:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2645:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2846:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforge/scstyles.c:2881:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/search.c:978:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new->transform,subtrans,sizeof(subtrans));
data/fontforge-20201107~dfsg/fontforge/search.c:1252:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(selected,fv->selected,fv->map->enccount);
data/fontforge-20201107~dfsg/fontforge/search.c:1286:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fv->selected,changed,fv->map->enccount);
data/fontforge-20201107~dfsg/fontforge/sfd.c:134:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
signed char inbase64[256] = {
data/fontforge-20201107~dfsg/fontforge/sfd.c:152:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char base64[64] = {
data/fontforge-20201107~dfsg/fontforge/sfd.c:599:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sofar[4];
data/fontforge-20201107~dfsg/fontforge/sfd.c:1894:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		gsfd = fopen(glyphfile,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:2149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforge/sfd.c:2156:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer,"%d", i );
data/fontforge-20201107~dfsg/fontforge/sfd.c:2877:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ssfd = fopen( fontprops,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:2928:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    gsfd = fopen(glyphfile,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:2955:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    ssfd = fopen( strikeprops,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:2984:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ssfd = fopen( fontprops,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:3175:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    sfd = fopen(tempfilename,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:3203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/fontforge-20201107~dfsg/fontforge/sfd.c:3292:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char path[PATH_MAX];
data/fontforge-20201107~dfsg/fontforge/sfd.c:3293:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char pathnew[PATH_MAX];
data/fontforge-20201107~dfsg/fontforge/sfd.c:3386:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:3438:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[100]; int ch;
data/fontforge-20201107~dfsg/fontforge/sfd.c:3457:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[100]; int ch;
data/fontforge-20201107~dfsg/fontforge/sfd.c:3476:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[100]; int ch;
data/fontforge-20201107~dfsg/fontforge/sfd.c:3534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tokbuf[100];
data/fontforge-20201107~dfsg/fontforge/sfd.c:3609:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(pt,base->data+(r-1)*base->bytes_per_line,base->bytes_per_line);
data/fontforge-20201107~dfsg/fontforge/sfd.c:3639:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mime[128];
data/fontforge-20201107~dfsg/fontforge/sfd.c:4069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[100];
data/fontforge-20201107~dfsg/fontforge/sfd.c:4245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:4624:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/fontforge-20201107~dfsg/fontforge/sfd.c:4665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[200];
data/fontforge-20201107~dfsg/fontforge/sfd.c:5004:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2001], ch;
data/fontforge-20201107~dfsg/fontforge/sfd.c:5115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2001], ch;
data/fontforge-20201107~dfsg/fontforge/sfd.c:5272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ret[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:5297:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2000], ch;
data/fontforge-20201107~dfsg/fontforge/sfd.c:5625:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sc->layers[layer].stroke_pen.dashes,dashes,sizeof(dashes));
data/fontforge-20201107~dfsg/fontforge/sfd.c:5626:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(sc->layers[layer].stroke_pen.trans,trans,sizeof(trans));
data/fontforge-20201107~dfsg/fontforge/sfd.c:6196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:6270:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		gsfd = fopen(name,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:6543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[200];
data/fontforge-20201107~dfsg/fontforge/sfd.c:7042:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], *sofar=calloc(1,1);
data/fontforge-20201107~dfsg/fontforge/sfd.c:7152:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		gsfd = fopen(name,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:7176:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ssfd = fopen(props,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:7201:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ssfd = fopen(props,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:7241:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		ssfd = fopen(props,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:7640:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9072:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9078:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    sfd = fopen(tok,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9080:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    sfd = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldloc[25], tok[2000];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9141:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	sfd = fopen(tok,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9143:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	sfd = fopen(cur_sf->filename,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9215:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	sfd = fopen(tok,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[200];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9354:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(tok,"<New File>");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9379:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[6];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[800], *pt;
data/fontforge-20201107~dfsg/fontforge/sfd.c:9382:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((*asfd = fopen(filename, "r")) == NULL) {
data/fontforge-20201107~dfsg/fontforge/sfd.c:9396:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buffer+6, "<New File>");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9435:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[1025];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9447:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	const char *buts[3];
data/fontforge-20201107~dfsg/fontforge/sfd.c:9468:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    asfd = fopen(sf->autosavename,"w");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9534:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *sfd = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/sfd.c:9535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tok[2000];
data/fontforge-20201107~dfsg/fontforge/sflayout.c:1055:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *lines[209];
data/fontforge-20201107~dfsg/fontforge/sflayout.c:1059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[51*4+1], *pt;
data/fontforge-20201107~dfsg/fontforge/spiro.c:118:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(nspiros,spiros,(n+1)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/spiro.c:273:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(nspiros,spiros,n*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splinechar.c:1029:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/splinechar.c:1038:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/splinechar.c:1076:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buffer[12];
data/fontforge-20201107~dfsg/fontforge/splinechar.c:1078:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( buffer,"uni%04X", sf->glyphs[i]->unicodeenc);
data/fontforge-20201107~dfsg/fontforge/splinechar.c:1080:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( buffer,"u%04X", sf->glyphs[i]->unicodeenc);
data/fontforge-20201107~dfsg/fontforge/splinefill.c:709:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bitmap+i*bpl,bdfc->bitmap+i*bdfc->bytes_per_line,bpl);
data/fontforge-20201107~dfsg/fontforge/splinefill.c:723:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(bitmap+i*bpl,bdfc->bitmap+i*bdfc->bytes_per_line,bpl);
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1315:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(clipmask,es->bitmap,es->cnt*es->bytes_per_line);
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size[40];
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1452:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aa[200];
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1465:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(size,_("%d pixels"), pixelsize );
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1466:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(aa,_("Generating bitmap font"));
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1468:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(aa,": ");
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1607:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char size[40];
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1608:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aa[200];
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1624:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(size,_("%d pixels"), pixelsize );
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1625:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(aa,_("Generating anti-alias font"));
data/fontforge-20201107~dfsg/fontforge/splinefill.c:1627:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(aa,": ");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:105:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char namebuf[100];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:136:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( namebuf, "NameMe.%d", i);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:139:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( namebuf, "NameMe.%d.%d", i, ++j);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:422:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( result, "%g", val*scale);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:435:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( pt, "%g ", val*scale);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:462:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( result, "%g", rint(val*scale));
data/fontforge-20201107~dfsg/fontforge/splinefont.c:475:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( pt, "%g ", rint(val*scale));
data/fontforge-20201107~dfsg/fontforge/splinefont.c:673:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(listfile,"r");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1500];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpfilename[L_tmpnam+100];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:926:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		(newfile = fopen(tmpfilename,"w"))!=NULL ) {
data/fontforge-20201107~dfsg/fontforge/splinefont.c:927:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[1024];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:974:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ubuf[251], *temp;
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1089:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    file = fopen(strippedname,"rb");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1109:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(temp,"/glyphs/contents.plist");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1115:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(temp,"/font.props");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1310:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1351:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *test = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1406:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char space[20];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1857:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer, "%d ", (int) array[i]);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1867:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[211];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1876:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "[%d]", (int) stemsnap[mi]);
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1889:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[211];
data/fontforge-20201107~dfsg/fontforge/splinefont.c:1924:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%g", (double) val );
data/fontforge-20201107~dfsg/fontforge/splinefont.h:995:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iso_2022_escape[8];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:1012:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char ***unicode[17];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:1570:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *names[ttf_namemax];			/* in utf8 */
data/fontforge-20201107~dfsg/fontforge/splinefont.h:1753:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char panose[10];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:1768:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char os2_vendor[4];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:1989:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *axes[4];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char foundry[80];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2225:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char family[100];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char weight[80];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2227:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char slant[40];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char setwidth[50];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char add_style[50];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char spacing[40];
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cs_reg[80];		/* encoding */
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2237:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cs_enc[80];		/* encoding version? */
data/fontforge-20201107~dfsg/fontforge/splinefont.h:2699:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define DECLARE_TEMP_LOCALE() char oldloc[25];
data/fontforge-20201107~dfsg/fontforge/splineorder2.c:884:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret->first->hintmask,ss->first->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splineorder2.c:896:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ret->last->hintmask,spline->to->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splineorder2.c:987:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ret->first->hintmask,ss->first->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splineorder2.c:997:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(to->hintmask,spline->to->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splinesave.c:238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(gi->bits[gi->bcnt].data,gb->base,gi->bits[gi->bcnt].dlen);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:291:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ps->data,gb->base,ps->len);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:314:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(active->bits,gi->bits,active->bcnt*sizeof(struct bits));
data/fontforge-20201107~dfsg/fontforge/splinesave.c:790:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdb->mask,*to->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splinesave.c:1919:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(subrs->values[scnt],gi->psubrs[i].data,gi->psubrs[i].len);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:1971:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(vals+len,gb->bits[j].data,gb->bits[j].dlen);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:1978:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(vals+len,gi->psubrs[ gb->bits[j].psub_index ].data,
data/fontforge-20201107~dfsg/fontforge/splinesave.c:2317:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdb->mask,*to->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splinesave.c:2795:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(hdb->mask,*cur->sc->layers[layer].splines->first->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splinesave.c:3282:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(subrs->values[scnt],gi.psubrs[i].data,gi.psubrs[i].len);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:3339:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(vals+len,gb->bits[j].data,gb->bits[j].dlen);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:3346:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(vals+len,gi.psubrs[ gb->bits[j].psub_index ].data,
data/fontforge-20201107~dfsg/fontforge/splinesave.c:3512:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(subrs->values[scnt],gi.psubrs[i].data,gi.psubrs[i].len);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:3553:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(chrs->values[i]+len,gb->bits[j].data,gb->bits[j].dlen);
data/fontforge-20201107~dfsg/fontforge/splinesave.c:3556:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(chrs->values[i]+len,gi.psubrs[ gb->bits[j].psub_index ].data,
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:119:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200], *pt, *ept, ch;
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:123:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[44], second[44], lig[44], buf2[100];
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:196:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(pt,".afm");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:198:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pt,".AFM");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[280], *pt, lastname[257];
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:211:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:512:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:729:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[60];
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1363:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(ret,"uni");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:1366:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%04X", unicode[i] );
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2481:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char encoding[40];	/* first byte is length, rest are a string that names the encoding */
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char family[20];	/* Font Family, preceded by a length byte */
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2683:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *foundnames[4];
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2731:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(extensions[ecnt].extens,founds,sizeof(founds));
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:2998:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(full,"-Enc");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:3004:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header.encoding+1,encname,39);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:3013:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(header.family+1,familyname,19);
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:3445:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/splinesaveafm.c:3446:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[200];
data/fontforge-20201107~dfsg/fontforge/splinestroke.c:650:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tpc, nc+max_utan_index, (i-max_utan_index)*sizeof(NibCorner));
data/fontforge-20201107~dfsg/fontforge/splinestroke.c:651:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(tpc+(i-max_utan_index), nc, max_utan_index*sizeof(NibCorner));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1295:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(cpt->hintmask,pt->hintmask,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1334:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cur->spiros,spl->spiros,cur->spiro_cnt*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1425:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(freeme,list+i,(spl->spiro_cnt-1-i)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1426:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(freeme+(spl->spiro_cnt-1-i),list,i*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1428:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(freeme+spl->spiro_cnt-1,list+spl->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1439:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp,list+i,(j-i)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1563:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(freeme,list+i,(spl->spiro_cnt-1-i)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1564:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(freeme+(spl->spiro_cnt-1-i),list,i*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1566:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(freeme+spl->spiro_cnt-1,list+spl->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:1576:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(temp,list+start,(i-start)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:2385:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *XUIDFromFD(int xuid[20]) {
data/fontforge-20201107~dfsg/fontforge/splineutil.c:2396:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pt,"%d ", xuid[j]);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:2717:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mm->defweights,pscontext->blend_values,mm->instance_count*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:2818:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(mm->axismaps[apos].blends,blends,ppos*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:2819:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(mm->axismaps[apos].designs,designs,ppos*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:2916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5381:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ap->xadjust.corrections,alist->xadjust.corrections,len);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5386:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(ap->yadjust.corrections,alist->yadjust.corrections,len);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5446:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy((&new->xadjust)[i].corrections,(&orig->xadjust)[i].corrections,len);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5471:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new->corrections,orig->corrections,len);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5518:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(new+adjust->first_pixel_size-size,
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5608:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(t->u.class.nclasses,f->u.class.nclasses,
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5612:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(t->u.class.bclasses,f->u.class.bclasses,
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5617:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(t->u.class.fclasses,f->u.class.fclasses,
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5645:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(t->lookups,f->lookups,t->lookup_cnt*sizeof(struct seqlookup));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5830:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newgv->parts,gv->parts,gv->part_cnt*sizeof(struct gv_part));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:5920:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(grad->grad_stops,old->grad_stops,old->stop_cnt*sizeof(struct grad_stops));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new->offsets,kc->offsets, new->first_cnt*new->second_cnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6112:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new->firsts_flags, kc->firsts_flags, new->first_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6116:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new->seconds_flags, kc->seconds_flags, new->second_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6120:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(new->offsets_flags, kc->offsets_flags, new->first_cnt*new->second_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new->adjusts,kc->adjusts, new->first_cnt*new->second_cnt*sizeof(DeviceTable));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6137:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(new->adjusts[i].corrections,old,len);
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6354:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new->map,map->map,map->enccount*sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6355:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new->backmap,map->backmap,map->backmax*sizeof(int32));
data/fontforge-20201107~dfsg/fontforge/splineutil.c:6361:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(new->remap,map->remap,n*sizeof(struct remap));
data/fontforge-20201107~dfsg/fontforge/splineutil.h:24:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *XUIDFromFD(int xuid[20]);
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:1307:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fp2,fp,tot*sizeof(FitPoint));
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2394:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(spl->spiros+spl->spiro_cnt-1,
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2897:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2899:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "Untitled%d", untitled_cnt++ );
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2926:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(sf->pfminfo.os2_vendor,"PfEd",4);
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2943:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2962:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "Copyright (c) %d, %.50s", tm->tm_year+1900, author );
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2964:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "Copyright (c) %d, Anonymous", tm->tm_year+1900 );
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:2970:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d-%d-%d: Created with FontForge (http://fontforge.org)", tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday );
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:3023:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(npt, "%d]", val );
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:3846:56:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
void SplineSetsInsertOpen(SplineSet **tbase,SplineSet *open) {
data/fontforge-20201107~dfsg/fontforge/splineutil2.c:3849:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    for ( p=NULL, spl=*tbase, e=open; e!=NULL; e = next ) {
data/fontforge-20201107~dfsg/fontforge/splineutil2.h:62:64:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
extern void SplineSetsInsertOpen(SplineSet **tbase, SplineSet *open);
data/fontforge-20201107~dfsg/fontforge/stemdb.c:3627:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(stem->active,activespace,acnt*sizeof(struct segment));
data/fontforge-20201107~dfsg/fontforge/stemdb.c:4510:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( stem->active,activespace,acnt*sizeof( struct segment ));
data/fontforge-20201107~dfsg/fontforge/stemdb.c:5247:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy( &master->dependent[i-1],&master->dependent[i],
data/fontforge-20201107~dfsg/fontforge/stemdb.c:5895:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( &gd->bd,bd,sizeof( BlueData ));
data/fontforge-20201107~dfsg/fontforge/svg.c:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[85];
data/fontforge-20201107~dfsg/fontforge/svg.c:193:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "M%g %g", (double) spl->first->me.x, (double) spl->first->me.y );
data/fontforge-20201107~dfsg/fontforge/svg.c:205:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"v%g", (double) (sp->to->me.y-last.y) );
data/fontforge-20201107~dfsg/fontforge/svg.c:207:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"h%g", (double) (sp->to->me.x-last.x) );
data/fontforge-20201107~dfsg/fontforge/svg.c:212:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"l%g %g", (double) (sp->to->me.x-last.x), (double) (sp->to->me.y-last.y) );
data/fontforge-20201107~dfsg/fontforge/svg.c:217:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"t%g %g", (double) (sp->to->me.x-last.x), (double) (sp->to->me.y-last.y) );
data/fontforge-20201107~dfsg/fontforge/svg.c:219:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"q%g %g %g %g",
data/fontforge-20201107~dfsg/fontforge/svg.c:226:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"s%g %g %g %g",
data/fontforge-20201107~dfsg/fontforge/svg.c:230:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"c%g %g %g %g %g %g",
data/fontforge-20201107~dfsg/fontforge/svg.c:357:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(transform,trans,4*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/svg.c:1043:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( file=fopen(fontname,"w+"))==NULL )
data/fontforge-20201107~dfsg/fontforge/svg.c:1924:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(trans,res,sizeof(res));
data/fontforge-20201107~dfsg/fontforge/svg.c:2339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fourchars[4];
data/fontforge-20201107~dfsg/fontforge/svg.c:2490:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ent->u.splines.transform,state->transform,6*sizeof(real));
data/fontforge-20201107~dfsg/fontforge/svg.c:2503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[200], propbuf[400];
data/fontforge-20201107~dfsg/fontforge/svg.c:2877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforge/svg.c:2929:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "uni%04X.vert", sc->unicodeenc );
data/fontforge-20201107~dfsg/fontforge/svg.c:2931:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "u%04X.vert", sc->unicodeenc );
data/fontforge-20201107~dfsg/fontforge/svg.c:2954:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/fontforge-20201107~dfsg/fontforge/svg.c:2959:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "glyph%d", enc);
data/fontforge-20201107~dfsg/fontforge/svg.c:3012:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(pt,"uni%04X",  (unsigned int) u[len]);
data/fontforge-20201107~dfsg/fontforge/svg.c:3014:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(pt,"u%04X",  (unsigned int) u[len]);
data/fontforge-20201107~dfsg/fontforge/svg.c:3689:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldloc[25];
data/fontforge-20201107~dfsg/fontforge/tottf.c:130:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *ttfstandardnames[258] = {
data/fontforge-20201107~dfsg/fontforge/tottf.c:1429:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char *buts[5];
data/fontforge-20201107~dfsg/fontforge/tottf.c:1598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[20], *pt;
data/fontforge-20201107~dfsg/fontforge/tottf.c:1600:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", d);
data/fontforge-20201107~dfsg/fontforge/tottf.c:3001:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(pfminfo->panose,info.panose,sizeof(info.panose));
data/fontforge-20201107~dfsg/fontforge/tottf.c:3419:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(os2->achVendID,"PfEd",4);
data/fontforge-20201107~dfsg/fontforge/tottf.c:3774:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforge/tottf.c:3795:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "Version %f ", (double)sf->cidversion );
data/fontforge-20201107~dfsg/fontforge/tottf.c:3797:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer,"Version %.20s ", sf->version);
data/fontforge-20201107~dfsg/fontforge/tottf.c:3799:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buffer,"Version 1.0" );
data/fontforge-20201107~dfsg/fontforge/tottf.c:4332:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(glyphs+(pos-1)*planesize+plane0size,tempglyphs,planesize*sizeof(uint16));
data/fontforge-20201107~dfsg/fontforge/tottf.c:4642:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(vses,vsbuf,sizeof(vsbuf));
data/fontforge-20201107~dfsg/fontforge/tottf.c:5852:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[8];
data/fontforge-20201107~dfsg/fontforge/tottf.c:5909:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(e,".g2n");
data/fontforge-20201107~dfsg/fontforge/tottf.c:5911:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(newname,"wb");
data/fontforge-20201107~dfsg/fontforge/tottf.c:5967:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[80];
data/fontforge-20201107~dfsg/fontforge/tottf.c:6057:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char *buts[3];
data/fontforge-20201107~dfsg/fontforge/tottf.c:6102:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( ttf=fopen(fontname,"wb+"))==NULL )
data/fontforge-20201107~dfsg/fontforge/tottf.c:6573:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(at->head.createtime,at->head.modtime,sizeof(at->head.modtime));
data/fontforge-20201107~dfsg/fontforge/tottf.c:6899:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( ttc=fopen(filename,"wb+"))==NULL )
data/fontforge-20201107~dfsg/fontforge/tottfgpos.c:437:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
							memcpy(space,spc,(max-30)*sizeof(SplineChar *));
data/fontforge-20201107~dfsg/fontforge/tottfgpos.c:452:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret,space,cnt*sizeof(SplineChar *));
data/fontforge-20201107~dfsg/fontforge/tottfvar.c:751:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/fontforge-20201107~dfsg/fontforge/ttf.h:508:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char panose[10];	/* can be set to zero */
data/fontforge-20201107~dfsg/fontforge/ttf.h:512:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char achVendID[4];	/* can be zero */
data/fontforge-20201107~dfsg/fontforge/ttfinstrs.c:548:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, " %d", (short) ((iv->instrdata->instrs[i]<<8) | iv->instrdata->instrs[i+1]) );
data/fontforge-20201107~dfsg/fontforge/ttfinstrs.c:551:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, " %d", iv->instrdata->instrs[i]);
data/fontforge-20201107~dfsg/fontforge/ufo.c:132:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * DOS_reserved[12] = {"CON", "PRN", "AUX", "CLOCK$", "NUL", "COM1", "COM2", "COM3", "COM4", "LPT1", "LPT2", "LPT3"};
data/fontforge-20201107~dfsg/fontforge/ufo.c:399:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[256];
data/fontforge-20201107~dfsg/fontforge/ufo.c:457:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(tmpstring, "&lt;");
data/fontforge-20201107~dfsg/fontforge/ufo.c:460:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(tmpstring, "&gt;");
data/fontforge-20201107~dfsg/fontforge/ufo.c:463:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(tmpstring, "&amp;");
data/fontforge-20201107~dfsg/fontforge/ufo.c:491:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char versionStr[6];
data/fontforge-20201107~dfsg/fontforge/ufo.c:849:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char numstring[32];
data/fontforge-20201107~dfsg/fontforge/ufo.c:1329:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char vendor[8], fc[2];
data/fontforge-20201107~dfsg/fontforge/ufo.c:1332:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(vendor,sf->pfminfo.os2_vendor,4);
data/fontforge-20201107~dfsg/fontforge/ufo.c:1339:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fstype[16];
data/fontforge-20201107~dfsg/fontforge/ufo.c:1383:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ranges[128];
data/fontforge-20201107~dfsg/fontforge/ufo.c:1394:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char pages[64];
data/fontforge-20201107~dfsg/fontforge/ufo.c:1956:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *feats = fopen( fname, "w" );
data/fontforge-20201107~dfsg/fontforge/ufo.c:2180:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *info = fopen(fn,"r");
data/fontforge-20201107~dfsg/fontforge/ufo.c:2181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/fontforge-20201107~dfsg/fontforge/ufo.c:2879:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			        memcpy(init,pre,sizeof(pre));
data/fontforge-20201107~dfsg/fontforge/ufo.c:2952:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				    memcpy(init,pre,sizeof(pre));
data/fontforge-20201107~dfsg/fontforge/ufo.c:2991:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			            memcpy(init,pre,sizeof(pre));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3012:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    if ( !open && ss->first != NULL ) {
data/fontforge-20201107~dfsg/fontforge/ufo.c:3019:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(init,pre,sizeof(pre));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3020:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(init+precnt,temp,sizeof(temp));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3349:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)tmp_offsets + (rowpos * (sf->kerns->second_cnt + right_count)) * sizeof(int16), (void *)(sf->kerns->offsets) + (rowpos * sf->kerns->second_cnt) * sizeof(int16), sf->kerns->second_cnt * sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3359:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)tmp_offsets_flags + (rowpos * (sf->kerns->second_cnt + right_count)) * sizeof(int), (void *)(sf->kerns->offsets_flags) + (rowpos * sf->kerns->second_cnt) * sizeof(int), sf->kerns->second_cnt * sizeof(int));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3369:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)tmp_adjusts + (rowpos * (sf->kerns->second_cnt + right_count)) * sizeof(DeviceTable), (void *)(sf->kerns->adjusts) + (rowpos * sf->kerns->second_cnt) * sizeof(DeviceTable), sf->kerns->second_cnt * sizeof(DeviceTable));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3381:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)tmp_offsets + (rowpos * (sf->vkerns->second_cnt + below_count)) * sizeof(int16), (void *)(sf->vkerns->offsets) + (rowpos * sf->vkerns->second_cnt) * sizeof(int16), sf->vkerns->second_cnt * sizeof(int16));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3391:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)tmp_offsets_flags + (rowpos * (sf->vkerns->second_cnt + below_count)) * sizeof(int), (void *)(sf->vkerns->offsets_flags) + (rowpos * sf->vkerns->second_cnt) * sizeof(int), sf->vkerns->second_cnt * sizeof(int));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3401:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((void *)tmp_adjusts + (rowpos * (sf->vkerns->second_cnt + above_count)) * sizeof(DeviceTable), (void *)(sf->vkerns->adjusts) + (rowpos * sf->vkerns->second_cnt) * sizeof(DeviceTable), sf->vkerns->second_cnt * sizeof(DeviceTable));
data/fontforge-20201107~dfsg/fontforge/ufo.c:3892:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char space[400], *pt, *end;
data/fontforge-20201107~dfsg/fontforge/ufo.c:4122:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char fc[2];
data/fontforge-20201107~dfsg/fontforge/uiinterface.h:85:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    int (*choose_multiple)(const char *title, const char **choices, char *sel,
data/fontforge-20201107~dfsg/fontforge/uiinterface.h:85:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    int (*choose_multiple)(const char *title, const char **choices, char *sel,
data/fontforge-20201107~dfsg/fontforge/uiinterface.h:85:69:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    int (*choose_multiple)(const char *title, const char **choices, char *sel,
data/fontforge-20201107~dfsg/fontforge/uiinterface.h:86:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    int cnt, char *buts[2], const char *question,...);
data/fontforge-20201107~dfsg/fontforge/views.h:151:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charselected[ charviewtab_charselectedsz + 1 ];
data/fontforge-20201107~dfsg/fontforge/views.h:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tablabeltxt[ charviewtab_charselectedsz + 1 ];
data/fontforge-20201107~dfsg/fontforge/views.h:302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *former_names[CV_TABMAX];
data/fontforge-20201107~dfsg/fontforge/views.h:650:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unsigned int open: 1;
data/fontforge-20201107~dfsg/fontforge/winfonts.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	copyright[60+1];
data/fontforge-20201107~dfsg/fontforge/winfonts.c:292:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(temp," Italic");
data/fontforge-20201107~dfsg/fontforge/winfonts.c:372:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fon = fopen(filename,"rb");
data/fontforge-20201107~dfsg/fontforge/winfonts.c:651:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename,"wb");
data/fontforge-20201107~dfsg/fontforge/winfonts.c:766:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[200];
data/fontforge-20201107~dfsg/fontforge/winfonts.c:773:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resident_name[200] = "";
data/fontforge-20201107~dfsg/fontforge/winfonts.c:775:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char non_resident_name[200] = "";
data/fontforge-20201107~dfsg/fontforge/winfonts.c:781:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[0x1000];
data/fontforge-20201107~dfsg/fontforge/winfonts.c:837:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(non_resident_name + strlen(non_resident_name), ",%d", point_size);
data/fontforge-20201107~dfsg/fontforge/winfonts.c:842:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(non_resident_name, " (VGA res)");
data/fontforge-20201107~dfsg/fontforge/winfonts.c:844:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(non_resident_name, " (8514 res)");
data/fontforge-20201107~dfsg/fontforge/winfonts.c:878:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fon = fopen(filename, "wb");
data/fontforge-20201107~dfsg/fontforge/woff.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[CHUNK];
data/fontforge-20201107~dfsg/fontforge/woff.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[CHUNK];
data/fontforge-20201107~dfsg/fontforge/woff.c:119:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[CHUNK];
data/fontforge-20201107~dfsg/fontforge/woff.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[CHUNK];
data/fontforge-20201107~dfsg/fontforge/woff.c:555:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (( woff=fopen(fontname,"wb+"))==NULL )
data/fontforge-20201107~dfsg/fontforge/woff.c:624:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *woff = fopen(fontname, "wb");
data/fontforge-20201107~dfsg/fontforgeexe/alignment.c:209:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[5];
data/fontforge-20201107~dfsg/fontforgeexe/alignment.c:274:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[5];
data/fontforge-20201107~dfsg/fontforgeexe/alignment.c:391:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/alignment.c:463:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", lastsize );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:218:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:555:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:558:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", (double) a->apos.x );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:561:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", (double) a->apos.y );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:792:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    unichar_t ubuf[20]; char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:797:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "%d", a->xadjust.corrections[
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:806:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "%d", a->yadjust.corrections[
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:889:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:906:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:910:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", i+min );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:921:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d", a->xadjust.corrections[
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:930:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d", a->yadjust.corrections[
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:938:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:966:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf, "%d", (int) rint(ap->me.x) );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:968:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf, "%d", (int) rint(ap->me.y) );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:1178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], xbuf[20], ybuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:1192:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a.xadjust.corrections,ap->xadjust.corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:1198:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a.yadjust.corrections,ap->yadjust.corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:1252:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", a.pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:1294:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( xbuf, "%d", (int) rint(ap->me.x) );
data/fontforge-20201107~dfsg/fontforgeexe/anchorsaway.c:1340:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( ybuf, "%d", (int) rint(ap->me.y) );
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sepbuf[20], minbuf[20], maxbuf[20], hbuf[20], lbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:176:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sepbuf, "%d", sf->width_separation );
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:178:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sepbuf, "%d", (int) rint( width_separation * emsize / width_last_em_size ));
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:203:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( minbuf, "%d", (int) rint( sf->descent*tan(sf->italicangle*FF_PI/180 )) );
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:205:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( minbuf, "%d", (int) -rint( sf->ascent*tan(sf->italicangle*FF_PI/180 )) );
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:207:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( minbuf, "%d", (int) rint( width_min_side_bearing * emsize / width_last_em_size ));
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:226:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( maxbuf, "%d", (int) rint( width_max_side_bearing * emsize / width_last_em_size ));
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:250:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( hbuf, "%d", (int) rint( width_chunk_height * emsize / width_last_em_size ));
data/fontforge-20201107~dfsg/fontforgeexe/autowidth2dlg.c:269:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( lbuf, "%d", (int) rint( width_loop_cnt * emsize / width_last_em_size ));
data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[4];
data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lang[8];
data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c:285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[8];
data/fontforge-20201107~dfsg/fontforgeexe/basedlg.c:713:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:515:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", bdf->props[i+cur->top_prop].u.val );
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:519:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%u", (unsigned) bdf->props[i+cur->top_prop].u.val );
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:648:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:649:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer,"%d",bdf->props[line].u.val );
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:711:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:712:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[130];
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:751:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", bdf->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/bdfinfo.c:753:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d@%d", bdf->pixelsize, BDFDepth(bdf));
data/fontforge-20201107~dfsg/fontforgeexe/bitmapdlg.c:170:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pt,"%.1f",(double) ((sizes[i]&0xffff)*scale) );
data/fontforge-20201107~dfsg/fontforgeexe/bitmapdlg.c:177:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pt,"@%d", (int) (sizes[i]>>16) );
data/fontforge-20201107~dfsg/fontforgeexe/bitmapdlg.c:274:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    which[i].text = (unichar_t *) _((char *) which[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:202:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,_("%1$.80s at %2$d size %3$d from %4$.80s"),
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:822:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50];
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:1781:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[10];
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:1791:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%d",bv->bc->width);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:1794:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%d",bv->bc->vwidth);
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:1961:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[30];
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:1965:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d:%d", lastx, lasty );
data/fontforge-20201107~dfsg/fontforgeexe/bitmapview.c:2339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:190:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "H<%g,%g>, ",
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:199:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "V<%g,%g>, ",
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:499:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:564:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sc->countermasks[i],ti[i]->userdata,sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:672:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%d:%d, ", i, adjust->corrections[i-adjust->first_pixel_size]);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:838:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:954:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(lcpst->u.lcaret.carets,pst->u.lcaret.carets,pst->u.lcaret.cnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1133:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1230:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(newpst->u.pair.vr,pst->u.pair.vr,sizeof(struct vr [2]));
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1235:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(newpst->u.lcaret.carets,pst->u.lcaret.carets,pst->u.lcaret.cnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1265:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newsc->countermasks,sc->countermasks,sc->countermask_cnt*sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1337:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1692:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", (double)(b.minx-margin) );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1694:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", (double)(b.miny-margin) );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1696:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", (double)(b.maxx+margin) );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1698:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", (double)(b.maxy+margin) );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1720:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1828:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *components, *pt, buffer[12];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[200];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1904:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( namebuf, "%.20s.%d.%.80s", sf->cidmaster->ordering, sc->orig_pos, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1907:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( namebuf, "cid-%d.%.80s", sc->orig_pos, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1912:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( namebuf, "uni%04X.%.80s", sc->unicodeenc, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1916:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( namebuf, "glyph%d.%.80s", sc->orig_pos, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1920:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( namebuf, "%.80s.%.80s", sc->name, suffix );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:1929:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[100];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:2030:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[40], *ctemp; unichar_t ubuf[2], *temp;
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:2048:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"U+%04x", i);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:2135:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unichar_t *temp, ubuf[2]; char buf[10];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:2150:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"U+%04x", val);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:2515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3571:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[12];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3629:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d", value );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3656:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3690:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", cnt );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3942:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3943:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3955:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,_("Glyph Info for %.40s"),sc->name);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:3977:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer,"U+%04x", sc->unicodeenc);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4066:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "U+%04x (", *bits );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4075:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, ") ");
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4099:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buffer, "%02x ", *d_ptr); break;
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4101:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buffer, "%04x ", *d_ptr); break;
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4103:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buffer, "%06x ", *d_ptr); break;
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4105:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buffer, "%08x ", *d_ptr);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4146:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ti[i]->userdata,sc->countermasks[i],sizeof(HintMask));
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4151:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",sc->tex_height);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4157:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",sc->tex_depth);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4163:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",sc->italic_correction);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4172:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",sc->top_accent_horiz);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4188:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",sc->vert_variants!=NULL?sc->vert_variants->italic_correction:0);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4201:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",sc->horiz_variants!=NULL?sc->horiz_variants->italic_correction:0);
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4218:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4222:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", (double) sc->tile_margin );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4227:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", (double) sc->tile_bounds.minx );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4229:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", (double) sc->tile_bounds.miny );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4231:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", (double) sc->tile_bounds.maxx );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:4233:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", (double) sc->tile_bounds.maxy );
data/fontforge-20201107~dfsg/fontforgeexe/charinfo.c:5535:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    lists[i][j].text = (unichar_t *) S_((char *) lists[i][j].text);
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:995:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		        sprintf( buf,"%d", pnum );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:1127:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buf,"??");
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:1131:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf,"%d", sp->ttfindex );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:1960:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf,"%.1f", (double) val);
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:1971:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2049:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *name, ubuf[50];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2285:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(ubuf+strlen(ubuf),"#%d", ap->lig_index);
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2648:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:2822:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:3515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300], *title;
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:3567:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:3638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4011:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[buffersz+1];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4047:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d%%", (int) (100*tab->scale));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4049:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%.3g%%", (double) (100*tab->scale));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4053:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char layername[layernamesz+1];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4077:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat( buffer, "Interpolate" );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4151:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%.1f", sqrt(xdiff*xdiff+ydiff*ydiff));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4155:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d\302\260", (int) rint(180*atan2(ydiff,xdiff)/FF_PI));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:4633:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:5782:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:5798:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40], *pt;
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:7060:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20], *end;
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:7064:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",cv->hvoffset );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:8929:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ret[4097];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:9557:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ref->transform,t,sizeof(t));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:10149:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newspiros,sel->spiros+which,(sel->spiro_cnt-1-which)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:10150:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newspiros+(sel->spiro_cnt-1-which),sel->spiros,which*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:10151:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newspiros+sel->spiro_cnt-1,sel->spiros+sel->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:10690:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:12081:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:12208:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    mit[0].ti.text = (unichar_t *) copy( (char *) mit[0].ti.text );
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:12367:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mml,mvlist,sizeof(mvlist));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:12443:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mml,mmlist,sizeof(mmlist));
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:12883:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[300];
data/fontforge-20201107~dfsg/fontforgeexe/charview.c:13125:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	mblist_nomm[i].ti.text = (unichar_t *) _((char *) mblist_nomm[i].ti.text);
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:88:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			strcpy(pt," ⇐ "); pt += strlen(pt);
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[140];
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:528:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d ", kern->newoff);
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:530:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d,%d ", kern->newoff, kern->newyoff );
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:957:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			kernmenu[i].ti.text = (unichar_t *) _((char *) kernmenu[i].ti.text);
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:960:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			acmenu[i].ti.text = (unichar_t *) _((char *) acmenu[i].ti.text);
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:990:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%.20s %d U+%04x",
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:995:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buffer+strlen(buffer)-4, "????");
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:996:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer+strlen(buffer), " + %.20s %d U+%04x",
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:1001:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buffer+strlen(buffer)-4, "????");
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:1036:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:1039:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "total kern pairs=%d\nchars starting kerns=%d",
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:1042:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "total anchored pairs=%d\nbase char cnt=%d",
data/fontforge-20201107~dfsg/fontforgeexe/combinations.c:1157:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    sortby[i].text = (unichar_t *) _((char *) sortby[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:220:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d ", classes[i]);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:231:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%d ", classes[i]);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:252:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d ", classes[i]);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:262:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%d ", classes[i]);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:290:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:294:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf," %d \"\",", r->lookups[i].seq );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:420:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *classruleitem(struct fpst_rule *r,struct matrix_data **classes, int clen[3], int cols) {
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:432:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, "%d ", c);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:446:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%d ", c);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:458:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%d ", c);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:471:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( pt, "%d ", c);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:481:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void classruleitem2rule(SplineFont *sf,const char *ruletext,struct fpst_rule *r,
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:666:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:927:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:933:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, " %d ", r );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1853:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[40], *end, *pt;
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1865:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,"%d",r );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1873:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer,"%d",r );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1895:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], *end;
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1900:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer,"%d",i-1);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1911:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:1915:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", r );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2011:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *titles[2][5] = {
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2052:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addlookup_list+1,lookup_list,(i+1)*sizeof(GTextInfo));
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2054:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addrmlookup_list+2,lookup_list,(i+1)*sizeof(GTextInfo));
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2070:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	section[0].text = (unichar_t *) S_( (char *) section[0].text);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2071:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	section[1].text = (unichar_t *) S_( (char *) section[1].text);
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2398:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    GDrawGetText8Width(ccd->glyphs_simple,(char *)extrabuttonslab[i].text,-1))+50;
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2835:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buffer[12];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:2836:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"%d",j );
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:3012:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buffer[12];
data/fontforge-20201107~dfsg/fontforgeexe/contextchain.c:3013:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buffer,"%d",j );
data/fontforge-20201107~dfsg/fontforgeexe/cvaddpoints.c:336:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ss->spiros+ss->spiro_cnt-1,
data/fontforge-20201107~dfsg/fontforgeexe/cvaddpoints.c:692:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(activess->spiros+activess->spiro_cnt-1,
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:169:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, " rp0: %d", exc->GS.rp0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:171:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, " rp1: %d", exc->GS.rp1 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:173:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, " rp2: %d", exc->GS.rp2 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:175:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "loop: %ld", exc->GS.loop );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:187:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "MinDist: %.2f", exc->GS.minimum_distance/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:189:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "CvtCutin: %.2f", exc->GS.control_value_cutin/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:191:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "SingWidCut: %.2f", exc->GS.single_width_cutin/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:193:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "SingWidVal: %.2f", exc->GS.single_width_value/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:197:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "freeVec: %g,%g", (((int)exc->GS.freeVector.x<<16)>>(16+14)) + ((exc->GS.freeVector.x&0x3fff)/16384.0),
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:200:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "projVec: %g,%g", (((int)exc->GS.projVector.x<<16)>>(16+14)) + ((exc->GS.projVector.x&0x3fff)/16384.0),
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:203:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "dualVec: %g,%g", (((int)exc->GS.dualVector.x<<16)>>(16+14)) + ((exc->GS.dualVector.x&0x3fff)/16384.0),
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:210:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "DeltaBase: %d", exc->GS.delta_base );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:212:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "DeltaShift: %d", exc->GS.delta_shift );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:225:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "SRndPeriod: %.2f", exc->period/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:227:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "SRndPhase: %.2f", exc->phase/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:229:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "SRndThreshold: %.2f", exc->threshold/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:231:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "InstrControl: %d", exc->GS.instruct_control );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:235:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "ScanType: %d", exc->GS.scan_type );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:241:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "Pixels/Em: %d", PPEMY(exc) );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:247:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:257:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "%3d: %3ld (%.2f)", i, exc->stack[i], exc->stack[i]/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:281:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("%3d: <uninitialized>"), i );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:283:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer, "%3d: %3ld (%.2f)", i, exc->storage[i], exc->storage[i]/64.0 );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:297:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:309:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "%3d: %3ld (%.2f)", dv->cvt_offtop+i,
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:357:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:400:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, "   : I   %.2f,%.2f",
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:403:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, "   : I   %g,%g",
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:406:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, "   : I   %g,%g", (double) me.x , (double) me.y );
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:422:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer, "%3d: %c%c%c %.2f,%.2f", i,
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:427:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer, "%3d: %c%c%c %d,%d", i,
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:431:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer, "%3d: %c%c%c %g,%g", i,
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:915:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		popupwindowlist[i].ti.text = (unichar_t *) _((char *) popupwindowlist[i].ti.text);
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:2256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cspace[210];
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:2325:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(cspace, "\nRaster On");
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:2327:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(cspace, "\nRaster Off");
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:2347:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(cspace, "\nOld Raster On");
data/fontforge-20201107~dfsg/fontforgeexe/cvdebug.c:2349:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(cspace, "\nOld Raster Off");
data/fontforge-20201107~dfsg/fontforgeexe/cvdgloss.c:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c:453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *rcb[3], *temp;
data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c:632:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100]; unichar_t ubuf[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c:641:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    formats[i].text= (unichar_t *) _((char *) formats[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/cvexportdlg.c:660:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		cur_formats[cnt].text = (unichar_t *) copy( (char *) formats[cnt].text );
data/fontforge-20201107~dfsg/fontforgeexe/cvfreehand.c:754:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *foo = fopen("mousemove","r");
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:170:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:171:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer,"%g",(double) (inbase.x-inref.x));
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:173:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer,"%g",(double) (inbase.y-inref.y));
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:287:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tbuf[6][40], bbbuf[4][40];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:333:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char basebuf[20], refbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ubuf[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:376:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( ubuf, " Unicode: U+%04x", ref->sc->unicodeenc );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:399:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(tbuf[i],"%g", (double) ref->transform[i]);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:464:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(basebuf,"%d", ref->match_pt_base);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:487:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(refbuf,"%d", ref->match_pt_ref);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:556:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(bbbuf[i],"%g", (double) ((&ref->bb.minx)[i]));
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:657:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char posbuf[100], scalebuf[100], sizebuf[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:682:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( posbuf, _("Image at:      (%.0f,%.0f)"), (double) img->xoff,
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:692:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( scalebuf, _("Scaled by:    (%.2f,%.2f)"), (double) img->xscale, (double) img->yscale );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:701:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sizebuf, _("Image Size:  %d x %d  pixels"), (int) base->width, (int) base->height );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:886:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[12];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:888:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer,"%d", ap->lig_index );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:930:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(val,"%g",(double) ap->me.x);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:933:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(val,"%g",(double) ap->me.y);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:936:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(val,"%d",ap->type==at_baselig?ap->lig_index:0);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:943:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(val,"%d",ap->ttf_pt_index);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:993:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    static char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1158:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1160:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%d", max+1);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1291:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1292:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer,"%g",(double) here.x);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1294:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer,"%g",(double) here.y);
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1904:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%e", (double) v );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1906:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%f", (double) v );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1908:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%.5f", (double) v );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:1928:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[51];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2038:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, _("Curvature: %g"), kappa*emsize );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2040:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( buffer, _("Curvature: ?"));
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2043:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, _("Curvature: %g"), kappa2*emsize );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2048:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "∆: %g", (kappa-kappa2)*emsize );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2050:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy( buffer, "∆: ?");
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2639:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "H<%g,%g>",
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2642:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "H<%g,%g>",
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2653:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "V<%g,%g>",
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2656:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "V<%g,%g>",
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:2736:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( gi->gcd, gcd, gcdcount*sizeof(GGadgetCreateData) );
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:3321:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy( gi->gcd, gcd, gcdcount*sizeof(GGadgetCreateData) ); // This copies pointers, but only to static things.
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:3354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:3815:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:3887:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ubuf[200];
data/fontforge-20201107~dfsg/fontforgeexe/cvgetinfo.c:3890:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvgridfit.c:214:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], buffer2[20], buffer3[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvgridfit.c:274:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer2, "%d", gridfit_dpi );
data/fontforge-20201107~dfsg/fontforgeexe/cvgridfit.c:298:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", gridfit_pointsizey );
data/fontforge-20201107~dfsg/fontforgeexe/cvgridfit.c:323:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer3, "%g", gridfit_x_sameas_y ? gridfit_pointsizey : gridfit_pointsizex);
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20]; unichar_t ubuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:99:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer,"%d/%d", pos, cnt );
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:117:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%g", (double) (!hd->active->ghost ? hd->active->start : hd->active->start+hd->active->width) );
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:121:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%g", (double) (!hd->active->ghost ? hd->active->width : -hd->active->width) );
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:748:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20]; unichar_t ubuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:782:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", (double) (ishstem ? cv->p.cy : cv->p.cx) );
data/fontforge-20201107~dfsg/fontforgeexe/cvhints.c:879:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", (double) (ishstem ? cv->p.cy : cv->p.cx) );
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:50:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *ps = fopen(path,"r");
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:59:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *pdf = fopen(path,"r");
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:68:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *plate = fopen(path,"r");
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char accbuf[20], jlbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:384:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( jlbuf, "%g", (double) (ip->default_joinlimit) );
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:407:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( accbuf, "%g", (double) (ip->accuracy_target) );
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:750:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    formats[i].text = (unichar_t *) _((char *) formats[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:752:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    fvformats[i].text = (unichar_t *) _((char *) fvformats[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/cvimportdlg.c:769:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		cur_formats[cnt].text = (unichar_t *) copy( (char *) base[cnt].text );
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:121:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros,spl->spiros+spiro_index,(spl->spiro_cnt-1-spiro_index)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:122:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+(spl->spiro_cnt-1-spiro_index),spl->spiros,spiro_index*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:123:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+spl->spiro_cnt-1,newspiros,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:124:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+spl->spiro_cnt,spl->spiros+spl->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:135:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+1,spl->spiros+spiro_index+1,(spl->spiro_cnt-1-(spiro_index+1))*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:136:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+1+(spl->spiro_cnt-1-(spiro_index+1)),spl->spiros,(spiro_index+1)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:137:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+spl->spiro_cnt,newspiros,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:138:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(newspiros+spl->spiro_cnt+1,spl->spiros+spl->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:159:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(spl2->spiros,spl->spiros+spiro_index,(spl->spiro_cnt-spiro_index)*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:161:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(spl->spiros+spiro_index+1,spl->spiros+spl->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:168:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(spl2->spiros+1,spl->spiros+spiro_index+1,(spl->spiro_cnt-(spiro_index+1))*sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:172:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(spl->spiros+spiro_index+1,spl2->spiros,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvknife.c:174:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(spl->spiros+spiro_index+2,spl->spiros+spl->spiro_cnt-1,sizeof(spiro_cp));
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cenx[20], ceny[20], radx[20], rady[20], angle[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:579:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", *val );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:625:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%4g", star_percent*100 );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:689:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( cenx, "%g", (double) cv->info.x );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:699:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( ceny, "%g", (double) cv->info.y );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:717:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( radx, "%g", (double) raddiam_x );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:727:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( rady, "%g", (double) raddiam_y );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:744:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( angle, "%g", (double) rotate_by );
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:1162:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(spirotools,tools,sizeof(tools));
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:1710:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char layername[layernamesz+1];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:1747:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2411:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char namebuf[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2598:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2626:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvpalettes.c:2910:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvpointer.c:1619:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:64:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf,_("No Curvature"));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:68:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,_(" Curvature: %g"), kappa*emsize);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:70:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,_(" Curvature: %g  Radius: %g"), kappa*emsize, 1.0/kappa );
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[80];
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:95:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%f,%f", (double) cv->info.x, (double) cv->info.y);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:97:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%f %.0f° (%f,%f)", (double) len,
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:129:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buf, _("Normal Distance: %.2f Along Spline: %.2f"),
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:137:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%.2f,%.2f", (double) (cv->info.x/scalex), (double) (cv->info.y/scaley));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:141:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, _("Near (%f,%f)"),
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:145:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, _("Near (%f,%f)"),(double) cv->p.sp->me.x,(double) cv->p.sp->me.y );
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:175:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, _("Spline Length=%.1f"), len);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:177:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buf, _("Spline Length=%g"), len);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:186:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf,_("No Next Control Point"));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:188:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf,_("Next CP: (%f,%f)"), (double) cv->p.sp->nextcp.x, (double) cv->p.sp->nextcp.y);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:204:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf,_("No Previous Control Point"));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:206:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf,_("Prev CP: (%f,%f)"), (double) cv->p.sp->prevcp.x, (double) cv->p.sp->prevcp.y);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:226:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(buf,_("No Previous Control Point"));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:228:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf,_("Prev CP: (%f,%f)"), (double) cv->p.sp->prevcp.x, (double) cv->p.sp->prevcp.y);
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[80];
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:274:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(buf, _(" snapped"));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:286:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(buf, _(" snapped"));
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:815:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:980:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvruler.c:1016:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[40];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:639:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char anglebuf[20], ecbuf[20], jlbuf[20], accbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:640:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char widthbuf[20], axisbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:766:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( widthbuf, "%g", (double) (si->width) );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:790:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( axisbuf, "%g", (double) (si->height) );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:817:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( anglebuf, "%g", (double) (si->penangle*180/FF_PI) );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:988:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( jlbuf, "%g", (double) (si->joinlimit) );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:1027:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( accbuf, "%g", (double) (si->accuracy_target) );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:1051:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( ecbuf, "%g", (double) (si->extendcap) );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2094:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[50];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2106:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", (double) height );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2122:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[50];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2134:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", (double) width );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2148:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[50];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2167:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", skew );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2169:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", rot );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2171:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", trans[4] );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2173:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%g", trans[5] );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[340];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2203:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "[%g %g %g %g %g %g]", c, s, t*c-s, t*s+c, x, y );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char width[50], height[50], transform[340];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2302:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(transform,"[1 0 0 1 0 0]");
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2307:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( width, "%g", (double) active->width );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2308:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( height, "%g", (double) active->height );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2309:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( transform, "[%g %g %g %g %g %g]",
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2738:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[12];
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2750:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf,"#%06x", val );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2784:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char widthbuf[20], fcol[12], scol[12], fopac[30], sopac[30], transbuf[150],
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2836:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( fcol, "#%06x", layer->fill_brush.col );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:2879:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( fopac, "%g", layer->fill_brush.opacity );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:3031:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( scol, "#%06x", layer->stroke_pen.brush.col );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:3075:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( sopac, "%g", layer->stroke_pen.brush.opacity );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:3210:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( widthbuf, "%g", layer->stroke_pen.width );
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:3250:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( pt, "%d ", layer->stroke_pen.dashes[i]);
data/fontforge-20201107~dfsg/fontforgeexe/cvstroke.c:3294:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( transbuf, "[%.4g %.4g %.4g %.4g]", (double) layer->stroke_pen.trans[0],
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:177:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dpi_buffer[40], within_buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:280:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( dpi_buffer, "%d", delta_dpi );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:314:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( within_buffer, "%g", delta_within );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:473:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( !parent->open )
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:519:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( parent->kids[k].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:540:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( where->parent->open && where->offset==-1 ) {
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:620:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:638:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("Size: %d (%d)"), size, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:650:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, _("Size: %d (%d)"), size, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:672:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("Point: %d (%d)"), pt, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:684:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, _("Point: %d (%d)"), pt, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:707:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "\"%.40s\" (%d)", sc->name, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:719:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "\"%.40s\" (%d)", sc->name, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:731:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:761:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "\"%.40s\" (%d)", sc->name, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:773:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "\"%.40s\" (%d)", sc->name, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:794:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("Size: %d (%d)"), size, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:806:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, _("Size: %d (%d)"), size, l-lstart );
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:831:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:849:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ( !where.parent->open )
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:855:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, _("\"%.40s\" size=%d point=%d (%d,%d) distance=%g"),
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:875:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    where.parent->open = !where.parent->open;
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:973:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            sorts[i].text = (unichar_t *) _((char *) sorts[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/deltaui.c:975:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            glyphsorts[i].text = (unichar_t *) _((char *) glyphsorts[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:225:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[400];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:231:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    printcap = fopen("/etc/printcap","r");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:267:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10], pb[30];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:413:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pb,"US Letter");		/* Pick a name, this is the default case */
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:415:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pb,"US Letter");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:417:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pb,"US Legal");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:419:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pb,"A4");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:421:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pb,"A3");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:423:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(pb,"B4");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:425:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pb,"%dx%d mm", (int) (pi->pi.pagewidth*25.4/72),(int) (pi->pi.pageheight*25.4/72));
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:450:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",pi->pi.copies);
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:622:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[100];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:696:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		pi->pi.out = fopen(file,"wb");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:908:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:915:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",size);
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:983:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "<%d,%d>", tags[i]>>16, tags[i]&0xffff );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1048:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char size[12]; unichar_t usize[12];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1072:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( size, "%d", best->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1125:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char size[12]; unichar_t usize[12];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1126:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( size, "%d", best->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[100], *pt=buf, *end=buf+sizeof(buf)-10;
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1171:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( pt, "%d,", bdf->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1181:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buf, "%d", best->pixelsize);
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1264:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d", (int) rint( sample->inner.width*72/lastdpi ));
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1345:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char size[14]; unichar_t usize[14];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1353:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( size, "%g",
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1460:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1495:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer,_("Text Width:%4d"), (int) rint(li->xmax*72.0/lastdpi));
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[12], dpibuf[12], sizebuf[12], widthbuf[12], pathlen[32];
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1659:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", bestbdf->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1661:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf,"12");
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1854:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( dpibuf, "%d", dpi );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1891:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( widthbuf, "%d", width );
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:1982:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(sizebuf,"%d",active->pi.pointsize);
data/fontforge-20201107~dfsg/fontforgeexe/displayfonts.c:2080:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(pathlen, _("Path Length: %g"), PathLength(fit_to_path));
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], buffer2[20];
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:242:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", def_outline_width );
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:263:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer2, "%g", def_gap_width );
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:399:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], buffer2[20], buffer3[20];
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:434:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%g", def_outline_width );
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:452:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer2, "%g", def_shadow_len );
data/fontforge-20201107~dfsg/fontforgeexe/effectsui.c:470:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer3, "%g", def_sun_angle );
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:392:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(filename,".cidmap");
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:489:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    encodingtypes[i].text = (unichar_t *) S_((char *) encodingtypes[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:511:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    mi[i].ti.text = utf82u_copy((char *) (mi[i].ti.text));
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:551:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ti,encodingtypes,sizeof(encodingtypes)-sizeof(encodingtypes[0]));
data/fontforge-20201107~dfsg/fontforgeexe/encodingui.c:553:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	ti[i].text = (unichar_t *) copy((char *) ti[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1811:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) ttfnameids[i].text );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1825:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) mslanguages[i].text );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1830:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) mslanguages[i].text );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1892:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    if ( strcmp((char *) mi[i].ti.text,strings[j*cols+0].u.md_str)==0 ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:1965:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%g", dval );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2326:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20]; unichar_t ubuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2352:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", ascent ); if ( ascent==0 ) buf[0]='\0'; uc_strcpy(ubuf,buf);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2354:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", descent ); if ( descent==0 ) buf[0]='\0'; uc_strcpy(ubuf,buf);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2356:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", ascent+descent ); if ( ascent+descent==0 ) buf[0]='\0'; uc_strcpy(ubuf,buf);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2366:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[30]; unichar_t ubuf[30];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2367:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%.1f", val);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2744:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char versionbuf[40], *v;
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2759:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(versionbuf,_("Version %.20s"),
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2783:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
return( (char *) mslanguages[i].text );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2785:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%04X", lang );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[20], buf2[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2804:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[20], buf2[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2831:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[20], buf2[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2928:8:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
			    strcpy(strings[3*r+2].u.md_str,"odmiana ");
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:2954:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(strings[3*r+2].u.md_str,"odmiana ");
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100], buf2[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3178:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    lang, (char *) ttfnameids[k].text );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3270:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[1024], *bpt;
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3339:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(newtns,tns,rows*3*sizeof(struct matrix_data));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[20], buf2[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:3399:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[20], buf2[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4063:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char os2_vendor[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4104:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4133:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4220:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    if ( strcasecmp(os2v,(char *) os2versions[0].text )== 0 )
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4233:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    if ( strcmp(wc,(char *) widthclass[i].text)==0 ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4349:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4441:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sf->pfminfo.codepages,codepages,sizeof(codepages));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4446:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sf->pfminfo.unicoderanges,uranges,sizeof(uranges));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4491:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(sf->pfminfo.os2_vendor,os2_vendor,sizeof(os2_vendor));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4671:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf,"%g",rint( val-(ismax ? b.maxy : b.miny)) );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4673:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf,"%g",rint( val+(ismax ? b.maxy : b.miny)) );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4752:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4755:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_subxsize );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4759:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_subysize );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4763:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_subxoff );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4767:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_subyoff );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4772:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_supxsize );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4776:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_supysize );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4780:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_supxoff );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4784:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_supyoff );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4789:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_strikeysize );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4793:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info->os2_strikeypos );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4830:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[10]; unichar_t ubuf[10];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4868:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		(char *) weightclass[info.weight/100-1].text);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4870:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d", info.weight );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4883:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%d", d->sf->os2_version );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4926:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.linegap );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4929:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.vlinegap );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4932:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_typolinegap );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4938:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_winascent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4943:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_windescent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4949:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_typoascent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4954:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_typodescent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4958:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_capheight );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4961:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.os2_xheight );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4967:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.hhead_ascent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:4972:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", info.hhead_descent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char values[20][20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5103:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( values[i], "%g", d->texdata.params[i+7]*(double) (d->sf->ascent+d->sf->descent)/(double) (1<<20));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5199:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer,"%g", d->texdata.params[i]*(sf->ascent+sf->descent)/(double) (1<<20));
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5400:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ranges[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5411:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( ranges, "%08x.%08x.%08x.%08x", flags[3], flags[2], flags[1], flags[0]);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5426:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char ranges[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5428:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( ranges, "%08x.%08x.%08x.%08x",
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5464:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ranges[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5475:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( ranges, "%08x.%08x", flags[1], flags[0]);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5490:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char codepages[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5492:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( codepages, "%08x.%08x",
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5580:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5681:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5837:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5862:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5885:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:5906:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6025:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6072:45:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ( !lk->all[i].deleted && lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6194:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    } else if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6214:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6242:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(lkfirst->subtables+lkfirst->subtable_cnt,
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6262:73:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    for ( i=0; i<lk->cnt; ++i ) if ( !lk->all[i].deleted && lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6297:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    else if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6577:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ( !lk->all[i].open )
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6583:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6617:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char popup_msg[600];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6817:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6843:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	out = fopen(filename,"w");
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6918:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:6995:64:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                lookuppopupmenu[i].ti.text = (unichar_t *) _( (char *)lookuppopupmenu[i].ti.text);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7098:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( otherlk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7315:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7368:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		    lk->all[i].open = !lk->all[i].open;
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7411:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( lk->all[i].open ) {
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7531:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char iabuf[20], upbuf[20], uwbuf[20], asbuf[20], dsbuf[20],
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dszbuf[20], dsbbuf[20], dstbuf[21], sibuf[20], swbuf[20], sfntrbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ranges[40], codepages[40];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char woffmajorbuf[20], woffminorbuf[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[130];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7542:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char createtime[200], modtime[200];
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7678:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( vbuf,"%g", sf->cidversion );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7695:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sfntrbuf, "%g", sf->sfntRevision/65536.0 );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7851:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( uibuf, "%d", sf->uniqueid );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7885:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( asbuf, "%d", sf->ascent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7903:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( dsbuf, "%d", sf->descent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7921:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( embuf, "%d", sf->descent+sf->ascent );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7954:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( iabuf, "%g", (double) sf->italicangle );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:7988:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( upbuf, "%g", (double) sf->upos );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:8005:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( uwbuf, "%g", (double) sf->uwidth );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:8185:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( swbuf,"%g", (double) sf->strokewidth );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:9368:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( ranges, "%08x.%08x.%08x.%08x",
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:9422:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( codepages, "%08x.%08x",
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:9858:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( woffmajorbuf, "%d", sf->woffMajor );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:9859:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( woffminorbuf, "%d", sf->woffMinor );
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10022:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dszbuf, "%.1f", sf->design_size/10.0);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10062:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dsbbuf, "%.1f", sf->design_range_bottom/10.0);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10081:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dstbuf, "%.1f", sf->design_range_top/10.0);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10100:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(sibuf, "%d", sf->fontstyle_id);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10476:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    if(!tm) strcpy(createtime, "error");
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10495:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    if(!tm) strcpy(modtime, "error");
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10947:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    needswork[j][i].text = (unichar_t *) S_((char *) needswork[j][i].text);
data/fontforge-20201107~dfsg/fontforgeexe/fontinfo.c:10959:65:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    needswork3[j].ci[i].enum_vals[k].text = (unichar_t *) S_((char *) needswork3[j].ci[i].enum_vals[k].text);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:76:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *RecentFiles[RECENT_MAX] = { NULL };
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:79:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *script_filenames[SCRIPT_MENU_MAX];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:547:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:644:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(temp,"CID");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:648:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(temp,"Var");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:650:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(temp,"MM");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:700:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat( newpath, ".sfd" );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1161:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40], *end, *ret;
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1261:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", fv->b.sf->extrema_bound<=0 ?
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1821:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[8];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1826:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    if ( strcmp((char *) scripts[i].text,txt)==0 )
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:1886:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tagbuf[4];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char def[20], *end, *ret;
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3353:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( def, "%d", magnify );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3648:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf2[256];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3659:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(filename,"r");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3774:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:3842:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer,"%d",cidmaster->supplement);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4801:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4852:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4863:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(temp,"w");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4878:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4882:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4908:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    old = fopen( temp,"r");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4928:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    new = fopen( buffer,"w");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4969:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[33];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:4981:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( temp,"r");
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[50];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5171:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    for ( i=0; vwlist[i].ti.text==NULL || strcmp((char *) vwlist[i].ti.text, _("Bitmap _Magnification..."))!=0; ++i );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5184:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("%d pixel bitmap"), bdf->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5186:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("%d@%d pixel bitmap"),
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5460:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mml,mmlist,sizeof(mmlist));
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5690:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( feat_sc->name,"uni%04X", uni );
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5805:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    unichar_t buf[60]; char cbuf[8];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5806:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char utf8_buf[8];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5835:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(cbuf,"%04x",sc->unicodeenc);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5843:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(cbuf,"%02x",index);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:5845:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(cbuf,"%04x",index);
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:7298:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1025];
data/fontforge-20201107~dfsg/fontforgeexe/fontview.c:7417:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(fv->b.selected,fvorig->b.selected,fv->b.map->enccount);
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:170:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80];
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:195:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, _("Font to merge into %.20s"), fv->b.sf->fontname );
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80]; char buf2[30];
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:332:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80]; char buf2[30];
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:350:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, _("Interpolating between %.20s and:"), fv->b.sf->fontname );
data/fontforge-20201107~dfsg/fontforgeexe/fvfontsdlg.c:372:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf2, "%g", last_amount );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *yesno[3];
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:301:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", bc->width );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:303:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", fv->show->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:307:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d", bb.minx );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:309:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d", bc->width-bb.maxx-1 );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:311:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d", (int) rint( (bc->width-bb.maxx-1 + bb.minx)/2 ));
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:319:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", sc->width );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:321:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", sc->vwidth );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:325:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%.4g", (double) bb.minx );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:327:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%.4g", sc->width-(double) bb.maxx );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:329:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%.4g", rint( (sc->width-(double) bb.maxx + (double) bb.minx)/2 ) );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[12];
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:339:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",wtype==wt_width?6*em/10:wtype==wt_vwidth?em: em/10 );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:346:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer,"%d",wtype==wt_width?6*size/10:wtype==wt_vwidth?size: size/10 );
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:356:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/fontforge-20201107~dfsg/fontforgeexe/fvmetricsdlg.c:364:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10];
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:94:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ( !group->open )
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:119:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( group->open && group->kids ) {
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:146:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    while ( group->open ) {
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:164:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ( group->open ) {
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:245:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ( !group->open )
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:274:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	group->open = !group->open;
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:452:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    current->open = !current->open;
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:499:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ( !current->open ) {
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:500:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		current->open = !current->open;
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:924:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:967:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf( buffer, "U+%04X-U+%04X ", start, last );
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:969:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
				sprintf( buffer, "U+%04X ", start );
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:979:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( buffer, "U+%04X-U+%04X ", start, last );
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:981:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( buffer, "U+%04X ", start );
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:1026:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[40]; unichar_t ubuf[40];
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:1027:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer," color=#%06x", xcol );
data/fontforge-20201107~dfsg/fontforgeexe/groupsdlg.c:1301:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	std_colors[kk].text = (unichar_t *) S_((char *) std_colors[kk].text);
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:111:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(h+low-(bottom-10+1),hist->hist,(high+1-low)*sizeof(struct hentry));
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:134:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(h,hist->hist + hist->low-low,(hist->high-hist->low+1)*sizeof(struct hentry));
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:198:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(h,hist->hist + hist->low-low,(hist->high-hist->low+1)*sizeof(struct hentry));
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:278:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[300];
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:314:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(pt,"...");
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:421:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:449:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",hist->hoff);
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:451:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",hist->hoff+hist->hwidth/hist->barwidth);
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:466:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",hist->h->max);
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:481:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",hist->h->max);
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:741:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char binsize[20], barwidth[20], *primary, *secondary;
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:854:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(binsize,"%d", hist.sum_around);
data/fontforge-20201107~dfsg/fontforgeexe/histograms.c:872:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(barwidth,"%d", hist.barwidth);
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:343:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		for ( j=0; (temp=(char *) (lookup_ci[0].enum_vals[j].text))!=NULL; ++j )
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:380:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(ret,", ");
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:519:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char foo[8];
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:529:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char foo[4];
data/fontforge-20201107~dfsg/fontforgeexe/justifydlg.c:561:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(pt,", ");
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:231:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *space[1], **lefts, **rights, **others;
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:493:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buf, "%d", kcd->orig_kern);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:518:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%d", nkern);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:549:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buf, "%d", kcd->orig_kern);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:572:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%d", nkern);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:749:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unichar_t ubuf[20]; char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:754:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", kcd->active_adjust.corrections[
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:835:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:836:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", kcd->orig_kern_offset );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:844:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(kcd->active_adjust.corrections,kcd->orig_adjust.corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:905:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:909:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", i+kcd->active_adjust.first_pixel_size);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:917:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", kcd->active_adjust.corrections[
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:976:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:990:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(kcd->active_adjust.corrections,kp->adjust->corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:993:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(kcd->orig_adjust.corrections,kp->adjust->corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1014:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%d", offset);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1098:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[12];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1125:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf, "%d", kcd->offsets[kcd->st_pos]);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1134:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(kcd->active_adjust.corrections,kcd->adjusts[kcd->st_pos].corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1136:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(kcd->orig_adjust.corrections,kcd->adjusts[kcd->st_pos].corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1442:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char space[200];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1468:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( space, _("First Class %d\n"), s );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1480:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( space+len, _("Second Class %d\n"), c );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1518:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf,_("{All}") );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1571:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:1665:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "%d", kcd->offsets[(i+kcd->offtop)*kcd->second_cnt+j+kcd->offleft] );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2065:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2167:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(new+i*(kcd->second_cnt+1),kcd->offsets+i*kcd->second_cnt,
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2178:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(new+i*(kcd->second_cnt+1),kcd->adjusts+i*kcd->second_cnt,
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2198:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(new+i*(kcd->second_cnt+1),kcd->offsets_flags+i*kcd->second_cnt,
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2588:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", kcd->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2786:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char titlebuf[300];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2788:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sepbuf[40], mkbuf[40];
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2810:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kcd->offsets,kc->offsets,kc->first_cnt*kc->second_cnt*sizeof(int16));
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2812:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(kcd->adjusts,kc->adjusts,kc->first_cnt*kc->second_cnt*sizeof(DeviceTable));
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2817:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(kcd->adjusts[i].corrections,kc->adjusts[i].corrections,len);
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2836:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(kcd->firsts_flags,kc->firsts_flags,kc->first_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2840:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(kcd->seconds_flags,kc->seconds_flags,kc->second_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2844:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(kcd->offsets_flags,kc->offsets_flags,kc->first_cnt*kc->second_cnt*sizeof(int));
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2936:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sepbuf, "%d", kc->subtable->separation );
data/fontforge-20201107~dfsg/fontforgeexe/kernclass.c:2960:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( mkbuf, "%d", kc->subtable->minkern );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:989:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		needswork[j][i].text = (unichar_t *) S_((char *) needswork[j][i].text);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1053:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tagstr[4], warnstr[8];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1084:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(warnstr,tagstr,4);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1262:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char foo[4];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1475:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char foo[4];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1613:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buf+bpos, "%c%c%c%c{", scripts[i]>>24, scripts[i]>>16, scripts[i]>>8, scripts[i] );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1616:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf+bpos, "%c%c%c%c,", langs[l]>>24, langs[l]>>16, langs[l]>>8, langs[l] );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1621:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf+bpos,"} ");
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1637:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char featbuf[32], *buf=NULL;
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1650:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( featbuf, "<%d,%d>", fl->featuretag>>16, fl->featuretag&0xffff );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1652:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( featbuf, "%c%c%c%c", fl->featuretag>>24, fl->featuretag>>16,
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1659:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf( buf+bpos, "%c%c%c%c{", sl->script>>24, sl->script>>16,
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1664:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf( buf+bpos, "%c%c%c%c,", tag>>24, tag>>16,
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:1770:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[128];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:2405:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:2532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:3434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:3460:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%d", pstkd->orig_value + diff);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:3469:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, "%d", pstkd->orig_value + diff);
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:3531:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(md,old,rows*cols*sizeof(struct matrix_data));
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:3876:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(psts+(j-1)*cols,psts+j*cols,
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:4234:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[3];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:4776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[300];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:4783:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sepbuf[40], mkbuf[40];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5024:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sepbuf, "%d", sub->separation );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5048:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( mkbuf, "%d", sub->minkern );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5671:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mkbuf[10];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5677:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(mkbuf,"%d",15*(kf->sf->ascent+kf->sf->descent)/1000 );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5802:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sepbuf[40], mkbuf[40], distancebuf[40];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5921:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( distancebuf, "%g", (sf->ascent+sf->descent)/100. );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5952:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( sepbuf, "%d", sub->separation );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:5976:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( mkbuf, "%d", sub->minkern );
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6142:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *buts[5];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6228:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tag[4];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6310:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char tag[4];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6359:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tag[8];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[8];
data/fontforge-20201107~dfsg/fontforgeexe/lookupui.c:6406:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    ti[i].text = (unichar_t *) copy( (char *) scripts[j].text );
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:213:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    maclanguages[i].text = (unichar_t *) S_( (char *) maclanguages[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:260:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *lang = (char *) maclanguages[j].text;
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:283:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:290:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"%3d ", ms->setting);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:311:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:318:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"%3d ", mf->feature);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:707:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:756:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%3d ", val1);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:799:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:832:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf, "%d", changing->setting );
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:1005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:1058:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,"%3d ", val1);
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:1100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/macencui.c:1133:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buf, "%d", changing->feature );
data/fontforge-20201107~dfsg/fontforgeexe/math.c:196:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    tis[j][i].text = (unichar_t *) _((char *) tis[j][i].text);
data/fontforge-20201107~dfsg/fontforgeexe/math.c:272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80], *str;
data/fontforge-20201107~dfsg/fontforgeexe/math.c:278:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, ":%d:%d:%d:%d ", gv->parts[i].is_extender,
data/fontforge-20201107~dfsg/fontforgeexe/math.c:288:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, ":%d:%d:%d:%d ", gv->parts[i].is_extender,
data/fontforge-20201107~dfsg/fontforgeexe/math.c:358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/math.c:370:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( buffer, "%d", *pos );
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:558:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:592:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buf, "<%d,%d>", tags[i]>>16, tags[i]&0xffff );
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:748:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[40];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:763:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%d",mv->vertical ? sc->vwidth : sc->width);
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:766:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%.2f",mv->vertical ? sc->parent->ascent-(double) bb.maxy : (double) bb.minx);
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:777:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf,"%.2f",(double) (mv->vertical ? sc->vwidth-(sc->parent->ascent-bb.miny) : sc->width-bb.maxx));
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:797:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,"%d",kern_offset);
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:961:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:988:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(buf+4,"{dflt}");
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:1303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *yesno[3];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:1892:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mv->chars,scs,(len+1)*sizeof(SplineChar *));
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:2031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], *pt, *start;
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:2085:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    GGadgetSetTitle8(mv->text,(char *) (words[0]->text));
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:2439:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:2856:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char *buts[4];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:3261:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20], dbuffer[20];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:3293:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( buffer, "%d", (int) rint( mv->ptsize/iscale ));
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:3310:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf( dbuffer, "%d", mv->dpi );
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:3973:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[60];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:4034:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("%d pixel bitmap"), bdf->pixelsize );
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:4036:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf( buffer, _("%d@%d pixel bitmap"),
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:4255:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buf[100];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5098:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sbuf[8], lbuf[8];
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5112:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		sname = (char *) (scripts[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5128:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    lname = (char *) (languages[i].text);
data/fontforge-20201107~dfsg/fontforgeexe/metricsview.c:5176:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	mv_text_init[2].text = (unichar_t *) _((char *) mv_text_init[2].text);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *standard_cdvs[5] = {
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:88:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *cdv_4axis[3] = {
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *temp, dv[101];
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:122:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(dv+len, "%g ", (double) designs[j]);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[80], *pt;
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:201:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf( pt,"%g ", (double) MMAxisUnmap(mm,i,axiscoords[i]));
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:327:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(cur->data,tab->data,tab->len);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:383:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[24];
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:391:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf( buffer, "%.4g", (double) mmcb->mm->named_instances[which].coords[i]);
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:537:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *axisnames[4], char axisval[4][24],
data/fontforge-20201107~dfsg/fontforgeexe/mmdlg.c:537:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that