Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c Examining data/foomatic-db-engine-4.0.13/foomatic-perl-data.c FINAL RESULTS: data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:100:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(data, buffer); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:812:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(currevid, s + 4); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:827:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cdriver, s); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:842:27: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cprinter, s); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:892:24: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (!inautodetect) strcat(make, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:897:24: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (!inautodetect) strcat(model, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:926:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cid, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:954:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cppd, s); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1073:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(userdefaultvalue, s); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1120:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(userdefaultid, currevid); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1184:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cprinter, currtagbody + 8); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1186:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cprinter, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1192:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (inconstraint) strcat(cmake, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1196:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (inconstraint) strcat(cmodel, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1200:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (inconstraint) strcat(cdriver, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1204:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (inconstraint) strcat(cargdefault, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1323:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argdefault, cargdefault); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1427:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argdefault, userdefaultid); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1434:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(argdefault, userdefaultvalue); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1437:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(defaultline, data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1485:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cprinter, currtagbody + 8); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1486:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cprinter, translateid(cprinter, idlist)); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1529:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(plistpointer->id, cprinter); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1547:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dlistpointer->name, cdriver); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1594:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dlistpointer->name, cdriver); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1633:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!inautodetect) strcpy(cmake, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1638:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (!inautodetect) strcpy(cmodel, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1642:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cfunctionality, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1711:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(plistpointer->id, cprinter); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1731:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dlistpointer->name, cid); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1806:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppdlistpointer->driver, cid); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1807:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppdlistpointer->ppd, cppd); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1822:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). } else strcpy(cdriver, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1826:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cid, currtagbody); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1837:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cppd, s); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1973:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cprinter, translateid(cprinter, idlist)); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1975:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cprinter); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1977:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cmake); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1979:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cmodel); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1981:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cfunctionality); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1985:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cfunctionality); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1990:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cdriver); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1995:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), cautodetectentry); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2010:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), dlistpointer->name); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2025:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), dlistpointer->name); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2027:8: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), dlistpointer->functionality); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2064:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), ppdlistpointer->driver); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2066:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat((char *)(*data), ppdlistpointer->ppd); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2231:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(oldidfilename, "%s/db/oldprinterids", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2262:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(printerfilename, "%s/db/source/printer/%s.xml", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2264:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(driverfilename, "%s/db/source/driver/%s.xml", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2266:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(optiondirname, "%s/db/source/opt", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2276:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(printerfilename, "%s/db/source/printer/%s.xml", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2300:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *)printerbuffer, "<printer id=\"printer/%s\">\n <make>%s</make>\n <model>%s</model>\n <mechanism>\n <color />\n </mechanism>\n <noxmlentry />\n</printer>\n", pid, make, model); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2325:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *)driverbuffer, "<driver id=\"driver/%s\">\n <name>%s</name>\n <url></url>\n <execution>\n <filter />\n <prototype></prototype>\n </execution>\n <printers>\n <printer>\n <id>printer/%s</id>\n </printer>\n </printers>\n</driver>", driver, driver, pid); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2357:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(optionfilename, "%s/db/source/opt/%s", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2410:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(driverdirname, "%s/db/source/driver", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2412:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(printerdirname, "%s/db/source/printer", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2449:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(driverfilename, "%s/db/source/driver/%s", data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2504:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(printerfilename, "%s/db/source/printer/%s", data/foomatic-db-engine-4.0.13/foomatic-perl-data.c:71:18: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define DEBUG(x) printf(x) data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; /* Name of driver */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:54:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[128]; /* ID of printer */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:61:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driver[128]; /* ID of driver */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ppd[1024]; /* ID of PPD URL */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[blocksize + 1];/* data block currently read */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:88:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inputfile = fopen(filename, "r"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currtagname[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:308:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currtagparam[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:309:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currtagbody[65536]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userdefaultvalue[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char userdefaultid[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:314:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currevid[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:318:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cprinter[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:319:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmake[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmodel[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:321:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cdriver[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cid[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:323:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cppd[1024]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cfunctionality[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cautodetectentry[4096]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cargdefault[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:328:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argdefault[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:329:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defaultline[256]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printerentry[1024*1024]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:331:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dfunctionalityentry[10240]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:345:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char make[256]; /* Printer make/model read from printer */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:346:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char model[256]; /* XML file needed by constraints in */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:923:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (cppd[0]) strcpy(cid, "Postscript"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:994:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(printerentry,"\n <printers>\n "); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:999:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(printerentry,"\n </printers>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1042:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. s = (char *)(defaultsettings[k] + data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1974:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <printer>\n <id>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1976:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</id>\n <make>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1978:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</make>\n <model>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1980:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</model>\n <functionality>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1982:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</functionality>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1984:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <unverified>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1986:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</unverified>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1989:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <driver>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1991:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</driver>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1994:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " "); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2005:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "\n <drivers>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2009:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <driver>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2011:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</driver>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2015:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " </drivers>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2017:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <driverfunctionalityexceptions>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2022:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2024:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <driver>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2026:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</driver>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2028:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2033:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " </driverfunctionalityexceptions>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2053:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <ppds>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2062:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <ppd>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2063:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " <driver>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2065:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</driver>\n <ppdfile>"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2067:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), "</ppdfile>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2068:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " </ppd>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2071:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " </ppds>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2073:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat((char *)(*data), " </printer>\n"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2095:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printerfilename[1024];/* Name of printer's XML file */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printerdirname[1024]; /* Name of the directory with the XML data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2098:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driverfilename[1024]; /* Name of driver's XML file */ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2099:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char driverdirname[1024]; /* Name of the directory with the XML data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optionfilename[1024]; /* Name of current option XML file*/ data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optiondirname[1024]; /* Name of the directory with the XML data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2104:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldidfilename[1024]; /* Name of the file with the data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2430:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(plistpointer->id, "proto"); data/foomatic-db-engine-4.0.13/foomatic-perl-data.c:3390:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chars[1024]; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:369:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datalength = strlen(*data); /* Compute the length of the file once, data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:813:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). currevid[strlen(currevid) - 1] = '\0'; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:826:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s)-1] = '\0'; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:841:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s[strlen(s)-1] = '\0'; data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:976:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(printerentry); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:995:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(printerentry); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1040:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*(defaultsettings[k] + strlen(currtagbody)) data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1043:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(currtagbody) + 1); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1065:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(s, "+-0123456789") < strlen(s)) data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1070:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(s, "+-0123456789.eE") < strlen(s)) data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1084:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(userdefaultvalue, "1"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1098:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(userdefaultvalue, "0"); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:1440:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defaultlinelength = strlen(defaultline); data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2361:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp((optionfilename + strlen(optionfilename) - 4), ".xml") == 0) { data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2452:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp((driverfilename + strlen(driverfilename) - 4), ".xml") == 0) { data/foomatic-db-engine-4.0.13/foomatic-combo-xml.c:2507:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp((printerfilename + strlen(printerfilename) - 4), ".xml") == ANALYSIS SUMMARY: Hits = 145 Lines analyzed = 7877 in approximately 0.34 seconds (23329 lines/second) Physical Source Lines of Code (SLOC) = 6958 Hits@level = [0] 1025 [1] 16 [2] 68 [3] 0 [4] 61 [5] 0 Hits@level+ = [0+] 1170 [1+] 145 [2+] 129 [3+] 61 [4+] 61 [5+] 0 Hits/KSLOC@level+ = [0+] 168.152 [1+] 20.8393 [2+] 18.5398 [3+] 8.76689 [4+] 8.76689 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.