Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/fotoxx-20.08/f.albums.cc Examining data/fotoxx-20.08/f.area.cc Examining data/fotoxx-20.08/f.combine.cc Examining data/fotoxx-20.08/f.edit.cc Examining data/fotoxx-20.08/f.effects.cc Examining data/fotoxx-20.08/f.enhance.cc Examining data/fotoxx-20.08/f.file.cc Examining data/fotoxx-20.08/f.gallery.cc Examining data/fotoxx-20.08/f.mashup.cc Examining data/fotoxx-20.08/f.meta.cc Examining data/fotoxx-20.08/f.pixmap.cc Examining data/fotoxx-20.08/f.process.cc Examining data/fotoxx-20.08/f.tools.cc Examining data/fotoxx-20.08/f.warp.cc Examining data/fotoxx-20.08/f.widgets.cc Examining data/fotoxx-20.08/fotoxx.cc Examining data/fotoxx-20.08/fotoxx.h Examining data/fotoxx-20.08/zfuncs.h Examining data/fotoxx-20.08/zfuncs.cc FINAL RESULTS: data/fotoxx-20.08/f.combine.cc:5645:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod("PTscript",0760); // run the script data/fotoxx-20.08/f.file.cc:124:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink("/proc/self/exe",progexe,300); // get own program path data/fotoxx-20.08/f.file.cc:930:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(permissions_file,mode); // set file permissions data/fotoxx-20.08/f.file.cc:2059:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. err = chmod(delete_trash_file,statb.st_mode); data/fotoxx-20.08/f.file.cc:3023:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(outfile2,mode); // set permissions from input file 20.0 data/fotoxx-20.08/f.file.cc:3244:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(outfile,mode); // set permissions 20.0 data/fotoxx-20.08/zfuncs.cc:479:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink("/proc/self/exe",progexe,300); // get own program path data/fotoxx-20.08/zfuncs.cc:1904:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink(sfile,buff,XFCC); data/fotoxx-20.08/zfuncs.cc:4765:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink("/proc/self/exe",buff,300); // get own program path data/fotoxx-20.08/zfuncs.cc:4829:4: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(desktopfile2,0751); // make fotoxx.desktop executable data/fotoxx-20.08/zfuncs.cc:4927:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink("/proc/self/exe",buff,300); // get own program path 7.1 data/fotoxx-20.08/zfuncs.cc:4985:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink("/proc/self/exe",zprefix,200); // get my executable path 6.4 data/fotoxx-20.08/zfuncs.cc:7233:15: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. cc = readlink("/proc/self/exe",iconpath,300); // get own program path data/fotoxx-20.08/f.albums.cc:183:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(mess,200,E2X("%d files added to album %s"),GScount,pp); data/fotoxx-20.08/f.albums.cc:420:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cpp+1,dpp); data/fotoxx-20.08/f.albums.cc:892:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,40,countformat,Nalbums); data/fotoxx-20.08/f.albums.cc:1013:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,40,countformat,Nalbums); // update dialog album count data/fotoxx-20.08/f.albums.cc:1983:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,50,E2X("%d images"),ss_Nfiles); data/fotoxx-20.08/f.albums.cc:2367:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(buff,"%s %d %f %d ",tranname,&n1,&ff,&n2); // tranname N N.N NN data/fotoxx-20.08/f.albums.cc:2908:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(buff,"%s %d %f %d ",tranname,&n1,&ff,&n2); // tranname N N.N NN data/fotoxx-20.08/f.edit.cc:4414:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(pp,"attributes: %f %s %s %s %s %d %d %d %d %d %d %d", data/fotoxx-20.08/f.edit.cc:9085:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/fotoxx-20.08/f.enhance.cc:3182:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sharp_function,event); // set chosen method data/fotoxx-20.08/f.enhance.cc:6243:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,mformat,0.0,0.0,0.0); // mean RGB: 0 0 0 data/fotoxx-20.08/f.enhance.cc:6245:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,nformat,0.0,0.0,0.0); // mean noise: 0.00 0.00 0.00 data/fotoxx-20.08/f.enhance.cc:6372:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,mformat,0.0,0.0,0.0); // clear dialog data data/fotoxx-20.08/f.enhance.cc:6374:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,nformat,0.0,0.0,0.0); data/fotoxx-20.08/f.enhance.cc:6377:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,mformat,Rm,Gm,Bm); // mean RGB: NNN NNN NNN data/fotoxx-20.08/f.enhance.cc:6380:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,nformat,Rn,Gn,Bn); // mean noise: N.NN N.NN N.NN data/fotoxx-20.08/f.file.cc:722:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newfile+ccp,rename_new); data/fotoxx-20.08/f.file.cc:723:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (ccx) strcpy(newfile+ccp+ccn,pext); data/fotoxx-20.08/f.file.cc:1039:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(curr_file_type,f_load_type); // set curr_file_xxx from f_load_xxx data/fotoxx-20.08/f.file.cc:1141:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(curr_file_type,f_save_type); // set curr_file_xxx from f_save_xxx data/fotoxx-20.08/f.file.cc:1399:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(fname,fext); data/fotoxx-20.08/f.file.cc:1404:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filespec,fname); data/fotoxx-20.08/f.file.cc:1528:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/fotoxx-20.08/f.file.cc:1725:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newfile,copymove_loc); data/fotoxx-20.08/f.file.cc:1727:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newfile,newname); data/fotoxx-20.08/f.file.cc:1734:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2,pp1); data/fotoxx-20.08/f.file.cc:1761:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prevname,newname); // set new 'previous' name 19.0 data/fotoxx-20.08/f.file.cc:2703:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(retname+cc+4,pext); data/fotoxx-20.08/f.file.cc:2739:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp+4,pext); data/fotoxx-20.08/f.file.cc:2852:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(outfile,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.file.cc:2870:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pext+1,outype); data/fotoxx-20.08/f.file.cc:2899:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tempfile,outype); data/fotoxx-20.08/f.file.cc:2955:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(edithist+cc1,URS_funcs[ii]); data/fotoxx-20.08/f.file.cc:2962:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(edithist+cc1,CEF->funcname); data/fotoxx-20.08/f.file.cc:3027:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f_save_type,outype); data/fotoxx-20.08/f.file.cc:3219:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pext+1,type); data/fotoxx-20.08/f.file.cc:3310:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp+1,ext); data/fotoxx-20.08/f.file.cc:3358:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec,file); data/fotoxx-20.08/f.file.cc:3745:42: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (mode & S_IRUSR && mode & S_IWUSR) strcat(perms,RWtran); data/fotoxx-20.08/f.file.cc:3746:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else if (mode & S_IRUSR) strcat(perms,ROtran); data/fotoxx-20.08/f.file.cc:3747:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat(perms,NOtran); data/fotoxx-20.08/f.file.cc:3750:42: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (mode & S_IRGRP && mode & S_IWGRP) strcat(perms,RWtran); data/fotoxx-20.08/f.file.cc:3751:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else if (mode & S_IRGRP) strcat(perms,ROtran); data/fotoxx-20.08/f.file.cc:3752:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat(perms,NOtran); data/fotoxx-20.08/f.file.cc:3755:42: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (mode & S_IROTH && mode & S_IWOTH) strcat(perms,RWtran); data/fotoxx-20.08/f.file.cc:3756:29: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else if (mode & S_IROTH) strcat(perms,ROtran); data/fotoxx-20.08/f.file.cc:3757:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). else strcat(perms,NOtran); data/fotoxx-20.08/f.file.cc:3782:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tempfile,infile); // fail, try folders only data/fotoxx-20.08/f.file.cc:3792:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outfile,pp); data/fotoxx-20.08/f.gallery.cc:340:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[Nfiles].fdate,xxrec->fdate); data/fotoxx-20.08/f.gallery.cc:341:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[Nfiles].pdate,xxrec->pdate); data/fotoxx-20.08/f.gallery.cc:423:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[Nfiles].pdate,xxrec->pdate); // photo date data/fotoxx-20.08/f.gallery.cc:484:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[fposn].fdate,xxrec->fdate); data/fotoxx-20.08/f.gallery.cc:485:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[fposn].pdate,xxrec->pdate); data/fotoxx-20.08/f.gallery.cc:532:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[ii].fdate,xxrec->fdate); data/fotoxx-20.08/f.gallery.cc:533:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(GFlist[ii].pdate,xxrec->pdate); data/fotoxx-20.08/f.gallery.cc:1674:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp+1,gallerypath[ii]); data/fotoxx-20.08/f.gallery.cc:2173:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newfile,pp1); data/fotoxx-20.08/f.gallery.cc:2945:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppx2,ppx); // add trailing blank: ".ext " data/fotoxx-20.08/f.gallery.cc:2957:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppt,ppx2); data/fotoxx-20.08/f.gallery.cc:2958:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppt+xcc+1,myRAWtypes); data/fotoxx-20.08/f.gallery.cc:2969:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppt,ppx2); data/fotoxx-20.08/f.gallery.cc:2970:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ppt+xcc+1,myVIDEOtypes); data/fotoxx-20.08/f.gallery.cc:3042:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thumbfile,thumbfolder); // /thumb/folder data/fotoxx-20.08/f.gallery.cc:3043:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thumbfile+cc1,RP); // .../image/folder/file.xxx data/fotoxx-20.08/f.gallery.cc:4566:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(bookmarkline,bookmarks[ii]+32); data/fotoxx-20.08/f.mashup.cc:840:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(pp,"attributes: %f %s %s %s %s %d %d %d %d %d %d %d", data/fotoxx-20.08/f.mashup.cc:871:15: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(pp,"attributes: %d %d %d %d %f %s %s %s %s %d %d %d %d %d %d %d", data/fotoxx-20.08/f.mashup.cc:2708:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savecolor[jj],text[ii].attr.color[jj]); data/fotoxx-20.08/f.mashup.cc:2715:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text[ii].attr.color[jj],flashcolor); data/fotoxx-20.08/f.mashup.cc:2726:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text[ii].attr.color[jj],savecolor[jj]); data/fotoxx-20.08/f.mashup.cc:3000:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savecolor[jj],line[ii].attr.color[jj]); data/fotoxx-20.08/f.mashup.cc:3007:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line[ii].attr.color[jj],flashcolor); data/fotoxx-20.08/f.mashup.cc:3018:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line[ii].attr.color[jj],savecolor[jj]); data/fotoxx-20.08/f.mashup.cc:4309:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,E2X("column difference: %d pixels"),coldiffB); // show best column diff. so far data/fotoxx-20.08/f.mashup.cc:4470:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); data/fotoxx-20.08/f.meta.cc:697:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); // get command outputs 20.0 data/fotoxx-20.08/f.meta.cc:802:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(curr_file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:1245:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp1,matchtags[ii]); data/fotoxx-20.08/f.meta.cc:1362:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(meta_pdate,metadate); // convert to yyyymmdd data/fotoxx-20.08/f.meta.cc:1366:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(meta_pdate,metatime); // append hhmmss data/fotoxx-20.08/f.meta.cc:1603:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(curr_file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:1814:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(curr_file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:1990:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (*fname) strcpy(text,fname); data/fotoxx-20.08/f.meta.cc:1994:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(text,caption); data/fotoxx-20.08/f.meta.cc:1999:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(text,comment); data/fotoxx-20.08/f.meta.cc:2134:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.meta.cc:2175:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:2366:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); data/fotoxx-20.08/f.meta.cc:2427:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp1,matchtags[ii]); data/fotoxx-20.08/f.meta.cc:2658:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:2911:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.meta.cc:3017:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:3131:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); data/fotoxx-20.08/f.meta.cc:3247:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.meta.cc:3331:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:3386:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); data/fotoxx-20.08/f.meta.cc:3480:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.meta.cc:3571:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); data/fotoxx-20.08/f.meta.cc:3677:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.meta.cc:3708:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:3755:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); data/fotoxx-20.08/f.meta.cc:5056:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp1,matchtags[ii]); data/fotoxx-20.08/f.meta.cc:5119:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(searchDateFrom,dateLoDefault); // else search from start of time data/fotoxx-20.08/f.meta.cc:5122:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(searchDateTo,dateHiDefault); // else search to end of time data/fotoxx-20.08/f.meta.cc:5926:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(temp,100,E2X("bad number: %s"),searchvals[jj]); data/fotoxx-20.08/f.meta.cc:6117:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(wwhh,blank); // 19.0 data/fotoxx-20.08/f.meta.cc:6118:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fsize,blank); data/fotoxx-20.08/f.meta.cc:6139:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text1+cc,text2); data/fotoxx-20.08/f.meta.cc:6181:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pdate2,pdate); data/fotoxx-20.08/f.meta.cc:6228:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptime2,ptime); data/fotoxx-20.08/f.meta.cc:6363:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tag,tag1); data/fotoxx-20.08/f.meta.cc:6381:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(taglist + cc2,tag); data/fotoxx-20.08/f.meta.cc:6441:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(taglist + ftcc, pp); data/fotoxx-20.08/f.meta.cc:6464:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tags_recentags,pp+2); // delimiter + blank before tag data/fotoxx-20.08/f.meta.cc:6568:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2,pp1); data/fotoxx-20.08/f.meta.cc:6613:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tags_deftags[nocat] + nocatcc, tag); // append tag to list data/fotoxx-20.08/f.meta.cc:6665:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2,catg); data/fotoxx-20.08/f.meta.cc:6672:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2,ptags[jj]); // append tag + delim + blank data/fotoxx-20.08/f.meta.cc:6827:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2+cc2,tag1); // old record + tag + delim + blank data/fotoxx-20.08/f.meta.cc:7204:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:7304:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xmetarec+xcc,xmeta_keys[ii]); // construct series data/fotoxx-20.08/f.meta.cc:7307:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xmetarec+xcc,xmeta_data[ii]); data/fotoxx-20.08/f.meta.cc:8696:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mapbox_total_uri,mapbox_access_uri); data/fotoxx-20.08/f.meta.cc:8697:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mapbox_total_uri,mapbox_access_key); data/fotoxx-20.08/f.meta.cc:9365:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inputs[jj]+1,keys[ii]); data/fotoxx-20.08/f.meta.cc:9442:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:9464:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inputs[jj]+1,keys[ii]); data/fotoxx-20.08/f.meta.cc:9469:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inputs[jj]+cc+2,kdata[ii]); data/fotoxx-20.08/f.meta.cc:9515:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. err = access(file2,W_OK); // test file can be written by me 19.1 data/fotoxx-20.08/f.meta.cc:9692:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid2 = popen(command,"r"); // start exiftool and output file data/fotoxx-20.08/f.meta.cc:9771:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid2 = popen(command,"r"); // start exiftool and output file data/fotoxx-20.08/f.meta.cc:9988:28: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (xxrec->pdate[0]) strcpy(xxrec_new->pdate,xxrec->pdate); data/fotoxx-20.08/f.meta.cc:9994:29: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (xxrec->rating[0]) strcpy(xxrec_new->rating,xxrec->rating); data/fotoxx-20.08/f.pixmap.cc:2560:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,199,format,ap); data/fotoxx-20.08/f.process.cc:229:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:356:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(outext,newext); // new .ext was given data/fotoxx-20.08/f.process.cc:602:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.process.cc:814:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(mess0,60,E2X("Convert %d image files"),GScount); data/fotoxx-20.08/f.process.cc:821:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (Fcopymeta) { strcat(mess5,E2X("Copy Metadata")); strcat(mess5," "); } data/fotoxx-20.08/f.process.cc:822:20: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (Fupright) { strcat(mess5,E2X("Upright")); strcat(mess5," "); } data/fotoxx-20.08/f.process.cc:823:20: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (Fsharpen) { strcat(mess5,E2X("Sharpen")); strcat(mess5," "); } data/fotoxx-20.08/f.process.cc:991:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:1048:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2+5,pp1); data/fotoxx-20.08/f.process.cc:1123:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.process.cc:1200:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:1289:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.process.cc:1424:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:1503:15: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pp) strcpy(pp,filetype); data/fotoxx-20.08/f.process.cc:1522:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outfile,pp); // /new-location/filename.ext data/fotoxx-20.08/f.process.cc:1566:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // stuff count into dialog data/fotoxx-20.08/f.process.cc:1734:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen("lshw -class disk","r"); // find all DVD/BR devices data/fotoxx-20.08/f.process.cc:1764:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dvddev[Ndvd],pp); // save DVD/BD device data/fotoxx-20.08/f.process.cc:1780:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dvddevdesc[ii],dvddev[ii]); data/fotoxx-20.08/f.process.cc:1782:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(dvddevdesc[ii],dvddesc[ii]); data/fotoxx-20.08/f.process.cc:1805:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:1836:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(command,200,growisofs,mydvd,burnlist); // start burn process data/fotoxx-20.08/f.process.cc:1857:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.process.cc:1919:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:1978:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.process.cc:2064:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:2084:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outfile,pp); data/fotoxx-20.08/f.process.cc:2149:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.process.cc:2563:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.process.cc:2589:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog file count data/fotoxx-20.08/f.tools.cc:853:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xxrec_tab[xrec]->fdate, xxrec_new[nrec]->fdate); // use current file date data/fotoxx-20.08/f.tools.cc:1237:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xmetarec+xcc,exifkeys[ii]); // construct series data/fotoxx-20.08/f.tools.cc:1240:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xmetarec+xcc,ppv[ii]); data/fotoxx-20.08/f.tools.cc:1604:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(pct_scale,40,E2X("%c of scale"),'%'); // prepare text "% of scale" 20.0 data/fotoxx-20.08/f.tools.cc:5131:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(text,100,Bfileselected,GScount); // show selected files count 20.0 data/fotoxx-20.08/f.tools.cc:5155:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(countmess,80,Bfileselected,GScount); // update dialog data/fotoxx-20.08/f.tools.cc:6390:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/fotoxx-20.08/fotoxx.cc:187:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zfuncs::zappname,Frelease); // app name and version data/fotoxx-20.08/fotoxx.cc:467:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff,E2X("Please install missing programs:")); data/fotoxx-20.08/fotoxx.cc:492:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen("pidof fotoxx","r"); // get active fotoxx PIDs 20.0 data/fotoxx-20.08/fotoxx.cc:499:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); data/fotoxx-20.08/fotoxx.cc:1084:23: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (cpuload <= 99) strcat(text1,digitblank); // keep width constant 3 digits 20.0 data/fotoxx-20.08/fotoxx.cc:1085:22: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (cpuload <= 9) strcat(text1,digitblank); data/fotoxx-20.08/fotoxx.cc:1147:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptext1,text1); data/fotoxx-20.08/zfuncs.cc:317:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp,string); data/fotoxx-20.08/zfuncs.cc:331:4: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format,arglist); data/fotoxx-20.08/zfuncs.cc:351:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buff,200,errmess,arglist); data/fotoxx-20.08/zfuncs.cc:444:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,300,format,arglist); data/fotoxx-20.08/zfuncs.cc:449:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid1 = popen("lsb_release -d","r"); // get Linux flavor and release data/fotoxx-20.08/zfuncs.cc:451:12: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. ii = fscanf(fid1,"%s %s %s",OS1,OS2,OS3); data/fotoxx-20.08/zfuncs.cc:510:14: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid3 = popen(buff2,"r"); // and line number data/fotoxx-20.08/zfuncs.cc:1068:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen("find /sys/devices/ -name temp1_input","r"); // 6.6 data/fotoxx-20.08/zfuncs.cc:1077:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff2,"r"); data/fotoxx-20.08/zfuncs.cc:1104:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ffid = popen(command,"r"); data/fotoxx-20.08/zfuncs.cc:1407:10: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. err = system(command); data/fotoxx-20.08/zfuncs.cc:1430:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cbuff,cc,command,arglist); data/fotoxx-20.08/zfuncs.cc:1466:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cbuff,cc,command,arglist); data/fotoxx-20.08/zfuncs.cc:1528:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(command[ii],2000,Fcommand,arglist); data/fotoxx-20.08/zfuncs.cc:1601:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buff,9999,command,arglist); data/fotoxx-20.08/zfuncs.cc:1604:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); // execute command, output to FID data/fotoxx-20.08/zfuncs.cc:1653:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); // popen() instead of system() data/fotoxx-20.08/zfuncs.cc:1748:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(folder,ppath); data/fotoxx-20.08/zfuncs.cc:1763:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(file,pp); // file part data/fotoxx-20.08/zfuncs.cc:1770:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ext,pp); // .ext part data/fotoxx-20.08/zfuncs.cc:1873:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp2,pp1); data/fotoxx-20.08/zfuncs.cc:2034:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(output+outcc,argv[ii]); data/fotoxx-20.08/zfuncs.cc:2469:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dest != source) strcpy(dest,source); data/fotoxx-20.08/zfuncs.cc:2517:24: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (dest != source) strcpy(dest,source); data/fotoxx-20.08/zfuncs.cc:2620:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest,source); data/fotoxx-20.08/zfuncs.cc:2641:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest,source); data/fotoxx-20.08/zfuncs.cc:2674:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strout,strin); data/fotoxx-20.08/zfuncs.cc:2710:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ftemp,strout); data/fotoxx-20.08/zfuncs.cc:2853:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(work,pNum); data/fotoxx-20.08/zfuncs.cc:2854:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(work+k1,pNum+k2+1); data/fotoxx-20.08/zfuncs.cc:2855:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pNum,work); data/fotoxx-20.08/zfuncs.cc:3090:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffxx,buffout); data/fotoxx-20.08/zfuncs.cc:3278:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+1,pstr+2); data/fotoxx-20.08/zfuncs.cc:3281:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+1,pstr+2); data/fotoxx-20.08/zfuncs.cc:3284:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+1,pstr+2); data/fotoxx-20.08/zfuncs.cc:3287:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+2,pstr+3); data/fotoxx-20.08/zfuncs.cc:3290:14: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (pstr) strcpy(pstr+2,pstr+3); data/fotoxx-20.08/zfuncs.cc:3534:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/fotoxx-20.08/zfuncs.cc:3604:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/fotoxx-20.08/zfuncs.cc:4666:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,199,format,arglist); data/fotoxx-20.08/zfuncs.cc:5080:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(newfont,"%s %d",font,&size); // "sans 11" data/fotoxx-20.08/zfuncs.cc:5082:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. nn = sscanf(newfont,"%s %s %d",font,junk,&size); data/fotoxx-20.08/zfuncs.cc:5149:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(filespec,filetype); // leave /type as default data/fotoxx-20.08/zfuncs.cc:5151:34: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strmatch(filetype,"doc")) strcpy(filespec,zdocdir); // /usr/share/doc/appname data/fotoxx-20.08/zfuncs.cc:5152:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strmatch(filetype,"data")) strcpy(filespec,zdatadir); // /usr/share/appname/data data/fotoxx-20.08/zfuncs.cc:5153:37: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strmatch(filetype,"locale")) strcpy(filespec,zlocalesdir); // /usr/share/appname/locales data/fotoxx-20.08/zfuncs.cc:5154:35: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (strmatch(filetype,"user")) strcpy(filespec,zhomedir); // /home/<user>/.appname data/fotoxx-20.08/zfuncs.cc:5159:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fext,pp); // file type .fext data/fotoxx-20.08/zfuncs.cc:5171:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec+cc+1,fname); // /folders.../fname data/fotoxx-20.08/zfuncs.cc:5175:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp,lc_RC); // /folders.../fname-lc_RC.fext data/fotoxx-20.08/zfuncs.cc:5176:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pp,fext); data/fotoxx-20.08/zfuncs.cc:5180:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp+3,fext); // /folders.../fname-lc.fext data/fotoxx-20.08/zfuncs.cc:5185:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pp,fext); data/fotoxx-20.08/zfuncs.cc:5189:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pp,fext); // /folders.../fname.fext data/fotoxx-20.08/zfuncs.cc:5194:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filespec,zdocdir); // /usr/share/doc/appname/extras data/fotoxx-20.08/zfuncs.cc:5860:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff2,100,wget2,zappvers,uuid); // build message to web host data/fotoxx-20.08/zfuncs.cc:5861:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff1,140,wget1,buff2); data/fotoxx-20.08/zfuncs.cc:6443:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(textline,1999,format,arglist); data/fotoxx-20.08/zfuncs.cc:6475:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(textline,1999,format,arglist); data/fotoxx-20.08/zfuncs.cc:6512:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(textline,1999,format,arglist); data/fotoxx-20.08/zfuncs.cc:6552:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(textline,1999,format,arglist); data/fotoxx-20.08/zfuncs.cc:7494:19: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iconfile+mdcc,pp); // /menudir/NNN.png data/fotoxx-20.08/zfuncs.cc:8040:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(text,pp); // "/usr/bin/mystuff" --> "mystuff" data/fotoxx-20.08/zfuncs.cc:8058:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(iconfile+mdcc,text); // make /menudir/NNN.png data/fotoxx-20.08/zfuncs.cc:8145:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); data/fotoxx-20.08/zfuncs.cc:8159:13: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(buff,"r"); data/fotoxx-20.08/zfuncs.cc:8545:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mdesc+1,desc); data/fotoxx-20.08/zfuncs.cc:10579:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(string,32,format,ddata); // use "%.2g" etc. for data/fotoxx-20.08/zfuncs.cc:10591:4: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(txt2,1000,format,font,txt); data/fotoxx-20.08/zfuncs.cc:10939:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zdposn[ii].wintitle,wintitle); data/fotoxx-20.08/zfuncs.cc:11119:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(zdposn[ii].wintitle,wintitle); // add window to table data/fotoxx-20.08/zfuncs.cc:11206:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(wname[ii],pp1); // save widget name and data data/fotoxx-20.08/zfuncs.cc:11207:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(wdata2,pp2); data/fotoxx-20.08/zfuncs.cc:11535:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/fotoxx-20.08/zfuncs.cc:11555:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/fotoxx-20.08/zfuncs.cc:11613:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/fotoxx-20.08/zfuncs.cc:11631:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/fotoxx-20.08/zfuncs.cc:11810:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. fid = popen(command,"r"); data/fotoxx-20.08/zfuncs.cc:11838:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,999,format,arglist); data/fotoxx-20.08/zfuncs.cc:11874:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,500,format,arglist); data/fotoxx-20.08/zfuncs.cc:11918:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,1000,format,arglist); data/fotoxx-20.08/zfuncs.cc:11964:4: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(message,400,format,arglist); data/fotoxx-20.08/zfuncs.cc:13659:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (xcc) strcpy(xpp,string); // copy string data/fotoxx-20.08/zfuncs.cc:13672:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp,xstr.xpp); // copy string data/fotoxx-20.08/zfuncs.cc:13704:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp,xstr.xpp); // copy string data/fotoxx-20.08/zfuncs.cc:13724:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (xcc) strcpy(xpp,str); // copy string data/fotoxx-20.08/zfuncs.cc:13734:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp,x1.xpp); // with both input strings data/fotoxx-20.08/zfuncs.cc:13735:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp + x1.xcc, x2.xpp); data/fotoxx-20.08/zfuncs.cc:13748:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp,x1.xpp); // with both input strings data/fotoxx-20.08/zfuncs.cc:13749:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s2) strcpy(temp.xpp + x1.xcc, s2); data/fotoxx-20.08/zfuncs.cc:13762:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if (s1) strcpy(temp.xpp,s1); // with both input strings data/fotoxx-20.08/zfuncs.cc:13763:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(temp.xpp + cc1, x2.xpp); data/fotoxx-20.08/zfuncs.cc:13786:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp2,xpp); // copy to new space data/fotoxx-20.08/zfuncs.cc:13821:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(xpp2,xpp); // copy to new space data/fotoxx-20.08/zfuncs.cc:14232:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(string,table+pos); // return string data/fotoxx-20.08/zfuncs.cc:14487:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tname,name); data/fotoxx-20.08/f.combine.cc:3878:40: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. lens_mm = lens_mmB + mm_range * (drand48() - 0.5); // new random lens factor data/fotoxx-20.08/f.combine.cc:3894:17: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rnum = drand48(); data/fotoxx-20.08/f.combine.cc:3896:55: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cimOffs[1].xf = offsetsB.xf + xf_range * (drand48() - 0.5); data/fotoxx-20.08/f.combine.cc:3898:55: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cimOffs[1].yf = offsetsB.yf + yf_range * (drand48() - 0.5); data/fotoxx-20.08/f.combine.cc:3900:55: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cimOffs[1].tf = offsetsB.tf + tf_range * (drand48() - 0.5); data/fotoxx-20.08/f.combine.cc:5030:40: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. lens_mm = lens_mmB + mm_range * (drand48() - 0.5); // new random lens factor data/fotoxx-20.08/f.combine.cc:5046:17: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rnum = drand48(); data/fotoxx-20.08/f.combine.cc:5048:55: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cimOffs[1].xf = offsetsB.xf + xf_range * (drand48() - 0.5); data/fotoxx-20.08/f.combine.cc:5050:55: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cimOffs[1].yf = offsetsB.yf + yf_range * (drand48() - 0.5); data/fotoxx-20.08/f.combine.cc:5052:55: [3] (random) drand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. cimOffs[1].tf = offsetsB.tf + tf_range * (drand48() - 0.5); data/fotoxx-20.08/f.file.cc:1838:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(newfile,100,"%s/%s",getenv("HOME"),desktopname); // locale specific desktop name data/fotoxx-20.08/f.file.cc:3775:9: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. RP = realpath(infile,null); // try full file path data/fotoxx-20.08/f.file.cc:3786:9: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. RP = realpath(tempfile,null); data/fotoxx-20.08/f.gallery.cc:1736:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. strncpy0(folder,getenv("HOME"),200); data/fotoxx-20.08/f.gallery.cc:1739:35: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(folder,200,"%s/%s",getenv("HOME"),desktopname); // locale-specific desktop name data/fotoxx-20.08/f.mashup.cc:4108:16: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int random; // random number for sorting data/fotoxx-20.08/f.tools.cc:174:42: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. textwidget_append(widget,0," X %s\n",getenv("HOME")); // /home/<user> data/fotoxx-20.08/f.tools.cc:330:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. flist = zgetfiles(topmess,MWIN,"folders",getenv("HOME")); // get top folders from user data/fotoxx-20.08/f.tools.cc:341:45: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pp = zgetfile(thumbmess,MWIN,"folder",getenv("HOME")); data/fotoxx-20.08/f.tools.cc:384:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. topfolders[0] = zstrdup(getenv("HOME")); // default top image folder data/fotoxx-20.08/f.tools.cc:1547:46: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(fotoxxhome,100,"%s/.fotoxx-home",getenv("HOME")); // write new ~/.fotoxx-home file data/fotoxx-20.08/f.tools.cc:6387:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. HERE = getenv("HERE"); data/fotoxx-20.08/fotoxx.cc:338:67: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(maps_folder,199,"%s/.local/share/fotoxx-maps/data",getenv("HOME")); data/fotoxx-20.08/fotoxx.cc:544:54: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(filename,200,"%s/.config/user-dirs.dirs",getenv("HOME")); data/fotoxx-20.08/zfuncs.cc:4526:11: [3] (random) nrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return nrand48((unsigned int16 *) seed); data/fotoxx-20.08/zfuncs.cc:4539:11: [3] (random) erand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return erand48((unsigned int16 *) seed); data/fotoxx-20.08/zfuncs.cc:4751:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pp = getenv("APPIMAGE"); // appimage executable file data/fotoxx-20.08/zfuncs.cc:4773:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. homedir = getenv("HOME"); data/fotoxx-20.08/zfuncs.cc:4857:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. homedir = getenv("HOME"); data/fotoxx-20.08/zfuncs.cc:4947:38: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(zhomedir,199,"%s/.%s",getenv("HOME"),zappname); // use /home/<user>/.appname data/fotoxx-20.08/zfuncs.cc:5796:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint64 random; data/fotoxx-20.08/zfuncs.cc:5818:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. snprintf(uuid,12,"%08llx",random); // (range 4.2 billion) data/fotoxx-20.08/zfuncs.cc:5880:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint64 random; data/fotoxx-20.08/zfuncs.cc:5905:33: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. snprintf(uuid,12,"%08llx",random); // (range 4.2 billion) data/fotoxx-20.08/zfuncs.cc:6039:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. pp = getenv("LANG"); // use $LANG if defined data/fotoxx-20.08/zfuncs.cc:6040:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (! pp) pp = getenv("LANGUAGE"); // use $LANGUAGE if defined data/fotoxx-20.08/f.albums.cc:139:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mess[200], albumname[ANCC], *pp; data/fotoxx-20.08/f.albums.cc:203:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char patt[200]; data/fotoxx-20.08/f.albums.cc:263:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumname[ANCC], newalbumfile[AFCC]; data/fotoxx-20.08/f.albums.cc:299:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(curr_album,"w"); // open/write empty album file data/fotoxx-20.08/f.albums.cc:351:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(newalbumfile,"w"); // open/write album file data/fotoxx-20.08/f.albums.cc:523:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumbuff[XFCC]; data/fotoxx-20.08/f.albums.cc:527:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp2, *fnewest, poptitle[100]; data/fotoxx-20.08/f.albums.cc:528:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *files[maxalbumfiles]; data/fotoxx-20.08/f.albums.cc:532:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidr = fopen(albumfile,"r"); // open/read album file data/fotoxx-20.08/f.albums.cc:616:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char findcomm[200]; data/fotoxx-20.08/f.albums.cc:646:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selfiles[AFCC]; data/fotoxx-20.08/f.albums.cc:647:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumbuff[XFCC]; data/fotoxx-20.08/f.albums.cc:662:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(selfiles,"r"); data/fotoxx-20.08/f.albums.cc:833:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *albumfiles[maxalbums]; data/fotoxx-20.08/f.albums.cc:834:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldfile[XFCC], newfile[XFCC]; // albums and replace option kept data/fotoxx-20.08/f.albums.cc:837:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[40]; data/fotoxx-20.08/f.albums.cc:1028:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/fotoxx-20.08/f.albums.cc:1063:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *albumfiles[maxalbums]; // albums to process data/fotoxx-20.08/f.albums.cc:1064:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *oldfiles[maxalbumfiles]; // initial album files data/fotoxx-20.08/f.albums.cc:1065:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *newfiles[maxalbumfiles]; // album files after processing data/fotoxx-20.08/f.albums.cc:1066:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumbuff[XFCC]; data/fotoxx-20.08/f.albums.cc:1162:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(albumfiles[ii],"r"); // open/read album file data/fotoxx-20.08/f.albums.cc:1186:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(albumfiles[ii],"w"); // open/write album file data/fotoxx-20.08/f.albums.cc:1223:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[40]; data/fotoxx-20.08/f.albums.cc:1279:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char selcomm[AFCC], albumbuff[XFCC]; data/fotoxx-20.08/f.albums.cc:1281:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *selectfiles[maxalbumfiles]; data/fotoxx-20.08/f.albums.cc:1282:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **fileversions, *ppselect[100]; data/fotoxx-20.08/f.albums.cc:1287:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(selcomm,"r"); data/fotoxx-20.08/f.albums.cc:1454:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *albumfiles[maxalbums]; data/fotoxx-20.08/f.albums.cc:1455:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char findcomm[200]; data/fotoxx-20.08/f.albums.cc:1519:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char findcomm[200], albumname[100], albumfile[200]; data/fotoxx-20.08/f.albums.cc:1638:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ss_musicfile[500] = "none"; // /folder.../musicfile.ogg data/fotoxx-20.08/f.albums.cc:1666:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranname[32]; // transition name data/fotoxx-20.08/f.albums.cc:1725:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranname[32]; // transition type to use data/fotoxx-20.08/f.albums.cc:1903:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[50]; data/fotoxx-20.08/f.albums.cc:2007:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyx[4] = "X"; data/fotoxx-20.08/f.albums.cc:2091:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyx[4]; data/fotoxx-20.08/f.albums.cc:2120:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameii[32], enabii[8], timeii[8], prefii[8]; data/fotoxx-20.08/f.albums.cc:2256:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameii[32], enabii[8], timeii[8], prefii[8]; data/fotoxx-20.08/f.albums.cc:2278:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); data/fotoxx-20.08/f.albums.cc:2320:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); data/fotoxx-20.08/f.albums.cc:2351:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[XFCC]; data/fotoxx-20.08/f.albums.cc:2353:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranname[32]; data/fotoxx-20.08/f.albums.cc:2423:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, zoomloc[40]; data/fotoxx-20.08/f.albums.cc:2576:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranname[32]; data/fotoxx-20.08/f.albums.cc:2674:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, zoomloc[40]; data/fotoxx-20.08/f.albums.cc:2768:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[XFCC]; data/fotoxx-20.08/f.albums.cc:2769:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefsfile[200], *pp; data/fotoxx-20.08/f.albums.cc:2772:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranname[32]; data/fotoxx-20.08/f.albums.cc:2784:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(ss_albumfile,"r"); // open album file data/fotoxx-20.08/f.albums.cc:2812:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ss_musicfile,"none"); // no music file data/fotoxx-20.08/f.albums.cc:2839:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ss_imagetab[ii].tranname,"next"); data/fotoxx-20.08/f.albums.cc:2843:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(prefsfile,"r"); // open slide show prefs file data/fotoxx-20.08/f.albums.cc:2871:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ss_imagetime = atoi(pp+11); data/fotoxx-20.08/f.albums.cc:2876:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ss_cctime = atoi(pp+8); data/fotoxx-20.08/f.albums.cc:2881:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ss_cliplimit = atoi(pp+11); data/fotoxx-20.08/f.albums.cc:2886:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ss_random = atoi(pp+8); data/fotoxx-20.08/f.albums.cc:2896:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ss_fullscreen = atoi(pp+12); data/fotoxx-20.08/f.albums.cc:2901:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ss_replay = atoi(pp+8); data/fotoxx-20.08/f.albums.cc:2941:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+6); data/fotoxx-20.08/f.albums.cc:2947:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+7); data/fotoxx-20.08/f.albums.cc:2953:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+10); data/fotoxx-20.08/f.albums.cc:2959:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+9); data/fotoxx-20.08/f.albums.cc:2965:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+10); data/fotoxx-20.08/f.albums.cc:2971:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+7); data/fotoxx-20.08/f.albums.cc:2977:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+10); // 0/1/2 = none/zoom-in/zoom-out data/fotoxx-20.08/f.albums.cc:2989:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+10); data/fotoxx-20.08/f.albums.cc:2998:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp); data/fotoxx-20.08/f.albums.cc:3004:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nn = atoi(pp+7); data/fotoxx-20.08/f.albums.cc:3035:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefsfile[200]; data/fotoxx-20.08/f.albums.cc:3044:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(prefsfile,"w"); // open slide show prefs file data/fotoxx-20.08/f.albums.cc:3104:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyvals[2], *pp; data/fotoxx-20.08/f.albums.cc:3414:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyvals[2], *pp; data/fotoxx-20.08/f.albums.cc:3415:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200], caption[200], comments[200]; data/fotoxx-20.08/f.albums.cc:3416:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text[600]; data/fotoxx-20.08/f.albums.cc:3476:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(text+ii,"\n ",2); data/fotoxx-20.08/f.albums.cc:4127:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1,pix3,9); data/fotoxx-20.08/f.albums.cc:4128:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + ss_rs, pix3 + ss_rs,9); data/fotoxx-20.08/f.albums.cc:4129:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 2 * ss_rs, pix3 + 2 * ss_rs,9); data/fotoxx-20.08/f.albums.cc:4236:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1, pix3, 9); data/fotoxx-20.08/f.albums.cc:4237:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + ss_rs, pix3 + ss_rs, 9); data/fotoxx-20.08/f.albums.cc:4238:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 2 * ss_rs, pix3 + 2 * ss_rs, 9); data/fotoxx-20.08/f.albums.cc:4244:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1, pix3, 9); data/fotoxx-20.08/f.albums.cc:4245:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + ss_rs, pix3 + ss_rs, 9); data/fotoxx-20.08/f.albums.cc:4246:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 2 * ss_rs, pix3 + 2 * ss_rs, 9); data/fotoxx-20.08/f.albums.cc:4356:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1, pix3, 18); data/fotoxx-20.08/f.albums.cc:4357:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + ss_rs, pix3 + ss_rs, 18); data/fotoxx-20.08/f.albums.cc:4358:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 2 * ss_rs, pix3 + 2 * ss_rs, 18); data/fotoxx-20.08/f.albums.cc:4359:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 3 * ss_rs, pix3 + 3 * ss_rs, 18); data/fotoxx-20.08/f.albums.cc:4360:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 4 * ss_rs, pix3 + 4 * ss_rs, 18); data/fotoxx-20.08/f.albums.cc:4361:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 5 * ss_rs, pix3 + 5 * ss_rs, 18); data/fotoxx-20.08/f.albums.cc:4521:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix2,3); data/fotoxx-20.08/f.albums.cc:4722:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,6); data/fotoxx-20.08/f.albums.cc:4756:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix2,6); data/fotoxx-20.08/f.albums.cc:4848:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,npix*3); data/fotoxx-20.08/f.albums.cc:4862:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,3); data/fotoxx-20.08/f.albums.cc:5027:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixx2,pixx,6); data/fotoxx-20.08/f.albums.cc:5086:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix2,cc); // paint new image from px1 to right edge data/fotoxx-20.08/f.albums.cc:5102:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,3*np2); data/fotoxx-20.08/f.albums.cc:5218:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,3); data/fotoxx-20.08/f.albums.cc:5219:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3 + ss_rs, pix1 + ss_rs, 3); data/fotoxx-20.08/f.albums.cc:5235:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,3); data/fotoxx-20.08/f.albums.cc:5236:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3 + ss_rs, pix1 + ss_rs, 3); data/fotoxx-20.08/f.albums.cc:5371:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,9); data/fotoxx-20.08/f.albums.cc:5374:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,9); data/fotoxx-20.08/f.albums.cc:5377:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,9); data/fotoxx-20.08/f.albums.cc:5389:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,9); data/fotoxx-20.08/f.albums.cc:5392:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,9); data/fotoxx-20.08/f.albums.cc:5395:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,9); data/fotoxx-20.08/f.albums.cc:5447:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1,pix3,9); data/fotoxx-20.08/f.albums.cc:5448:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + ss_rs, pix3 + ss_rs, 9); data/fotoxx-20.08/f.albums.cc:5449:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1 + 2 * ss_rs, pix3 + 2 * ss_rs, 9); data/fotoxx-20.08/f.albums.cc:5676:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1,vpix,3); data/fotoxx-20.08/f.albums.cc:5687:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,vpix,3); data/fotoxx-20.08/f.albums.cc:5759:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.albums.cc:5773:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.albums.cc:5787:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.albums.cc:5801:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.albums.cc:5949:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,6); data/fotoxx-20.08/f.albums.cc:5950:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2+rs,pix1+rs,6); data/fotoxx-20.08/f.albums.cc:5962:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,6); data/fotoxx-20.08/f.albums.cc:5963:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2+rs,pix1+rs,6); data/fotoxx-20.08/f.albums.cc:6024:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixels3,pixels2,cc); // mixed image = new image data/fotoxx-20.08/f.albums.cc:6042:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,tww*3); // to mixed image data/fotoxx-20.08/f.area.cc:342:31: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,"red")) memcpy(LINE_COLOR,RED,3*sizeof(int)); data/fotoxx-20.08/f.area.cc:343:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,"green")) memcpy(LINE_COLOR,GREEN,3*sizeof(int)); data/fotoxx-20.08/f.area.cc:344:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,"blue")) memcpy(LINE_COLOR,BLUE,3*sizeof(int)); data/fotoxx-20.08/f.area.cc:345:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,"black")) memcpy(LINE_COLOR,BLACK,3*sizeof(int)); data/fotoxx-20.08/f.area.cc:346:33: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,"white")) memcpy(LINE_COLOR,WHITE,3*sizeof(int)); data/fotoxx-20.08/f.area.cc:1043:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char colorbutt[16]; data/fotoxx-20.08/f.area.cc:2016:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[8]; data/fotoxx-20.08/f.area.cc:2251:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix0,pixM,pcc3); // color = match color data/fotoxx-20.08/f.area.cc:2279:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix0,pixM,pcc3); // color = match color data/fotoxx-20.08/f.area.cc:3205:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/fotoxx-20.08/f.area.cc:3250:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pcc); // copy RGB(A) data data/fotoxx-20.08/f.area.cc:3291:14: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (! pp) strcat(file,".png"); data/fotoxx-20.08/f.area.cc:3338:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pcc); // copy all channels data/fotoxx-20.08/f.area.cc:3358:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[100]; data/fotoxx-20.08/f.area.cc:3386:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pcc); // copy all channels data/fotoxx-20.08/f.area.cc:3671:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.combine.cc:46:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cimFile[10]; // input image files data/fotoxx-20.08/f.combine.cc:1019:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN", labN[4] = "0"; data/fotoxx-20.08/f.combine.cc:1158:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN"; data/fotoxx-20.08/f.combine.cc:1215:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat1) memcpy(pix3,vpix1,pixcc); data/fotoxx-20.08/f.combine.cc:1281:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat1) memcpy(pix2,vpix1,pixcc); data/fotoxx-20.08/f.combine.cc:1343:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat1) memcpy(pix3,vpix1,pixcc); data/fotoxx-20.08/f.combine.cc:1627:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN", labN[4] = "0"; data/fotoxx-20.08/f.combine.cc:1872:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:1995:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:2000:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pixcc); data/fotoxx-20.08/f.combine.cc:2574:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN", labN[4] = "0"; data/fotoxx-20.08/f.combine.cc:2978:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1, cc * pcc); data/fotoxx-20.08/f.combine.cc:2985:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,red,pcc); data/fotoxx-20.08/f.combine.cc:2994:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1, cc * pcc); data/fotoxx-20.08/f.combine.cc:3015:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1, cc * pcc); data/fotoxx-20.08/f.combine.cc:3026:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1, cc * pcc); data/fotoxx-20.08/f.combine.cc:3033:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,red,pcc); data/fotoxx-20.08/f.combine.cc:3147:43: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (pp && strlen(pp) >= 4) strcpy(pp,".jpg"); data/fotoxx-20.08/f.combine.cc:3479:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp[2] = { 0, 0 }; data/fotoxx-20.08/f.combine.cc:3595:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lensdata[8]; data/fotoxx-20.08/f.combine.cc:4113:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN"; data/fotoxx-20.08/f.combine.cc:4208:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN"; data/fotoxx-20.08/f.combine.cc:4514:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat1) memcpy(pix2,vpix1,pixcc); data/fotoxx-20.08/f.combine.cc:4633:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp[2] = { 0, 0 }; data/fotoxx-20.08/f.combine.cc:4749:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lensdata[8]; data/fotoxx-20.08/f.combine.cc:5265:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN"; data/fotoxx-20.08/f.combine.cc:5360:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imageN[8] = "imageN"; data/fotoxx-20.08/f.combine.cc:5584:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file1[100], *file2, *pp; data/fotoxx-20.08/f.combine.cc:5585:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cfolder[XFCC]; data/fotoxx-20.08/f.combine.cc:5622:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("PTscript","w"); // build pano tools script data/fotoxx-20.08/f.combine.cc:5659:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,"-PT.tif"); data/fotoxx-20.08/f.combine.cc:6358:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:6410:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:6506:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pixm,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:6585:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pixm,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:6659:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pixm,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:7522:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix9,pix3,pixcc); data/fotoxx-20.08/f.combine.cc:7574:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pixcc); data/fotoxx-20.08/f.combine.cc:7635:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pixcc); data/fotoxx-20.08/f.combine.cc:7663:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix,vpix,pixcc); data/fotoxx-20.08/f.combine.cc:7707:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pixcc); data/fotoxx-20.08/f.combine.cc:7735:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix,vpix,pixcc); data/fotoxx-20.08/f.edit.cc:109:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.edit.cc:323:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.edit.cc:326:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppv[1]; data/fotoxx-20.08/f.edit.cc:685:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mysize[20]; data/fotoxx-20.08/f.edit.cc:946:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.edit.cc:1100:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(pix3,pix1,pcc); // inside, full brightness data/fotoxx-20.08/f.edit.cc:1115:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.edit.cc:1130:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.edit.cc:1144:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.edit.cc:1228:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix9,pix3,pcc); data/fotoxx-20.08/f.edit.cc:1462:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20], blab[8], rlab[8]; data/fotoxx-20.08/f.edit.cc:1485:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(blab,"butt-0"); data/fotoxx-20.08/f.edit.cc:1486:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(rlab,"ratio-0"); data/fotoxx-20.08/f.edit.cc:2217:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mousetext[60]; data/fotoxx-20.08/f.edit.cc:2529:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtext[12]; data/fotoxx-20.08/f.edit.cc:2635:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rtext[12]; data/fotoxx-20.08/f.edit.cc:3527:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.edit.cc:3875:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[1000] = ""; // file for write_text data data/fotoxx-20.08/f.edit.cc:3876:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char metakey[60] = ""; data/fotoxx-20.08/f.edit.cc:4045:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[100]; // font name and size data/fotoxx-20.08/f.edit.cc:4049:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyvals[1]; data/fotoxx-20.08/f.edit.cc:4179:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(pp); data/fotoxx-20.08/f.edit.cc:4295:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.edit.cc:4378:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp2, *file, buff[1200]; data/fotoxx-20.08/f.edit.cc:4385:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); // open for read data/fotoxx-20.08/f.edit.cc:4409:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). attr.size = atoi(pp2); data/fotoxx-20.08/f.edit.cc:4457:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, text2[1200]; data/fotoxx-20.08/f.edit.cc:4463:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); // open for write data/fotoxx-20.08/f.edit.cc:4546:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[100]; // font name and size data/fotoxx-20.08/f.edit.cc:4558:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). txred = atoi(strField(attr->color[0],'|',1)); // get text foreground color data/fotoxx-20.08/f.edit.cc:4559:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). txgreen = atoi(strField(attr->color[0],'|',2)); data/fotoxx-20.08/f.edit.cc:4560:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). txblue = atoi(strField(attr->color[0],'|',3)); data/fotoxx-20.08/f.edit.cc:4561:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bgred = atoi(strField(attr->color[1],'|',1)); // get text background color data/fotoxx-20.08/f.edit.cc:4562:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bggreen = atoi(strField(attr->color[1],'|',2)); data/fotoxx-20.08/f.edit.cc:4563:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bgblue = atoi(strField(attr->color[1],'|',3)); data/fotoxx-20.08/f.edit.cc:4564:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tored = atoi(strField(attr->color[2],'|',1)); // get text outline color data/fotoxx-20.08/f.edit.cc:4565:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). togreen = atoi(strField(attr->color[2],'|',2)); data/fotoxx-20.08/f.edit.cc:4566:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). toblue = atoi(strField(attr->color[2],'|',3)); data/fotoxx-20.08/f.edit.cc:4567:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shred = atoi(strField(attr->color[3],'|',1)); // get text shadow color data/fotoxx-20.08/f.edit.cc:4568:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shgreen = atoi(strField(attr->color[3],'|',2)); data/fotoxx-20.08/f.edit.cc:4569:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shblue = atoi(strField(attr->color[3],'|',3)); data/fotoxx-20.08/f.edit.cc:5126:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.edit.cc:5228:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lnred = atoi(strField(attr->color[0],'|',1)); // get line foreground color data/fotoxx-20.08/f.edit.cc:5229:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lngreen = atoi(strField(attr->color[0],'|',2)); data/fotoxx-20.08/f.edit.cc:5230:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lnblue = atoi(strField(attr->color[0],'|',3)); data/fotoxx-20.08/f.edit.cc:5231:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bgred = atoi(strField(attr->color[1],'|',1)); // get line background color data/fotoxx-20.08/f.edit.cc:5232:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bggreen = atoi(strField(attr->color[1],'|',2)); data/fotoxx-20.08/f.edit.cc:5233:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bgblue = atoi(strField(attr->color[1],'|',3)); data/fotoxx-20.08/f.edit.cc:5234:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tored = atoi(strField(attr->color[2],'|',1)); // get line outline color data/fotoxx-20.08/f.edit.cc:5235:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). togreen = atoi(strField(attr->color[2],'|',2)); data/fotoxx-20.08/f.edit.cc:5236:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). toblue = atoi(strField(attr->color[2],'|',3)); data/fotoxx-20.08/f.edit.cc:5237:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shred = atoi(strField(attr->color[3],'|',1)); // get line shadow color data/fotoxx-20.08/f.edit.cc:5238:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shgreen = atoi(strField(attr->color[3],'|',2)); data/fotoxx-20.08/f.edit.cc:5239:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). shblue = atoi(strField(attr->color[3],'|',3)); data/fotoxx-20.08/f.edit.cc:5527:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.edit.cc:5550:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[0] = atoi(pp); data/fotoxx-20.08/f.edit.cc:5552:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[1] = atoi(pp); data/fotoxx-20.08/f.edit.cc:5554:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[2] = atoi(pp); data/fotoxx-20.08/f.edit.cc:5734:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.edit.cc:5757:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[0] = atoi(pp); data/fotoxx-20.08/f.edit.cc:5759:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[1] = atoi(pp); data/fotoxx-20.08/f.edit.cc:5761:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[2] = atoi(pp); data/fotoxx-20.08/f.edit.cc:6115:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20], text[20]; data/fotoxx-20.08/f.edit.cc:6140:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[0] = atoi(pp); data/fotoxx-20.08/f.edit.cc:6142:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[1] = atoi(pp); data/fotoxx-20.08/f.edit.cc:6144:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[2] = atoi(pp); data/fotoxx-20.08/f.edit.cc:6163:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text,"%3d",Mradius); // stuff corresp. number values data/fotoxx-20.08/f.edit.cc:6165:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text,"%3.0f",opccent); data/fotoxx-20.08/f.edit.cc:6167:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(text,"%3.0f",opcedge); data/fotoxx-20.08/f.edit.cc:6225:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.edit.cc:6548:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.edit.cc:6807:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.edit.cc:7861:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(save1B->pixels[npix],pix3,pcc); data/fotoxx-20.08/f.edit.cc:7896:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,save1B->pixels[npix],pcc); data/fotoxx-20.08/f.edit.cc:8176:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1,pix0,pcc); data/fotoxx-20.08/f.edit.cc:8657:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *plugins[100]; data/fotoxx-20.08/f.edit.cc:8672:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plugfile[200], buff[200], *pp; data/fotoxx-20.08/f.edit.cc:8689:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(plugfile,"w"); // no, create default data/fotoxx-20.08/f.edit.cc:8699:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(plugfile,"r"); // open plugins file data/fotoxx-20.08/f.edit.cc:8795:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, menuname[100], command[200]; data/fotoxx-20.08/f.edit.cc:8796:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/f.edit.cc:8898:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(buff,"w"); data/fotoxx-20.08/f.edit.cc:9079:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[300], buff[500]; data/fotoxx-20.08/f.effects.cc:199:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.effects.cc:229:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) fgrgb[0] = atoi(pp); data/fotoxx-20.08/f.effects.cc:231:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) fgrgb[1] = atoi(pp); data/fotoxx-20.08/f.effects.cc:233:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) fgrgb[2] = atoi(pp); data/fotoxx-20.08/f.effects.cc:237:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) bgrgb[0] = atoi(pp); data/fotoxx-20.08/f.effects.cc:239:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) bgrgb[1] = atoi(pp); data/fotoxx-20.08/f.effects.cc:241:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) bgrgb[2] = atoi(pp); data/fotoxx-20.08/f.effects.cc:2178:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Pflag[1000]; // max. RES = 31 data/fotoxx-20.08/f.effects.cc:2314:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Pflag[1000]; // max. RES = 31 data/fotoxx-20.08/f.effects.cc:2336:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,white,pixcc); data/fotoxx-20.08/f.effects.cc:2711:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char palettename[100] = "none"; // palette file name data/fotoxx-20.08/f.effects.cc:2785:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char palettefile[200], *pp; data/fotoxx-20.08/f.effects.cc:3032:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/fotoxx-20.08/f.effects.cc:3038:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); data/fotoxx-20.08/f.effects.cc:4071:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp1[150], temp2[200]; data/fotoxx-20.08/f.effects.cc:4454:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tilefile[maxtiles]; // tile files list (100K x 100 --> 10M) data/fotoxx-20.08/f.effects.cc:4479:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[12]; data/fotoxx-20.08/f.effects.cc:4564:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[12]; data/fotoxx-20.08/f.effects.cc:4802:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(row2,row1,tww * 3); // buffer-overflow unless (see above) data/fotoxx-20.08/f.effects.cc:6933:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix9,pix3,pcc); data/fotoxx-20.08/f.effects.cc:6960:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix9,pix3,pcc); data/fotoxx-20.08/f.effects.cc:7026:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rowname[16], cellname[30]; data/fotoxx-20.08/f.effects.cc:7096:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cellname[20]; data/fotoxx-20.08/f.effects.cc:7097:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *filename, dirname[200]; data/fotoxx-20.08/f.effects.cc:7163:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); // open file data/fotoxx-20.08/f.effects.cc:7186:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); // re-open file and load kernel data data/fotoxx-20.08/f.enhance.cc:1027:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[8]; data/fotoxx-20.08/f.enhance.cc:2151:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mousetext[60]; data/fotoxx-20.08/f.enhance.cc:2998:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sharp_function[4] = ""; data/fotoxx-20.08/f.enhance.cc:3110:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(sharp_function,"UM"); data/fotoxx-20.08/f.enhance.cc:3112:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(sharp_function,"GR"); data/fotoxx-20.08/f.enhance.cc:3114:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(sharp_function,"KH"); data/fotoxx-20.08/f.enhance.cc:3116:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(sharp_function,"MD"); data/fotoxx-20.08/f.enhance.cc:5523:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix9,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:6194:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.enhance.cc:6288:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.enhance.cc:6486:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type, space[3]; data/fotoxx-20.08/f.enhance.cc:6929:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:7440:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:7510:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:7537:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:8172:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:8219:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.enhance.cc:8262:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.enhance.cc:8267:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Crgb[0] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8269:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Crgb[1] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8271:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Crgb[2] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8275:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Rrgb[0] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8277:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Rrgb[1] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8279:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Rrgb[2] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8283:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Brgb[0] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8285:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Brgb[1] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8287:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) Brgb[2] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8512:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20]; data/fotoxx-20.08/f.enhance.cc:8558:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) vignette_RGB[0] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8560:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) vignette_RGB[1] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:8562:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) vignette_RGB[2] = atoi(pp); data/fotoxx-20.08/f.enhance.cc:9299:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.enhance.cc:9321:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.file.cc:117:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char progexe[300], command[1000]; data/fotoxx-20.08/f.file.cc:151:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, buff[XFCC]; data/fotoxx-20.08/f.file.cc:162:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(recentfiles_file,"r"); data/fotoxx-20.08/f.file.cc:191:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, buff[XFCC]; data/fotoxx-20.08/f.file.cc:202:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(recentfiles_file,"r"); data/fotoxx-20.08/f.file.cc:437:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (stat) memcpy(pixp,pixs,3); // fails at image left/right edge data/fotoxx-20.08/f.file.cc:440:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixp,pixss,3); data/fotoxx-20.08/f.file.cc:556:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rename_old[200] = ""; data/fotoxx-20.08/f.file.cc:557:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rename_new[200] = ""; data/fotoxx-20.08/f.file.cc:558:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rename_prev[200] = ""; data/fotoxx-20.08/f.file.cc:643:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pdir, *pfile, *pext, suffix[16]; data/fotoxx-20.08/f.file.cc:692:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (digits) nseq += atoi(pp); // NNN + 1 data/fotoxx-20.08/f.file.cc:698:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pp,"%0*d",digits,nseq); // replace NNN with NNN + 1 data/fotoxx-20.08/f.file.cc:801:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char permissions[100]; data/fotoxx-20.08/f.file.cc:918:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char permown[20], permgrp[20], permoth[20]; data/fotoxx-20.08/f.file.cc:919:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char permissions[100]; data/fotoxx-20.08/f.file.cc:1177:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file,O_RDONLY); data/fotoxx-20.08/f.file.cc:1320:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20], fname[100], fext[8], *filespec; data/fotoxx-20.08/f.file.cc:1412:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[0] = atoi(pp); data/fotoxx-20.08/f.file.cc:1414:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[1] = atoi(pp); data/fotoxx-20.08/f.file.cc:1416:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) RGB[2] = atoi(pp); data/fotoxx-20.08/f.file.cc:1522:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[300], buff[20] = "", *pp = 0; data/fotoxx-20.08/f.file.cc:1533:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (! pp || atoi(pp) < 2) return; data/fotoxx-20.08/f.file.cc:1571:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newloc[200]; data/fotoxx-20.08/f.file.cc:1669:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newname[100], prevname[100]; data/fotoxx-20.08/f.file.cc:1826:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, *pp, newfile[XFCC]; data/fotoxx-20.08/f.file.cc:1877:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfile[200]; data/fotoxx-20.08/f.file.cc:2170:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(printfile,"/printfile.bmp"); // /.../fotoxx-nnnnnn/printfile.bmp data/fotoxx-20.08/f.file.cc:2395:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(curr_file_type,"jpg"); data/fotoxx-20.08/f.file.cc:2548:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newfiletype[8]; data/fotoxx-20.08/f.file.cc:2648:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(rootname + cc,".*"); data/fotoxx-20.08/f.file.cc:2687:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *retname, *pp, pext[8]; data/fotoxx-20.08/f.file.cc:2695:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(pext,".jpg"); data/fotoxx-20.08/f.file.cc:2702:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(retname+cc,".v01"); // return /.../filename.v01.ext data/fotoxx-20.08/f.file.cc:2717:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(retname,"v.01.jpg"); // return /.../filename.v01.jpg data/fotoxx-20.08/f.file.cc:2738:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".v01"); // return /.../filename.v01.ext data/fotoxx-20.08/f.file.cc:2812:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppv[1], *tempfile, *pext, *outfile2; data/fotoxx-20.08/f.file.cc:2813:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edithist[exif_maxcc]; // edit history trail data/fotoxx-20.08/f.file.cc:2898:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tempfile,"-temp."); data/fotoxx-20.08/f.file.cc:2946:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(edithist+cc1+1,"Fotoxx:"); // append " Fotoxx:" data/fotoxx-20.08/f.file.cc:3053:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char permissions[100]; data/fotoxx-20.08/f.file.cc:3266:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldperms[100], newperms[100]; data/fotoxx-20.08/f.file.cc:3267:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext[4]; data/fotoxx-20.08/f.file.cc:3296:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(ext,"tif"); // set corresp. extension ".tif" ... data/fotoxx-20.08/f.file.cc:3298:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(ext,"png"); data/fotoxx-20.08/f.file.cc:3300:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(ext,"jpg"); data/fotoxx-20.08/f.file.cc:3345:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[202], copyfile[208]; data/fotoxx-20.08/f.file.cc:3361:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidr = fopen(filespec,"r"); // open/read input file (may be null) data/fotoxx-20.08/f.file.cc:3363:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidw = fopen(copyfile,"w"); // open/write copy file data/fotoxx-20.08/f.file.cc:3379:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[1000], *prec; data/fotoxx-20.08/f.file.cc:3464:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockname[200]; // lock file name data/fotoxx-20.08/f.file.cc:3515:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(mfolder,"/*"); data/fotoxx-20.08/f.file.cc:3561:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fif_filelist,templist,cc); data/fotoxx-20.08/f.file.cc:3605:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pext,".tif"); data/fotoxx-20.08/f.file.cc:3623:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char operm[50], gperm[50], wperm[50]; data/fotoxx-20.08/f.file.cc:3748:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(perms,", "); data/fotoxx-20.08/f.file.cc:3753:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(perms,", "); data/fotoxx-20.08/f.file.cc:3773:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfile[XFCC]; data/fotoxx-20.08/f.gallery.cc:127:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *gallerypath[60]; // corresp. folder names aaa bbb ... data/fotoxx-20.08/f.gallery.cc:221:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[XFCC]; data/fotoxx-20.08/f.gallery.cc:407:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(galleryname,"r"); // open file data/fotoxx-20.08/f.gallery.cc:651:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppd, ffolder[60]; data/fotoxx-20.08/f.gallery.cc:652:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdt[24], text[200]; data/fotoxx-20.08/f.gallery.cc:789:33: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (xxrec->ww == 0) strcpy(pdt,"not indexed"); data/fotoxx-20.08/f.gallery.cc:790:44: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if (strmatch(pdt,"null")) strcpy(pdt,"undated"); data/fotoxx-20.08/f.gallery.cc:980:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[20], pdate[20], *pp; data/fotoxx-20.08/f.gallery.cc:981:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; data/fotoxx-20.08/f.gallery.cc:1100:30: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (xxrec->ww == 0) strcpy(pp,"not indexed"); data/fotoxx-20.08/f.gallery.cc:1101:40: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if (strmatch(pp,"null")) strcpy(pp,"undated"); data/fotoxx-20.08/f.gallery.cc:1146:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[20], pdate[20], *pp; data/fotoxx-20.08/f.gallery.cc:1148:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wwhh[16], fsize[16]; data/fotoxx-20.08/f.gallery.cc:1149:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; data/fotoxx-20.08/f.gallery.cc:1276:30: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (xxrec->ww == 0) strcpy(pp,"not indexed"); data/fotoxx-20.08/f.gallery.cc:1277:40: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if (strmatch(pp,"null")) strcpy(pp,"undated"); data/fotoxx-20.08/f.gallery.cc:1324:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *dirnamecache[NC]; // cache for recent folder data data/fotoxx-20.08/f.gallery.cc:1389:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char thumbfont[20] = ""; data/fotoxx-20.08/f.gallery.cc:1417:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labtext[100]; data/fotoxx-20.08/f.gallery.cc:1432:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(labtext,"no gallery"); // 20.0 data/fotoxx-20.08/f.gallery.cc:1433:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (gallerytype == SEARCH) sprintf(labtext,"search results"); // search results data/fotoxx-20.08/f.gallery.cc:1434:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (gallerytype == META) sprintf(labtext,"search results"); // search results (metadata report) data/fotoxx-20.08/f.gallery.cc:1435:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (gallerytype == RECENT) sprintf(labtext,"recent images"); // recent images data/fotoxx-20.08/f.gallery.cc:1436:31: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (gallerytype == NEWEST) sprintf(labtext,"newest images"); // newest images data/fotoxx-20.08/f.gallery.cc:1665:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gallerydir[XFCC], *pp; data/fotoxx-20.08/f.gallery.cc:1714:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char folder[200]; data/fotoxx-20.08/f.gallery.cc:1761:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char findcomm[200]; data/fotoxx-20.08/f.gallery.cc:1762:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *albums[200]; data/fotoxx-20.08/f.gallery.cc:1807:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumfile[200]; data/fotoxx-20.08/f.gallery.cc:1832:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumfile[200], *pp, *pp2; data/fotoxx-20.08/f.gallery.cc:2099:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dragfile[200]; data/fotoxx-20.08/f.gallery.cc:2103:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(dragfile,"w"); // and position data/fotoxx-20.08/f.gallery.cc:2124:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dragfile[200], buff[200]; data/fotoxx-20.08/f.gallery.cc:2210:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(dragfile,"r"); // and position data/fotoxx-20.08/f.gallery.cc:2219:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp2) from_posn = atoi(pp2); data/fotoxx-20.08/f.gallery.cc:2357:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[XFCC], *pp; data/fotoxx-20.08/f.gallery.cc:2370:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(gallerymem_file,"r"); // open gallery memiry file data/fotoxx-20.08/f.gallery.cc:2404:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(gallerymem_file,"w"); data/fotoxx-20.08/f.gallery.cc:2489:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, title[200]; data/fotoxx-20.08/f.gallery.cc:2508:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(title,"Fotoxx RECENT FILES"); data/fotoxx-20.08/f.gallery.cc:2511:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(title,"Fotoxx NEWEST FILES"); data/fotoxx-20.08/f.gallery.cc:2513:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(title,"Fotoxx UNKNOWN"); data/fotoxx-20.08/f.gallery.cc:2765:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[16]; // date-time, yyyymmddhhmmss data/fotoxx-20.08/f.gallery.cc:2823:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.gallery.cc:2866:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *popfiles[20]; // last 20 files data/fotoxx-20.08/f.gallery.cc:2897:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ppx2[8], *ppt, *RP; data/fotoxx-20.08/f.gallery.cc:3044:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(thumbfile+cc1+cc2,".jpeg"); // .../image/folder/file.xxx.jpeg data/fotoxx-20.08/f.gallery.cc:3088:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char thumbfile[300] = ""; data/fotoxx-20.08/f.gallery.cc:3117:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char thumbfile[300] = ""; data/fotoxx-20.08/f.gallery.cc:3258:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockname[200]; data/fotoxx-20.08/f.gallery.cc:3579:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char filename[XFCC]; data/fotoxx-20.08/f.gallery.cc:3581:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fgwm[4]; data/fotoxx-20.08/f.gallery.cc:3832:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *removedfiles[100]; // last 100 files removed data/fotoxx-20.08/f.gallery.cc:4176:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumfile[200]; data/fotoxx-20.08/f.gallery.cc:4188:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(albumfile,"w"); data/fotoxx-20.08/f.gallery.cc:4207:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bookmarks[maxbmks]; // bookmark names and files data/fotoxx-20.08/f.gallery.cc:4389:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[XFCC], bmkfile[200]; data/fotoxx-20.08/f.gallery.cc:4397:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(bmkfile,"r"); data/fotoxx-20.08/f.gallery.cc:4425:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bookmarkname[32]; data/fotoxx-20.08/f.gallery.cc:4451:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, bookmarkname[32]; data/fotoxx-20.08/f.gallery.cc:4500:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bmkfile[200]; data/fotoxx-20.08/f.gallery.cc:4501:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bookmarkname[32]; data/fotoxx-20.08/f.gallery.cc:4522:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bookmarks[bmkposn],bookmarkname,30); // replace name in bookmarks list 19.0 data/fotoxx-20.08/f.gallery.cc:4531:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(bmkfile,"w"); data/fotoxx-20.08/f.gallery.cc:4556:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bookmarkline[XFCC+32]; data/fotoxx-20.08/f.gallery.cc:4557:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blanks[33] = " "; data/fotoxx-20.08/f.gallery.cc:4787:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, indent[100]; data/fotoxx-20.08/f.mashup.cc:43:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char projectname[100]; // project name data/fotoxx-20.08/f.mashup.cc:44:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char projectfile[200]; // /.../projectname data/fotoxx-20.08/f.mashup.cc:45:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char layoutfile[XFCC]; // background/layout image file data/fotoxx-20.08/f.mashup.cc:46:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranfile[220]; // /.../projectname_trandata data/fotoxx-20.08/f.mashup.cc:47:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warpfile[220]; // /.../projectname_warpdata data/fotoxx-20.08/f.mashup.cc:171:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[20], *file; data/fotoxx-20.08/f.mashup.cc:324:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) flatRGB[0] = atoi(ppc); data/fotoxx-20.08/f.mashup.cc:326:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) flatRGB[1] = atoi(ppc); data/fotoxx-20.08/f.mashup.cc:328:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) flatRGB[2] = atoi(ppc); data/fotoxx-20.08/f.mashup.cc:490:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(file2,".png"); data/fotoxx-20.08/f.mashup.cc:504:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".png"); data/fotoxx-20.08/f.mashup.cc:581:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[XFCC]; data/fotoxx-20.08/f.mashup.cc:593:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tranfile,"_trandata"); // corresp. transparencies file data/fotoxx-20.08/f.mashup.cc:595:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(warpfile,"_warpdata"); // corresp. warp data file data/fotoxx-20.08/f.mashup.cc:603:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(projectfile,"r"); // open project file data/fotoxx-20.08/f.mashup.cc:833:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). txattr->size = atoi(pp2); data/fotoxx-20.08/f.mashup.cc:890:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nfid = open(tranfile,O_RDONLY); data/fotoxx-20.08/f.mashup.cc:915:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nfid = open(warpfile,O_RDONLY); data/fotoxx-20.08/f.mashup.cc:1003:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, text2[1200]; data/fotoxx-20.08/f.mashup.cc:1015:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tranfile,"_trandata"); // corresp. transparency data file data/fotoxx-20.08/f.mashup.cc:1017:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(warpfile,"_warpdata"); // corresp. warp data file data/fotoxx-20.08/f.mashup.cc:1020:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(projectfile,"w"); data/fotoxx-20.08/f.mashup.cc:1091:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nfid = open(tranfile,O_WRONLY|O_CREAT|O_TRUNC,0640); // write transparencies to binary file data/fotoxx-20.08/f.mashup.cc:1110:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). nfid = open(warpfile,O_WRONLY|O_CREAT|O_TRUNC,0640); // write warp data to binary file data/fotoxx-20.08/f.mashup.cc:1540:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix2,vpix,3); data/fotoxx-20.08/f.mashup.cc:2140:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix2,vpix,3); data/fotoxx-20.08/f.mashup.cc:2508:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[80], fname[70]; data/fotoxx-20.08/f.mashup.cc:2575:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(pp); data/fotoxx-20.08/f.mashup.cc:2702:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savecolor[4][20], flashcolor[20]; data/fotoxx-20.08/f.mashup.cc:2711:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). red = 255 - atoi(strField(text[ii].attr.color[jj],'|',1)); data/fotoxx-20.08/f.mashup.cc:2712:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). green = 255 - atoi(strField(text[ii].attr.color[jj],'|',2)); data/fotoxx-20.08/f.mashup.cc:2713:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). blue = 255 - atoi(strField(text[ii].attr.color[jj],'|',3)); data/fotoxx-20.08/f.mashup.cc:2994:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savecolor[4][20], flashcolor[20]; data/fotoxx-20.08/f.mashup.cc:3003:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). red = 255 - atoi(strField(line[ii].attr.color[jj],'|',1)); data/fotoxx-20.08/f.mashup.cc:3004:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). green = 255 - atoi(strField(line[ii].attr.color[jj],'|',2)); data/fotoxx-20.08/f.mashup.cc:3005:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). blue = 255 - atoi(strField(line[ii].attr.color[jj],'|',3)); data/fotoxx-20.08/f.mashup.cc:4124:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uniquename[100]; // unique montage file name data/fotoxx-20.08/f.mashup.cc:4125:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char montagepath[500]; // suggested folder to save file data/fotoxx-20.08/f.mashup.cc:4148:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100], *filename, *pp, *pp1, *pp2; data/fotoxx-20.08/f.mashup.cc:4463:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.mashup.cc:4590:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(file,"/image (fotoxx montage).jpg"); data/fotoxx-20.08/f.mashup.cc:4750:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char montagemapfile[300]; data/fotoxx-20.08/f.mashup.cc:4755:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(montagemapfile,"w"); data/fotoxx-20.08/f.mashup.cc:4799:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[500], montagemapfile[300]; data/fotoxx-20.08/f.mashup.cc:4821:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(montagemapfile,"r"); data/fotoxx-20.08/f.meta.cc:155:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_pdate[16]; // image (photo) date, yyyymmddhhmmss data/fotoxx-20.08/f.meta.cc:156:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_rating[4]; // image rating in stars, "0" to "5" data/fotoxx-20.08/f.meta.cc:157:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_wwhh[16]; // image width/height, "2345x1234" data/fotoxx-20.08/f.meta.cc:158:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_tags[tagFcc]; // tags for current image file data/fotoxx-20.08/f.meta.cc:159:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_comments[exif_maxcc]; // image comments expanded data/fotoxx-20.08/f.meta.cc:160:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_caption[exif_maxcc]; // image caption data/fotoxx-20.08/f.meta.cc:161:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_location[100], meta_country[100]; // geolocs: location, country data/fotoxx-20.08/f.meta.cc:162:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meta_lati[20], meta_longi[20]; // geolocs: earth coordinates (-123.4567) data/fotoxx-20.08/f.meta.cc:164:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_pdate[16]; // previous file metadata data/fotoxx-20.08/f.meta.cc:165:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_rating[4]; data/fotoxx-20.08/f.meta.cc:166:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_tags[tagFcc]; data/fotoxx-20.08/f.meta.cc:167:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_comments[exif_maxcc]; data/fotoxx-20.08/f.meta.cc:168:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_caption[exif_maxcc]; data/fotoxx-20.08/f.meta.cc:169:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_location[100], p_meta_country[100]; data/fotoxx-20.08/f.meta.cc:170:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char p_meta_lati[20], p_meta_longi[20]; data/fotoxx-20.08/f.meta.cc:172:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *xmeta_data[Mxmeta]; // indexed metadata (xmeta_key[]) data/fotoxx-20.08/f.meta.cc:174:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tags_deftags[maxtagcats]; // defined tags: catg: tag1, ... tagN, data/fotoxx-20.08/f.meta.cc:175:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tags_recentags[tagRcc] = ""; // recently added tags list data/fotoxx-20.08/f.meta.cc:177:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[40], keydata[exif_maxcc]; data/fotoxx-20.08/f.meta.cc:223:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char itemfile[200], buff[100], buff2[100], *pp; data/fotoxx-20.08/f.meta.cc:268:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(itemfile,"r"); data/fotoxx-20.08/f.meta.cc:395:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *itemlist[Mxmeta]; data/fotoxx-20.08/f.meta.cc:462:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyval[NK]; data/fotoxx-20.08/f.meta.cc:464:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *focallength, chsec[12], **text; data/fotoxx-20.08/f.meta.cc:474:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keynamex[NK], *keyvalx[NK]; data/fotoxx-20.08/f.meta.cc:475:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extras_file[200], buff[100], *pp; data/fotoxx-20.08/f.meta.cc:520:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (keyval[1]) fsize = atoi(keyval[1]); // get file size in B/KB/MB units data/fotoxx-20.08/f.meta.cc:545:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(chsec,"null"); data/fotoxx-20.08/f.meta.cc:615:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(extras_file,"r"); data/fotoxx-20.08/f.meta.cc:659:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, *pp, buff[1000]; data/fotoxx-20.08/f.meta.cc:713:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filex[200]; data/fotoxx-20.08/f.meta.cc:715:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *itemlist[Mxmeta], *pp, buff[100]; data/fotoxx-20.08/f.meta.cc:731:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filex,"r"); // read file of extra metadata items data/fotoxx-20.08/f.meta.cc:746:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filex,"w"); // update extras list file data/fotoxx-20.08/f.meta.cc:780:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppv, pdate2[12], ptime2[12]; data/fotoxx-20.08/f.meta.cc:781:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cctext[exif_maxcc+50]; data/fotoxx-20.08/f.meta.cc:782:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RN[4] = "R0"; data/fotoxx-20.08/f.meta.cc:1114:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate2[12], ptime2[12]; // yyyy-mm-dd and hh:mm:ss data/fotoxx-20.08/f.meta.cc:1119:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catgname[tagcc]; data/fotoxx-20.08/f.meta.cc:1120:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newtag[tagcc], matchtags[20][tagcc]; data/fotoxx-20.08/f.meta.cc:1121:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchtagstext[(tagcc+2)*20]; data/fotoxx-20.08/f.meta.cc:1122:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cctext[exif_maxcc+50]; data/fotoxx-20.08/f.meta.cc:1123:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RN[4] = "R0"; data/fotoxx-20.08/f.meta.cc:1124:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100], lati[20], longi[20]; data/fotoxx-20.08/f.meta.cc:1247:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp1,", "); data/fotoxx-20.08/f.meta.cc:1526:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[tagcc], catg[tagcc]; data/fotoxx-20.08/f.meta.cc:1582:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200], buff[100]; data/fotoxx-20.08/f.meta.cc:1584:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp2[1], *pp; data/fotoxx-20.08/f.meta.cc:1654:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); // read metadata list data/fotoxx-20.08/f.meta.cc:1700:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp2[1]; data/fotoxx-20.08/f.meta.cc:1757:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp2[1]; data/fotoxx-20.08/f.meta.cc:1868:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[40]; data/fotoxx-20.08/f.meta.cc:1918:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *keyvals[2]; data/fotoxx-20.08/f.meta.cc:1919:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[200], caption[200], comment[200]; data/fotoxx-20.08/f.meta.cc:1920:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text[604]; data/fotoxx-20.08/f.meta.cc:2019:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addtags[tagMcc]; // tags to add, list data/fotoxx-20.08/f.meta.cc:2020:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deltags[tagMcc]; // tags to remove, list data/fotoxx-20.08/f.meta.cc:2022:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.meta.cc:2341:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catgname[tagcc]; data/fotoxx-20.08/f.meta.cc:2344:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newtag[tagcc], matchtags[20][tagcc]; data/fotoxx-20.08/f.meta.cc:2345:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchtagstext[(tagcc+2)*20]; data/fotoxx-20.08/f.meta.cc:2429:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp1,", "); data/fotoxx-20.08/f.meta.cc:2497:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *oldtags[100]; // tags to rename data/fotoxx-20.08/f.meta.cc:2498:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *newtags[100]; // corresponding new name data/fotoxx-20.08/f.meta.cc:2520:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *oldtaglist[100], *newtaglist[100]; data/fotoxx-20.08/f.meta.cc:2721:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tagname[tagcc]; data/fotoxx-20.08/f.meta.cc:2776:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catgname[tagcc]; data/fotoxx-20.08/f.meta.cc:2777:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldtag[tagcc], newtag[tagcc]; data/fotoxx-20.08/f.meta.cc:2822:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyvalue[1]; data/fotoxx-20.08/f.meta.cc:2823:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.meta.cc:2824:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, olddatetime[24], newdatetime[24]; // exif format "yyyy:mm:dd hh:mm:ss" data/fotoxx-20.08/f.meta.cc:2950:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newdatetime,"-01-01 00:00:00"); // append "-01-01 00:00:00" data/fotoxx-20.08/f.meta.cc:2956:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newdatetime," 00:00:00"); // append " 00:00:00" data/fotoxx-20.08/f.meta.cc:2962:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newdatetime,":00"); // append ":00" data/fotoxx-20.08/f.meta.cc:3033:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(olddatetime,"0000:01:01 00:00:00"); // missing old date/time data/fotoxx-20.08/f.meta.cc:3045:20: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (nn != 6) strcpy(olddatetime,"0000:01:01 00:00:00"); // missing old date/time data/fotoxx-20.08/f.meta.cc:3123:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.meta.cc:3165:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keynameN[12] = "keynameN", keyvalueN[12] = "keyvalueN"; data/fotoxx-20.08/f.meta.cc:3166:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[40], keyvalue[exif_maxcc]; data/fotoxx-20.08/f.meta.cc:3168:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, *pp, text[100]; data/fotoxx-20.08/f.meta.cc:3170:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200], buff[100]; data/fotoxx-20.08/f.meta.cc:3254:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); data/fotoxx-20.08/f.meta.cc:3354:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. zfree((char *) pp1[ii]); data/fotoxx-20.08/f.meta.cc:3355:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. zfree((char *) pp2[ii]); data/fotoxx-20.08/f.meta.cc:3370:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.meta.cc:3402:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keynameX[12] = "keynameX"; data/fotoxx-20.08/f.meta.cc:3403:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[60]; data/fotoxx-20.08/f.meta.cc:3431:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filex[200]; // file for metadata item list data/fotoxx-20.08/f.meta.cc:3444:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/f.meta.cc:3445:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, *pp, text[100]; data/fotoxx-20.08/f.meta.cc:3449:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keynamex[NK], *keyvalx[NK]; data/fotoxx-20.08/f.meta.cc:3493:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filex,"r"); data/fotoxx-20.08/f.meta.cc:3558:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.meta.cc:3559:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *itemlist[Mxmeta], *pp, buff[100]; data/fotoxx-20.08/f.meta.cc:3579:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filex,"r"); // read file of extra metadata items data/fotoxx-20.08/f.meta.cc:3594:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filex,"w"); // update extras list file data/fotoxx-20.08/f.meta.cc:3624:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100]; data/fotoxx-20.08/f.meta.cc:3625:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lati[20], longi[20], text[100]; data/fotoxx-20.08/f.meta.cc:3743:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.meta.cc:3744:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100]; data/fotoxx-20.08/f.meta.cc:3745:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lati[20], longi[20]; data/fotoxx-20.08/f.meta.cc:3840:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[12]; // nominal group date, yyyymmdd data/fotoxx-20.08/f.meta.cc:3866:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char country[100], location[100], pdate[12]; data/fotoxx-20.08/f.meta.cc:3963:35: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (grec[ii].pdate[0] == 0) strcpy(grec[ii].pdate,"null"); data/fotoxx-20.08/f.meta.cc:4161:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[8]; data/fotoxx-20.08/f.meta.cc:4170:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). year = atoi(temp); data/fotoxx-20.08/f.meta.cc:4174:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). month = atoi(temp); data/fotoxx-20.08/f.meta.cc:4178:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). day = atoi(temp); data/fotoxx-20.08/f.meta.cc:4197:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100]; data/fotoxx-20.08/f.meta.cc:4237:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:4302:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[8], nnnnn[8], buff[100]; data/fotoxx-20.08/f.meta.cc:4338:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jj = atoi(pdate); // photo date, 0 to 209912 data/fotoxx-20.08/f.meta.cc:4374:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff+cc,nnnnn,5); // 19.0 data/fotoxx-20.08/f.meta.cc:4400:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *txline, pdate[8], *pp, end; data/fotoxx-20.08/f.meta.cc:4480:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:4499:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jj = atoi(pdate); // 0 to 209912 data/fotoxx-20.08/f.meta.cc:4511:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jj = atoi(pdate); // 0 to 209912 data/fotoxx-20.08/f.meta.cc:4544:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchDateFrom[20] = ""; // search images data/fotoxx-20.08/f.meta.cc:4545:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchDateTo[20] = ""; // format is "yyyy-mm-dd hh:mm" data/fotoxx-20.08/f.meta.cc:4546:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchdatelo[16], searchdatehi[16]; // format is yyyymmddhhmmss data/fotoxx-20.08/f.meta.cc:4548:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchStarsFrom[4] = ""; data/fotoxx-20.08/f.meta.cc:4549:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchStarsTo[4] = ""; data/fotoxx-20.08/f.meta.cc:4551:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchtags[tagScc] = ""; // search tags list data/fotoxx-20.08/f.meta.cc:4552:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchtext[tagScc] = ""; // search comments & captions word list data/fotoxx-20.08/f.meta.cc:4553:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchfiles[tagScc] = ""; // search files list data/fotoxx-20.08/f.meta.cc:4555:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchLocations[200] = ""; // search locations data/fotoxx-20.08/f.meta.cc:4566:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *searchkeys[5]; // metadata keys to search data/fotoxx-20.08/f.meta.cc:4567:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *searchvals[5]; // data values to search for data/fotoxx-20.08/f.meta.cc:4568:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchtype[5]; // match type: string or number < = > data/fotoxx-20.08/f.meta.cc:4587:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char settingsfile[200]; data/fotoxx-20.08/f.meta.cc:4591:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(settingsfile,"r"); // open settings file data/fotoxx-20.08/f.meta.cc:4925:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char **flist, *pp, buffer[XFCC]; data/fotoxx-20.08/f.meta.cc:4926:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mm[4] = "mm"; data/fotoxx-20.08/f.meta.cc:4933:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char entertag[tagcc], matchtags[20][tagcc]; data/fotoxx-20.08/f.meta.cc:4934:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchtagstext[(tagcc+2)*20]; data/fotoxx-20.08/f.meta.cc:4935:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catgname[tagcc]; data/fotoxx-20.08/f.meta.cc:4936:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char albumfile[200]; data/fotoxx-20.08/f.meta.cc:5058:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp1,", "); data/fotoxx-20.08/f.meta.cc:5147:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ii = atoi(searchDateTo); data/fotoxx-20.08/f.meta.cc:5216:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:5242:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"a"); // open output file APPEND 20.0 data/fotoxx-20.08/f.meta.cc:5268:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:5306:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:5345:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"r"); // read file of selected image files data/fotoxx-20.08/f.meta.cc:5370:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // write remaining file list data/fotoxx-20.08/f.meta.cc:5400:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"r"); // read file of selected image files data/fotoxx-20.08/f.meta.cc:5425:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // write remaining file list data/fotoxx-20.08/f.meta.cc:5441:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"r"); // read file of selected image files data/fotoxx-20.08/f.meta.cc:5463:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // new search results file data/fotoxx-20.08/f.meta.cc:5484:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"r"); // read file of selected image files data/fotoxx-20.08/f.meta.cc:5509:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // write remaining file list data/fotoxx-20.08/f.meta.cc:5525:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"r"); // read file of selected image files data/fotoxx-20.08/f.meta.cc:5545:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // new search results file data/fotoxx-20.08/f.meta.cc:5743:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char matchx[8] = "matchx"; data/fotoxx-20.08/f.meta.cc:5744:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char metafile[200], buff[100]; data/fotoxx-20.08/f.meta.cc:5820:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(metafile,"r"); data/fotoxx-20.08/f.meta.cc:5877:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyx[8] = "keyx", valuex[8] = "valuex", matchx[8] = "matchx"; data/fotoxx-20.08/f.meta.cc:5878:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[100]; data/fotoxx-20.08/f.meta.cc:5953:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *keyvals[5]; data/fotoxx-20.08/f.meta.cc:5958:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xkey[Mxmeta][60], xval[Mxmeta][100]; data/fotoxx-20.08/f.meta.cc:6077:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, *kvals[20], blank[4] = " "; data/fotoxx-20.08/f.meta.cc:6078:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text1[2*indexrecl], text2[200]; data/fotoxx-20.08/f.meta.cc:6081:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wwhh[16], fsize[16]; data/fotoxx-20.08/f.meta.cc:6175:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate2[12]; data/fotoxx-20.08/f.meta.cc:6176:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mdate[12]; data/fotoxx-20.08/f.meta.cc:6184:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(pdate2,"-01-01"); data/fotoxx-20.08/f.meta.cc:6186:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(pdate2,"-01"); data/fotoxx-20.08/f.meta.cc:6191:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). year = atoi(pdate2); data/fotoxx-20.08/f.meta.cc:6192:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mon = atoi(pdate2+5); data/fotoxx-20.08/f.meta.cc:6193:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). day = atoi(pdate2+8); data/fotoxx-20.08/f.meta.cc:6200:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mdate,pdate2,4); // return "yyyymmdd" data/fotoxx-20.08/f.meta.cc:6201:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mdate+4,pdate2+5,2); data/fotoxx-20.08/f.meta.cc:6202:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mdate+6,pdate2+8,3); data/fotoxx-20.08/f.meta.cc:6222:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptime2[12]; data/fotoxx-20.08/f.meta.cc:6223:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char mtime[8]; data/fotoxx-20.08/f.meta.cc:6230:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (cc == 5) strcat(ptime2,":00"); // conv. "hh:mm" to "hh:mm:00" data/fotoxx-20.08/f.meta.cc:6235:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hour = atoi(ptime2); data/fotoxx-20.08/f.meta.cc:6236:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min = atoi(ptime2+3); data/fotoxx-20.08/f.meta.cc:6237:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sec = atoi(ptime2+6); data/fotoxx-20.08/f.meta.cc:6242:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtime,ptime2,2); // return "hhmmss" data/fotoxx-20.08/f.meta.cc:6243:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtime+2,ptime2+3,2); data/fotoxx-20.08/f.meta.cc:6244:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mtime+4,ptime2+6,2); data/fotoxx-20.08/f.meta.cc:6261:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[12], ptime[12]; data/fotoxx-20.08/f.meta.cc:6262:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char metadatetime[20]; data/fotoxx-20.08/f.meta.cc:6270:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (cc == 5) strcat(ptime,":00"); // hh:mm >> hh:mm:00 data/fotoxx-20.08/f.meta.cc:6290:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdate,metadate,4); // yyyymmdd to yyyy-mm-dd data/fotoxx-20.08/f.meta.cc:6291:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdate+5,metadate+4,2); data/fotoxx-20.08/f.meta.cc:6292:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pdate+8,metadate+6,2); data/fotoxx-20.08/f.meta.cc:6296:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptime,metadate+8,2); // hhmmss to hh:mm:ss data/fotoxx-20.08/f.meta.cc:6297:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptime+3,metadate+10,2); data/fotoxx-20.08/f.meta.cc:6300:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptime+6,metadate+12,2); data/fotoxx-20.08/f.meta.cc:6326:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). year = atoi(datetime); data/fotoxx-20.08/f.meta.cc:6327:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mon = atoi(datetime+5); data/fotoxx-20.08/f.meta.cc:6328:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). day = atoi(datetime+8); data/fotoxx-20.08/f.meta.cc:6329:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). hour = atoi(datetime+11); data/fotoxx-20.08/f.meta.cc:6330:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min = atoi(datetime+14); data/fotoxx-20.08/f.meta.cc:6331:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (cc == 19) sec = atoi(datetime+17); data/fotoxx-20.08/f.meta.cc:6354:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp1, *pp2, tag1[tagcc]; data/fotoxx-20.08/f.meta.cc:6382:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(taglist + cc2 + cc1, ", "); // add delimiter + space data/fotoxx-20.08/f.meta.cc:6395:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fotoxx[8] = "fotoxx"; data/fotoxx-20.08/f.meta.cc:6443:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(taglist + ftcc, ", "); // + delim + blank data/fotoxx-20.08/f.meta.cc:6455:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, temptags[tagRcc]; data/fotoxx-20.08/f.meta.cc:6488:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag[tagcc], catg[tagcc]; data/fotoxx-20.08/f.meta.cc:6489:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tagsbuff[tagGcc]; data/fotoxx-20.08/f.meta.cc:6491:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptags[maxtags][tagcc]; // 10000 * 50 = 0.5 MB data/fotoxx-20.08/f.meta.cc:6506:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(tags_defined_file,"r"); // read tags_defined file data/fotoxx-20.08/f.meta.cc:6575:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tags_deftags[nocat],"nocatg: "); data/fotoxx-20.08/f.meta.cc:6615:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tags_deftags[nocat] + nocatcc, ", "); // + delim + blank data/fotoxx-20.08/f.meta.cc:6667:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp2,": "); // pp2 = "category: " data/fotoxx-20.08/f.meta.cc:6674:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp2,", "); data/fotoxx-20.08/f.meta.cc:6719:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(tags_defined_file,"w"); // write tags_defined file data/fotoxx-20.08/f.meta.cc:6745:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag2[tagcc+4]; data/fotoxx-20.08/f.meta.cc:6750:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tag2+cc,", "); data/fotoxx-20.08/f.meta.cc:6779:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catg1[tagcc], tag1[tagcc]; data/fotoxx-20.08/f.meta.cc:6782:16: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! catg) strcpy(catg1,"nocatg"); data/fotoxx-20.08/f.meta.cc:6785:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! cc) strcpy(catg1,"nocatg"); data/fotoxx-20.08/f.meta.cc:6828:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp2+cc2+cc1,", "); data/fotoxx-20.08/f.meta.cc:6856:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tag2[tagcc+4]; data/fotoxx-20.08/f.meta.cc:6863:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tag2+cc,", "); data/fotoxx-20.08/f.meta.cc:6896:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catgname[tagcc+4]; data/fotoxx-20.08/f.meta.cc:6918:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(catgname,": "); data/fotoxx-20.08/f.meta.cc:6935:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char catgname[tagcc+2]; data/fotoxx-20.08/f.meta.cc:6968:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usedtag[tagcc], tagsbuff[tagGcc]; data/fotoxx-20.08/f.meta.cc:6975:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(tags_defined_file,"r"); // read tags_defined file data/fotoxx-20.08/f.meta.cc:7066:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppv[100], *imagedate, *imagetags, *imagestars; data/fotoxx-20.08/f.meta.cc:7134:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(meta_wwhh,"no data"); data/fotoxx-20.08/f.meta.cc:7202:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imagedate[24]; data/fotoxx-20.08/f.meta.cc:7254:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xmetarec[1000]; data/fotoxx-20.08/f.meta.cc:7309:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xmetarec+xcc,"^ "); data/fotoxx-20.08/f.meta.cc:7344:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lati[20], longi[20]; data/fotoxx-20.08/f.meta.cc:7345:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[100], URI[300]; data/fotoxx-20.08/f.meta.cc:7346:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp1, *pp2, buffer[200]; data/fotoxx-20.08/f.meta.cc:7347:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100]; data/fotoxx-20.08/f.meta.cc:7370:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(outfile,"r"); // get response data/fotoxx-20.08/f.meta.cc:7412:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100]; data/fotoxx-20.08/f.meta.cc:7449:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! *location) strcpy(location,"null"); // geocoordinates but no location 20.0 data/fotoxx-20.08/f.meta.cc:7450:23: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! *country) strcpy(country,"null"); data/fotoxx-20.08/f.meta.cc:7548:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100], text[200]; data/fotoxx-20.08/f.meta.cc:7549:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lati[20], longi[20], *matches[20][2]; data/fotoxx-20.08/f.meta.cc:7706:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[100], country[100]; data/fotoxx-20.08/f.meta.cc:7707:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lati[20], longi[20]; data/fotoxx-20.08/f.meta.cc:7954:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapname[100]; data/fotoxx-20.08/f.meta.cc:7975:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapindex[200], mapfile[200]; data/fotoxx-20.08/f.meta.cc:7976:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/f.meta.cc:8002:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(mapname,"World.jpg"); // use default world map data/fotoxx-20.08/f.meta.cc:8006:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mapindex,"r"); // open map index file data/fotoxx-20.08/f.meta.cc:8029:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mapindex,"r"); // open user map index data/fotoxx-20.08/f.meta.cc:8075:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mapindex,"r"); data/fotoxx-20.08/f.meta.cc:8091:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mapindex,"r"); data/fotoxx-20.08/f.meta.cc:8337:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.meta.cc:8443:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:8564:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[200]; data/fotoxx-20.08/f.meta.cc:8645:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapbox_total_uri[200]; data/fotoxx-20.08/f.meta.cc:8870:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.meta.cc:8990:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(searchresults_file,"w"); // open output file data/fotoxx-20.08/f.meta.cc:9064:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char locname[60]; data/fotoxx-20.08/f.meta.cc:9067:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char netmaplocfile[200]; data/fotoxx-20.08/f.meta.cc:9068:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/fotoxx-20.08/f.meta.cc:9135:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(netmaplocfile,"r"); // map location list file data/fotoxx-20.08/f.meta.cc:9236:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidr = fopen(netmaplocfile,"r"); // update dialog list from file data/fotoxx-20.08/f.meta.cc:9277:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidr = fopen(netmaplocfile,"r"); // open/read netmap locs file data/fotoxx-20.08/f.meta.cc:9309:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). loczoom = atoi(pp1); data/fotoxx-20.08/f.meta.cc:9339:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, geostring[20]; data/fotoxx-20.08/f.meta.cc:9340:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *inputs[120], *outputs[100]; // higher limits data/fotoxx-20.08/f.meta.cc:9367:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(inputs[jj]+1,"city"); data/fotoxx-20.08/f.meta.cc:9438:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *inputs[40]; data/fotoxx-20.08/f.meta.cc:9460:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(inputs[jj]+1,"city"); data/fotoxx-20.08/f.meta.cc:9510:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *inputs[40]; // revised data/fotoxx-20.08/f.meta.cc:9598:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inputfile1[200]; data/fotoxx-20.08/f.meta.cc:9599:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inputfile2[200]; data/fotoxx-20.08/f.meta.cc:9665:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, command[200]; data/fotoxx-20.08/f.meta.cc:9666:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outrec[exif_maxcc]; // single output record data/fotoxx-20.08/f.meta.cc:9671:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen(inputfile,"a"); data/fotoxx-20.08/f.meta.cc:9684:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen(inputfile,"w"); // start exiftool input file data/fotoxx-20.08/f.meta.cc:9744:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, command[200]; data/fotoxx-20.08/f.meta.cc:9745:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outrec[exif_maxcc]; // single output record data/fotoxx-20.08/f.meta.cc:9750:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen(inputfile,"a"); data/fotoxx-20.08/f.meta.cc:9763:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen(inputfile,"w"); // start exiftool input file data/fotoxx-20.08/f.meta.cc:9844:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exifdate,"1900:01:01 00:00:00"); data/fotoxx-20.08/f.meta.cc:9872:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[16], *RP; data/fotoxx-20.08/f.meta.cc:9930:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xxrec.pdate,"null"); data/fotoxx-20.08/f.meta.cc:9989:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(xxrec_new->pdate,"null"); data/fotoxx-20.08/f.meta.cc:10077:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(index_file,"a"); // append new record to image index file data/fotoxx-20.08/f.meta.cc:10133:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff[indexrecl]; data/fotoxx-20.08/f.meta.cc:10136:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[16], pdate[16], rating[4]; data/fotoxx-20.08/f.meta.cc:10142:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(index_file,"r"); data/fotoxx-20.08/f.meta.cc:10258:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[16]; data/fotoxx-20.08/f.meta.cc:10263:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(index_file,"w"); data/fotoxx-20.08/f.meta.cc:10280:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! *pdate) strcpy(pdate,"undated"); data/fotoxx-20.08/f.pixmap.cc:128:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pxm->wmi,"pxmpix"); data/fotoxx-20.08/f.pixmap.cc:146:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pxm->wmi,"xxxxxx"); data/fotoxx-20.08/f.pixmap.cc:234:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,cc); data/fotoxx-20.08/f.pixmap.cc:272:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,cc); data/fotoxx-20.08/f.pixmap.cc:301:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pxm2->pixels,pxm1->pixels,cc); data/fotoxx-20.08/f.pixmap.cc:328:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pcc); data/fotoxx-20.08/f.pixmap.cc:506:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixel2,chan,pcc); data/fotoxx-20.08/f.pixmap.cc:636:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,chan,pcc); data/fotoxx-20.08/f.pixmap.cc:679:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix0,pcc); data/fotoxx-20.08/f.pixmap.cc:743:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,pcc); data/fotoxx-20.08/f.pixmap.cc:764:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pxb->wmi,"pxbpix"); data/fotoxx-20.08/f.pixmap.cc:793:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pxb->wmi,"xxxxxx"); data/fotoxx-20.08/f.pixmap.cc:824:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.pixmap.cc:869:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.pixmap.cc:902:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pxb2->pixels,pxb1->pixels,cc); data/fotoxx-20.08/f.pixmap.cc:927:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pxb2->pixels + row2 * pxb2->rs + px2 * pxb2->nc, data/fotoxx-20.08/f.pixmap.cc:1915:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(framefile,"/frame1.jpg"); data/fotoxx-20.08/f.pixmap.cc:1929:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"video"); data/fotoxx-20.08/f.pixmap.cc:1941:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"jpg"); data/fotoxx-20.08/f.pixmap.cc:1946:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"tif"); data/fotoxx-20.08/f.pixmap.cc:1951:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"png"); data/fotoxx-20.08/f.pixmap.cc:1956:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"heic"); data/fotoxx-20.08/f.pixmap.cc:1961:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"jp2"); data/fotoxx-20.08/f.pixmap.cc:1966:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"other"); data/fotoxx-20.08/f.pixmap.cc:1972:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"RAW"); data/fotoxx-20.08/f.pixmap.cc:1978:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"none"); data/fotoxx-20.08/f.pixmap.cc:2027:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"jpg"); data/fotoxx-20.08/f.pixmap.cc:2032:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"tif"); data/fotoxx-20.08/f.pixmap.cc:2037:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"png"); data/fotoxx-20.08/f.pixmap.cc:2042:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"heic"); data/fotoxx-20.08/f.pixmap.cc:2047:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"jp2"); data/fotoxx-20.08/f.pixmap.cc:2052:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"other"); data/fotoxx-20.08/f.pixmap.cc:2058:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"RAW"); data/fotoxx-20.08/f.pixmap.cc:2064:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(f_load_type,"none"); data/fotoxx-20.08/f.pixmap.cc:2192:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); data/fotoxx-20.08/f.pixmap.cc:2315:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); data/fotoxx-20.08/f.pixmap.cc:2404:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); data/fotoxx-20.08/f.pixmap.cc:2481:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); data/fotoxx-20.08/f.pixmap.cc:2559:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/fotoxx-20.08/f.pixmap.cc:2888:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); // open file data/fotoxx-20.08/f.pixmap.cc:2949:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pngbuff+row*rs1,pngrows[row],rs1); data/fotoxx-20.08/f.pixmap.cc:2983:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); // open file data/fotoxx-20.08/f.pixmap.cc:3043:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pngbuff+row*rs1,pngrows[row],rs1); data/fotoxx-20.08/f.pixmap.cc:3080:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); // open output file data/fotoxx-20.08/f.pixmap.cc:3153:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); // open output file data/fotoxx-20.08/f.pixmap.cc:3237:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".jpg"); data/fotoxx-20.08/f.pixmap.cc:3245:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,"-1.jpg"); data/fotoxx-20.08/f.pixmap.cc:3289:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".jpg"); data/fotoxx-20.08/f.pixmap.cc:3297:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,"-1.jpg"); data/fotoxx-20.08/f.pixmap.cc:3361:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".tif"); data/fotoxx-20.08/f.pixmap.cc:3416:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".tif"); data/fotoxx-20.08/f.pixmap.cc:3504:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.pixmap.cc:3675:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".tiff"); data/fotoxx-20.08/f.pixmap.cc:3703:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".tiff"); data/fotoxx-20.08/f.pixmap.cc:3735:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".tiff"); data/fotoxx-20.08/f.pixmap.cc:3841:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".thumb.jpg"); data/fotoxx-20.08/f.pixmap.cc:3846:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp+6,".ppm"); data/fotoxx-20.08/f.pixmap.cc:3973:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".thumb.jpg"); data/fotoxx-20.08/f.pixmap.cc:3978:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp+6,".ppm"); data/fotoxx-20.08/f.pixmap.cc:4155:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.pixmap.cc:4165:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.pixmap.cc:4176:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,3); data/fotoxx-20.08/f.pixmap.cc:4186:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,4); data/fotoxx-20.08/f.pixmap.cc:4590:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,6); data/fotoxx-20.08/f.pixmap.cc:4600:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,6); data/fotoxx-20.08/f.pixmap.cc:4611:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,6); data/fotoxx-20.08/f.pixmap.cc:4621:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,8); data/fotoxx-20.08/f.pixmap.cc:5026:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2, pix1, 3 * sizeof(float)); data/fotoxx-20.08/f.pixmap.cc:5036:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2, pix1, 3 * sizeof(float)); data/fotoxx-20.08/f.pixmap.cc:5047:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2, pix1, 3 * sizeof(float)); data/fotoxx-20.08/f.pixmap.cc:5057:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2, pix1, 4 * sizeof(float)); data/fotoxx-20.08/f.process.cc:53:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newloc[500], newname[200], newext[8]; data/fotoxx-20.08/f.process.cc:73:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *infile, *outfile, tempfile[300]; data/fotoxx-20.08/f.process.cc:76:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tempname, seqplug[8], seqnum[8]; data/fotoxx-20.08/f.process.cc:77:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char plugyyyy[8], plugmm[4], plugdd[4]; data/fotoxx-20.08/f.process.cc:79:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp1, *ppv[2], text[100]; data/fotoxx-20.08/f.process.cc:351:46: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (strcasestr(".jpg .jpeg",inext)) strcpy(outext,".jpg"); // new .ext from existing .ext data/fotoxx-20.08/f.process.cc:352:45: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if (strcasestr(".png",inext)) strcpy(outext,".png"); data/fotoxx-20.08/f.process.cc:353:51: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else if (strcasestr(".tif .tiff",inext)) strcpy(outext,".tif"); data/fotoxx-20.08/f.process.cc:354:15: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(outext,".jpg"); // unknown >> .jpg data/fotoxx-20.08/f.process.cc:589:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, badplug[20]; data/fotoxx-20.08/f.process.cc:590:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.process.cc:699:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(newext,".jpg"); data/fotoxx-20.08/f.process.cc:701:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(newext,".tif"); data/fotoxx-20.08/f.process.cc:703:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (ii) strcpy(newext,".png"); data/fotoxx-20.08/f.process.cc:807:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mess0[60], mess1[100], mess2[60], mess2a[60], mess3[60], mess4[550], data/fotoxx-20.08/f.process.cc:809:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warnmess[1000]; data/fotoxx-20.08/f.process.cc:820:43: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Fcopymeta || Fupright || Fsharpen) strcat(mess5,"\n "); data/fotoxx-20.08/f.process.cc:821:57: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Fcopymeta) { strcat(mess5,E2X("Copy Metadata")); strcat(mess5," "); } data/fotoxx-20.08/f.process.cc:822:50: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Fupright) { strcat(mess5,E2X("Upright")); strcat(mess5," "); } data/fotoxx-20.08/f.process.cc:823:50: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Fsharpen) { strcat(mess5,E2X("Sharpen")); strcat(mess5," "); } data/fotoxx-20.08/f.process.cc:953:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp1, *pp2, *ppv[1], text[100]; data/fotoxx-20.08/f.process.cc:1047:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp2,"-temp"); data/fotoxx-20.08/f.process.cc:1106:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.process.cc:1166:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file, text[100]; data/fotoxx-20.08/f.process.cc:1280:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.process.cc:1322:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location[400], biasfile[400]; data/fotoxx-20.08/f.process.cc:1340:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.process.cc:1558:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80], *ploc; data/fotoxx-20.08/f.process.cc:1703:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mydvd[60]; data/fotoxx-20.08/f.process.cc:1716:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, text[100]; data/fotoxx-20.08/f.process.cc:1719:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char burnlist[200], buffer[200]; data/fotoxx-20.08/f.process.cc:1720:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dvddev[20][4], dvddesc[40][4], dvddevdesc[60][4]; // up to 4 DVD/BR devices data/fotoxx-20.08/f.process.cc:1781:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(dvddevdesc[ii]," "); data/fotoxx-20.08/f.process.cc:1820:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(burnlist,"w"); data/fotoxx-20.08/f.process.cc:1849:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.process.cc:1875:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outfile[300]; data/fotoxx-20.08/f.process.cc:1890:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.process.cc:1947:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(outfile,"w"); // open output file data/fotoxx-20.08/f.process.cc:1973:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.process.cc:2000:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tolocation[500]; data/fotoxx-20.08/f.process.cc:2018:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *infile, *outfile, *pp, text[100]; data/fotoxx-20.08/f.process.cc:2024:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *kdata[NK]; data/fotoxx-20.08/f.process.cc:2087:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,".jpg"); data/fotoxx-20.08/f.process.cc:2142:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.process.cc:2292:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). script_fid = fopen(scriptfile,"w"); // open script file data/fotoxx-20.08/f.process.cc:2357:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200], *pp; data/fotoxx-20.08/f.process.cc:2384:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(scriptfile,"r"); data/fotoxx-20.08/f.process.cc:2405:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/f.process.cc:2406:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, menuname[40]; data/fotoxx-20.08/f.process.cc:2416:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). script_fid = fopen(scriptfile,"r"); // open script file data/fotoxx-20.08/f.process.cc:2504:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(curr_file_type,"tif"); data/fotoxx-20.08/f.process.cc:2535:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.process.cc:2575:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.tools.cc:89:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[200], buff[200], sthumbfolder[200]; data/fotoxx-20.08/f.tools.cc:183:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"r"); data/fotoxx-20.08/f.tools.cc:225:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"w"); data/fotoxx-20.08/f.tools.cc:280:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *dirlist[maxtopfolders]; data/fotoxx-20.08/f.tools.cc:345:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(sthumbfolder,"/thumbnails"); // append /thumbnails data/fotoxx-20.08/f.tools.cc:382:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sthumbfolder[200], indexfile[200]; data/fotoxx-20.08/f.tools.cc:391:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(indexfile,"w"); data/fotoxx-20.08/f.tools.cc:437:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[200], buff[XFCC+500]; data/fotoxx-20.08/f.tools.cc:471:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"r"); data/fotoxx-20.08/f.tools.cc:508:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"w"); // create stump index config file data/fotoxx-20.08/f.tools.cc:1124:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xmetarec[1000]; // max. extra metadata, bytes data/fotoxx-20.08/f.tools.cc:1132:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ppv[100], *exiffile = 0; data/fotoxx-20.08/f.tools.cc:1242:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(xmetarec+xcc,"^ "); data/fotoxx-20.08/f.tools.cc:1251:37: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! xxrec_tab[xrec]->pdate[0]) strcpy(xxrec_tab[xrec]->pdate,"null"); // missing values are "null" data/fotoxx-20.08/f.tools.cc:1443:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldhome[200], newhome[200]; data/fotoxx-20.08/f.tools.cc:1444:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldstring[200], newstring[200]; data/fotoxx-20.08/f.tools.cc:1445:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, configfile[200], buff[200], fotoxxhome[100]; data/fotoxx-20.08/f.tools.cc:1518:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(configfile,"r"); data/fotoxx-20.08/f.tools.cc:1548:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(fotoxxhome,"w"); data/fotoxx-20.08/f.tools.cc:1602:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txrgb[20], pct_scale[40]; data/fotoxx-20.08/f.tools.cc:1836:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (tiff_comp_method == atoi(tiffopt[ii][1])) data/fotoxx-20.08/f.tools.cc:1916:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, temp[200]; data/fotoxx-20.08/f.tools.cc:1918:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txrgb[20]; data/fotoxx-20.08/f.tools.cc:2025:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) FBrgb[0] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2027:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) FBrgb[1] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2029:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) FBrgb[2] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2033:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) GBrgb[0] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2035:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) GBrgb[1] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2037:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) GBrgb[2] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2070:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) MFrgb[0] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2072:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) MFrgb[1] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2074:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) MFrgb[2] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2078:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) MBrgb[0] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2080:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) MBrgb[1] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2082:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ppc) MBrgb[2] = atoi(ppc); data/fotoxx-20.08/f.tools.cc:2098:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (ii < NTO) tiff_comp_method = atoi(tiffopt[ii][1]); data/fotoxx-20.08/f.tools.cc:2271:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sortlist[maxkbsf]; data/fotoxx-20.08/f.tools.cc:2351:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortkey[20]; data/fotoxx-20.08/f.tools.cc:2352:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortfunc[60]; data/fotoxx-20.08/f.tools.cc:2409:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[20]; data/fotoxx-20.08/f.tools.cc:2426:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(keyname,"F1"); data/fotoxx-20.08/f.tools.cc:2434:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Ctrl) strcat(keyname,"Ctrl+"); // [Ctrl+] [Alt+] [Shift+] key data/fotoxx-20.08/f.tools.cc:2435:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Alt) strcat(keyname,"Alt+"); data/fotoxx-20.08/f.tools.cc:2436:18: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (Shift) strcat(keyname,"Shift+"); data/fotoxx-20.08/f.tools.cc:2468:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortkey[20]; data/fotoxx-20.08/f.tools.cc:2469:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortfunc[60]; data/fotoxx-20.08/f.tools.cc:2470:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kbfile[200]; data/fotoxx-20.08/f.tools.cc:2563:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(kbfile,"w"); data/fotoxx-20.08/f.tools.cc:2587:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char kbfile[200], buff[200]; data/fotoxx-20.08/f.tools.cc:2600:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(kbfile,"r"); data/fotoxx-20.08/f.tools.cc:3105:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix1,pix2,nch); data/fotoxx-20.08/f.tools.cc:3162:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100], *pp; data/fotoxx-20.08/f.tools.cc:3163:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempfile[200], albumfile[200]; data/fotoxx-20.08/f.tools.cc:3324:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Tdata[ii]->pixels,pixels,cc); // thumbnail pixels data/fotoxx-20.08/f.tools.cc:3359:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(tempfile,"w"); data/fotoxx-20.08/f.tools.cc:3499:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20], *pp, *pp2; data/fotoxx-20.08/f.tools.cc:3649:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hbx[8] = "hbx", pixx[8] = "pixx"; // last char. is '0' to '9' data/fotoxx-20.08/f.tools.cc:3810:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char label[9][4] = { " A ", " B ", " C ", " D ", " E ", // labels A-I for last 0-9 clicked pixels data/fotoxx-20.08/f.tools.cc:3817:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100], pixx[8] = "pixx"; data/fotoxx-20.08/f.tools.cc:3909:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ICCprofilename[100]; // new color profile name data/fotoxx-20.08/f.tools.cc:3910:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colorprof1[200] = "/usr/share/color/icc/colord/AdobeRGB1998.icc"; data/fotoxx-20.08/f.tools.cc:3911:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char colorprof2[200] = "/usr/share/color/icc/colord/sRGB.icc"; data/fotoxx-20.08/f.tools.cc:4132:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printchartfile[200]; data/fotoxx-20.08/f.tools.cc:4133:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scanchartfile[200]; data/fotoxx-20.08/f.tools.cc:4353:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapfile[200], *pp, *pp2; data/fotoxx-20.08/f.tools.cc:4508:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mapfile,"w"); data/fotoxx-20.08/f.tools.cc:4536:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapfile[200]; data/fotoxx-20.08/f.tools.cc:4541:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp2, printfile[100]; data/fotoxx-20.08/f.tools.cc:4585:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mapfile,"r"); // read color map file data/fotoxx-20.08/f.tools.cc:4939:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,Bblack)) memcpy(LINE_COLOR,BLACK,3*sizeof(int)); // set selected color 19.0 data/fotoxx-20.08/f.tools.cc:4940:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,Bwhite)) memcpy(LINE_COLOR,WHITE,3*sizeof(int)); data/fotoxx-20.08/f.tools.cc:4941:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,Bred)) memcpy(LINE_COLOR,RED,3*sizeof(int)); data/fotoxx-20.08/f.tools.cc:4942:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (strmatch(event,Bgreen)) memcpy(LINE_COLOR,GREEN,3*sizeof(int)); data/fotoxx-20.08/f.tools.cc:5021:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[8]; data/fotoxx-20.08/f.tools.cc:5080:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bias_map_file[200] = ""; data/fotoxx-20.08/f.tools.cc:5096:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.tools.cc:5149:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char countmess[80]; data/fotoxx-20.08/f.tools.cc:5204:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[100]; data/fotoxx-20.08/f.tools.cc:5347:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *data[2]; data/fotoxx-20.08/f.tools.cc:5369:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); // open for write data/fotoxx-20.08/f.tools.cc:5452:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); data/fotoxx-20.08/f.tools.cc:5552:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dead_pixels_file[200] = ""; // dead pixel map file data/fotoxx-20.08/f.tools.cc:5723:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.tools.cc:5842:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *data[2]; data/fotoxx-20.08/f.tools.cc:5861:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); // open for write data/fotoxx-20.08/f.tools.cc:5906:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); // open file data/fotoxx-20.08/f.tools.cc:6043:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[200]; data/fotoxx-20.08/f.tools.cc:6110:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gammachart[200]; data/fotoxx-20.08/f.tools.cc:6201:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lang1[NL], *pp; data/fotoxx-20.08/f.tools.cc:6288:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tranfile[200], *pp; // ask to export translation file 20.0 data/fotoxx-20.08/f.tools.cc:6332:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff1[100], buff2[1000]; data/fotoxx-20.08/f.tools.cc:6345:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(buff1,"r"); data/fotoxx-20.08/f.tools.cc:6373:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/fotoxx-20.08/f.warp.cc:352:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:369:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char PSP_pixlab[4][4] = { " A ", " B ", " C ", " D " }; data/fotoxx-20.08/f.warp.cc:725:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix1,pcc); data/fotoxx-20.08/f.warp.cc:954:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:1056:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:1063:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pcc); data/fotoxx-20.08/f.warp.cc:1318:24: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:1455:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:1621:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:1791:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:2031:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix1,pcc); data/fotoxx-20.08/f.warp.cc:2336:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:2791:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:3025:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dpix,spix,pcc); data/fotoxx-20.08/f.warp.cc:3532:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (vstat) memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:3760:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:3986:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,vpix,pcc); data/fotoxx-20.08/f.warp.cc:4227:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix1,pixcc); data/fotoxx-20.08/f.warp.cc:4259:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char texthole[20], texttop[20], textbott[20]; data/fotoxx-20.08/f.warp.cc:4411:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix9,pix1, ww1 * pixcc); data/fotoxx-20.08/f.warp.cc:4478:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix3,pix9,pixcc); data/fotoxx-20.08/f.warp.cc:4577:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[20]; data/fotoxx-20.08/f.warp.cc:4606:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) color[0] = atoi(pp); data/fotoxx-20.08/f.warp.cc:4608:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) color[1] = atoi(pp); data/fotoxx-20.08/f.warp.cc:4610:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) color[2] = atoi(pp); data/fotoxx-20.08/f.warp.cc:4715:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(spix,color,pcc); data/fotoxx-20.08/f.warp.cc:4753:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PXMpix(E3pxm,px,py),PXMpix(E1pxm,px,py),pcc); data/fotoxx-20.08/f.widgets.cc:1029:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lastWM[4] = "M"; data/fotoxx-20.08/f.widgets.cc:1144:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char menuconfigfile[200]; data/fotoxx-20.08/fotoxx.cc:135:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cssfile[200]; data/fotoxx-20.08/fotoxx.cc:140:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200], buff[200]; data/fotoxx-20.08/fotoxx.cc:278:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LINE_COLOR,RED,3*sizeof(int)); // initial foreground drawing color data/fotoxx-20.08/fotoxx.cc:368:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cloxx = atoi(argv[ii+1]); // window position and size data/fotoxx-20.08/fotoxx.cc:369:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cloyy = atoi(argv[ii+2]); // passed from parent instance data/fotoxx-20.08/fotoxx.cc:370:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cloww = atoi(argv[ii+3]); data/fotoxx-20.08/fotoxx.cc:371:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). clohh = atoi(argv[ii+4]); data/fotoxx-20.08/fotoxx.cc:387:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). jj = atoi(argv[++ii]); // (0/1/2 = none/old/old+new files) data/fotoxx-20.08/fotoxx.cc:468:21: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (! Fdcraw) strcat(buff,"\n dcraw (RAW files and thumbnails)"); data/fotoxx-20.08/fotoxx.cc:469:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (! Fexiftool) strcat(buff,"\n exiftool (view/edit image metadata)"); data/fotoxx-20.08/fotoxx.cc:476:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(imagefiletypes,".heic "); data/fotoxx-20.08/fotoxx.cc:480:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(imagefiletypes,".jp2 "); data/fotoxx-20.08/fotoxx.cc:542:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(desktopname,"Desktop"); data/fotoxx-20.08/fotoxx.cc:545:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); data/fotoxx-20.08/fotoxx.cc:883:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100]; data/fotoxx-20.08/fotoxx.cc:885:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mslfileB[200], mslfileU[200]; data/fotoxx-20.08/fotoxx.cc:886:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *mslistB[200], *mslistU[200]; data/fotoxx-20.08/fotoxx.cc:888:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char maxexceeded[100]; data/fotoxx-20.08/fotoxx.cc:895:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mslfileB,"r"); data/fotoxx-20.08/fotoxx.cc:906:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mslfileU,"r"); data/fotoxx-20.08/fotoxx.cc:922:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(mslfileU,"w"); data/fotoxx-20.08/fotoxx.cc:1045:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, text1[300], text2[200]; data/fotoxx-20.08/fotoxx.cc:1046:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digitblank[4] = " "; // digit blank: 0x2007 0x00 data/fotoxx-20.08/fotoxx.cc:1047:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ptext1[300] = ""; data/fotoxx-20.08/fotoxx.cc:1162:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nn[4]; data/fotoxx-20.08/fotoxx.cc:1174:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(doneposn,nn,2); // 19.13 data/fotoxx-20.08/fotoxx.cc:1394:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(pix,bgpix,3); data/fotoxx-20.08/fotoxx.cc:1907:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortkey[20] = ""; data/fotoxx-20.08/fotoxx.cc:1997:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(shortkey,"F1"); // convert to "F2" etc. data/fotoxx-20.08/fotoxx.cc:2003:28: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (KBcontrolkey) strcat(shortkey,"Ctrl+"); // build input key combination data/fotoxx-20.08/fotoxx.cc:2004:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (KBaltkey) strcat(shortkey,"Alt+"); // [Ctrl+] [Alt+] [Shift+] key data/fotoxx-20.08/fotoxx.cc:2005:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (KBshiftkey) strcat(shortkey,"Shift+"); data/fotoxx-20.08/fotoxx.cc:2163:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char meta_pdate[16]; // image (photo) date, yyyymmddhhmmss data/fotoxx-20.08/fotoxx.cc:2171:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, titlebar[250]; data/fotoxx-20.08/fotoxx.cc:2172:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[12], ptime[12], pdatetime[24]; data/fotoxx-20.08/fotoxx.cc:2173:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[100], gname[100], ffolder[100]; data/fotoxx-20.08/fotoxx.cc:2188:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ffolder+95,"..."); data/fotoxx-20.08/fotoxx.cc:2206:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(pdatetime,"(undated)"); data/fotoxx-20.08/fotoxx.cc:2215:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(gname,"SEARCH RESULTS"); data/fotoxx-20.08/fotoxx.cc:2220:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(gname,"ALBUM: "); data/fotoxx-20.08/fotoxx.cc:2224:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(gname,"RECENT FILES"); data/fotoxx-20.08/fotoxx.cc:2226:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(gname,"NEWEST FILES"); data/fotoxx-20.08/fotoxx.cc:2228:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(gname,"NO GALLERY"); data/fotoxx-20.08/fotoxx.cc:2636:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char priorfont[40] = ""; data/fotoxx-20.08/fotoxx.cc:3467:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pfile, *pp, buff[300]; data/fotoxx-20.08/fotoxx.cc:3476:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(pfile,"r"); data/fotoxx-20.08/fotoxx.cc:3561:15: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (pp) strcpy(pp,".curve"); data/fotoxx-20.08/fotoxx.cc:3562:12: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. else strcat(pfile,".curve"); data/fotoxx-20.08/fotoxx.cc:3564:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(pfile,"w"); data/fotoxx-20.08/fotoxx.cc:3924:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *filename, dirname[200], buff[1000]; data/fotoxx-20.08/fotoxx.cc:3925:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wname, *wdata, wdata2[1000]; data/fotoxx-20.08/fotoxx.cc:3934:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); data/fotoxx-20.08/fotoxx.cc:3989:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *filename, dirname[200]; data/fotoxx-20.08/fotoxx.cc:3990:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wtype, *wname, *wdata, wdata2[1000]; data/fotoxx-20.08/fotoxx.cc:4000:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"w"); data/fotoxx-20.08/fotoxx.cc:4043:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200]; data/fotoxx-20.08/fotoxx.cc:4048:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"r"); data/fotoxx-20.08/fotoxx.cc:4064:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200], dirname[200]; data/fotoxx-20.08/fotoxx.cc:4069:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"w"); data/fotoxx-20.08/fotoxx.cc:4077:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"w"); // open again data/fotoxx-20.08/fotoxx.cc:4107:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char menuitem[40], flag; data/fotoxx-20.08/fotoxx.cc:4225:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[24]; data/fotoxx-20.08/fotoxx.cc:4239:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(URS_filename,"w"); data/fotoxx-20.08/fotoxx.cc:4267:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(URS_funcs[0],"original"); // function name for original image data/fotoxx-20.08/fotoxx.cc:4290:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[24]; data/fotoxx-20.08/fotoxx.cc:4300:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(URS_filename,"r"); data/fotoxx-20.08/fotoxx.cc:4599:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/fotoxx-20.08/fotoxx.cc:4600:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[12]; data/fotoxx-20.08/fotoxx.cc:4671:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1050], text[1000]; // limit for character data cc data/fotoxx-20.08/fotoxx.cc:4680:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(buff,"w"); data/fotoxx-20.08/fotoxx.cc:4727:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1000], text[1000], *pp; data/fotoxx-20.08/fotoxx.cc:4728:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20], type[12], count[8], data[1000]; data/fotoxx-20.08/fotoxx.cc:4735:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(buff,"r"); data/fotoxx-20.08/fotoxx.cc:4814:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. charloc = (char **) paramTab[ii].location; data/fotoxx-20.08/fotoxx.h:134:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char zappname[40]; // app name/version data/fotoxx-20.08/fotoxx.h:135:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char zlocale[8]; // current language lc_RC data/fotoxx-20.08/fotoxx.h:136:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char zimagedir[200]; // where application image files live data/fotoxx-20.08/fotoxx.h:153:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[16]; // file date: yyyymmddhhmmss data/fotoxx-20.08/fotoxx.h:154:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[16]; // photo date: yyyymmddhhmmss data/fotoxx-20.08/fotoxx.h:194:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *GSfiles[GSmax]; // gallery_select(), selected files data/fotoxx-20.08/fotoxx.h:255:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char command[CCC]; // (command, parameters, 2 filespecs) data/fotoxx-20.08/fotoxx.h:297:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char desktopname[100]; // locale specific desktop folder data/fotoxx-20.08/fotoxx.h:320:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *xmeta_keys[Mxmeta]; // indexed metadata names (compressed) data/fotoxx-20.08/fotoxx.h:349:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *topfolders[maxtopfolders]; // user top-level image folders data/fotoxx-20.08/fotoxx.h:351:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *misstops[maxtopfolders]; // missing top folders (not mounted) 20.0 data/fotoxx-20.08/fotoxx.h:356:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char curr_file_type[8]; // jpg / tif / png / other data/fotoxx-20.08/fotoxx.h:373:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char scriptfile[200]; // current script file name data/fotoxx-20.08/fotoxx.h:377:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char f_load_type[8]; // data set by PXB/PXM_load() 19.0 data/fotoxx-20.08/fotoxx.h:381:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char f_save_type[8]; data/fotoxx-20.08/fotoxx.h:386:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char paneltext[200]; // top panel application text data/fotoxx-20.08/fotoxx.h:390:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char index_folder[200]; // image index folder data/fotoxx-20.08/fotoxx.h:391:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char index_file[200]; // image index file 19.0 data/fotoxx-20.08/fotoxx.h:392:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char temp_folder[200]; // temp. files folder data/fotoxx-20.08/fotoxx.h:393:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char tags_defined_file[200]; // tags defined file data/fotoxx-20.08/fotoxx.h:394:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char recentfiles_file[200]; // file of recent image files data/fotoxx-20.08/fotoxx.h:395:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char albums_folder[200]; // folder for saved image albums data/fotoxx-20.08/fotoxx.h:396:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char gallerymem_file[200]; // file for recent galleries memory data/fotoxx-20.08/fotoxx.h:397:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char saved_areas_folder[200]; // folder for saved select area files data/fotoxx-20.08/fotoxx.h:398:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char saved_curves_folder[200]; // folder for saved curve data data/fotoxx-20.08/fotoxx.h:399:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char retouch_folder[200]; // folder for saved retouch settings data/fotoxx-20.08/fotoxx.h:400:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char custom_kernel_folder[200]; // folder for saved custom kernel data data/fotoxx-20.08/fotoxx.h:401:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char drawtext_folder[200]; // folder for m_draw_text files data/fotoxx-20.08/fotoxx.h:402:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char favorites_folder[200]; // folder for favorites menu data/fotoxx-20.08/fotoxx.h:403:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char mashup_folder[200]; // folder for mashup projects data/fotoxx-20.08/fotoxx.h:404:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char KBshortcuts[200]; // keyboard shortcuts file data/fotoxx-20.08/fotoxx.h:405:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char slideshow_folder[200]; // folder for slide show files data/fotoxx-20.08/fotoxx.h:406:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char slideshow_trans_folder[200]; // folder for slide show transition files data/fotoxx-20.08/fotoxx.h:407:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char pattern_folder[200]; // folder for pattern files data/fotoxx-20.08/fotoxx.h:408:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char printer_color_folder[200]; // folder for printer calibration data/fotoxx-20.08/fotoxx.h:409:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char scripts_folder[200]; // folder for script files data/fotoxx-20.08/fotoxx.h:410:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char search_images_folder[200]; // folder for search function settings 20.0 data/fotoxx-20.08/fotoxx.h:411:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char searchresults_file[200]; // file for search results data/fotoxx-20.08/fotoxx.h:412:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char maps_folder[200]; // folder for fotoxx-maps files data/fotoxx-20.08/fotoxx.h:413:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char user_maps_folder[200]; // folder for user-added map files data/fotoxx-20.08/fotoxx.h:414:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char montage_maps_folder[200]; // folder for montage map files data/fotoxx-20.08/fotoxx.h:415:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char palettes_folder[200]; // folder for color palett files 19.0 data/fotoxx-20.08/fotoxx.h:416:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char pixel_maps_folder[200]; // folder for pixel map files 20.0 data/fotoxx-20.08/fotoxx.h:421:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmi[8]; // self-identifier data/fotoxx-20.08/fotoxx.h:427:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmi[8]; // self-identifier data/fotoxx-20.08/fotoxx.h:601:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fdate[16]; // file date, yyyymmddhhmmss data/fotoxx-20.08/fotoxx.h:602:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdate[16]; // EXIF photo date, yyyymmddhhmmss data/fotoxx-20.08/fotoxx.h:603:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rating[4]; // IPTC rating, "0" to "5" stars data/fotoxx-20.08/fotoxx.h:646:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char URS_filename[100]; // stack image filename template data/fotoxx-20.08/fotoxx.h:649:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char URS_funcs[100][32]; // corresp. edit func. names data/fotoxx-20.08/fotoxx.h:654:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; // text to generate image from data/fotoxx-20.08/fotoxx.h:655:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[80]; // font name data/fotoxx-20.08/fotoxx.h:660:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[4][20]; // text, backing, outline, shadow "R|G|B" data/fotoxx-20.08/fotoxx.h:674:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[4][20]; // line, background, outline, shadow "R|G|B" data/fotoxx-20.08/fotoxx.h:712:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *trimsizes[10]; // previous trim sizes "NNNNxNNNN" 20.0 data/fotoxx-20.08/fotoxx.h:713:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *trimbuttons[5]; // trim dialog button labels data/fotoxx-20.08/fotoxx.h:714:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EX char *trimratios[5]; // corresponding aspect ratios data/fotoxx-20.08/zfuncs.cc:258:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zappname[40] = "undefined"; // appname without version data/fotoxx-20.08/zfuncs.cc:259:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zappvers[40] = "undefined"; // appname-N.N 7.4 data/fotoxx-20.08/zfuncs.cc:260:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zprefix[200], zdatadir[200], zdocdir[200]; // app folders 6.8 data/fotoxx-20.08/zfuncs.cc:261:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zlocalesdir[200], zimagedir[200], zhomedir[200]; data/fotoxx-20.08/zfuncs.cc:262:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zlocale[8] = "en"; // "lc" or "lc_RC" data/fotoxx-20.08/zfuncs.cc:347:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/zfuncs.cc:436:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char OS1[60] = "", OS2[60] = "", OS3[60] = ""; data/fotoxx-20.08/zfuncs.cc:437:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[300], progexe[300]; data/fotoxx-20.08/zfuncs.cc:438:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff1[300], buff2[300], hexaddr[20]; data/fotoxx-20.08/zfuncs.cc:462:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen("zbacktrace","w"); // open backtrace data output file data/fotoxx-20.08/zfuncs.cc:469:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen("zbacktrace","r"); // open backtrace data file data/fotoxx-20.08/zfuncs.cc:472:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid2 = fopen("zappcrash","w"); // open zappcrash output file data/fotoxx-20.08/zfuncs.cc:583:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filebuff[50][100]; // last 50 TRACE calls data/fotoxx-20.08/zfuncs.cc:584:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char funcbuff[50][60]; data/fotoxx-20.08/zfuncs.cc:639:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("tracedump","w"); data/fotoxx-20.08/zfuncs.cc:667:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args, command[500]; data/fotoxx-20.08/zfuncs.cc:694:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtcommand[500]; data/fotoxx-20.08/zfuncs.cc:854:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/zfuncs.cc:859:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("/proc/self/stat","r"); data/fotoxx-20.08/zfuncs.cc:962:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1000]; data/fotoxx-20.08/zfuncs.cc:963:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *pnames[20]; data/fotoxx-20.08/zfuncs.cc:987:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(pfile,"r"); // open /proc/xxx file data/fotoxx-20.08/zfuncs.cc:1063:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buff1[200], buff2[200], *ptemp; data/fotoxx-20.08/zfuncs.cc:1082:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp = atoi(ptemp); data/fotoxx-20.08/zfuncs.cc:1098:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200], command[100]; data/fotoxx-20.08/zfuncs.cc:1111:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id = atoi(pp); data/fotoxx-20.08/zfuncs.cc:1114:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temp = atoi(pp2); data/fotoxx-20.08/zfuncs.cc:1189:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(lockfile,O_RDWR|O_CREAT,0666); // open or create the lock file data/fotoxx-20.08/zfuncs.cc:1505:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *command[10]; data/fotoxx-20.08/zfuncs.cc:1589:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[10000], *prec; data/fotoxx-20.08/zfuncs.cc:1649:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[100], *pp; data/fotoxx-20.08/zfuncs.cc:1659:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pid = atoi(buff); data/fotoxx-20.08/zfuncs.cc:1739:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char folder[1000], file[200], ext[8]; data/fotoxx-20.08/zfuncs.cc:1857:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp1, *pp2, buff[BIOCC]; data/fotoxx-20.08/zfuncs.cc:1917:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = open(sfile,O_RDONLY); // open input file data/fotoxx-20.08/zfuncs.cc:1990:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ufiles2,ufiles, maxfiles * sizeof(char *)); // copy data to new space data/fotoxx-20.08/zfuncs.cc:2028:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char output[XFCC]; data/fotoxx-20.08/zfuncs.cc:2174:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[200]; data/fotoxx-20.08/zfuncs.cc:2185:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen("/proc/self/stat","r"); data/fotoxx-20.08/zfuncs.cc:2251:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *retf[100]; // 100 substring limit data/fotoxx-20.08/zfuncs.cc:2252:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pf1, pf2[2000]; // 2000 char. limit data/fotoxx-20.08/zfuncs.cc:2310:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delims[2] = "x"; data/fotoxx-20.08/zfuncs.cc:2666:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strout,strin,ccc); // memcpy instead of strncpy 7.1 data/fotoxx-20.08/zfuncs.cc:2669:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(strout,ssout,cc2); data/fotoxx-20.08/zfuncs.cc:2691:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftemp[XFCC]; data/fotoxx-20.08/zfuncs.cc:2820:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char work[20]; data/fotoxx-20.08/zfuncs.cc:3051:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffin[1000], buffout[1000], buffxx[1000]; data/fotoxx-20.08/zfuncs.cc:3055:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid1 = fopen(infile,"r"); data/fotoxx-20.08/zfuncs.cc:3059:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(outfile,"-temp"); data/fotoxx-20.08/zfuncs.cc:3060:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid2 = fopen(outfile,"w"); data/fotoxx-20.08/zfuncs.cc:3311:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *output[100]; data/fotoxx-20.08/zfuncs.cc:3507:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char matchfile[XFCC]; data/fotoxx-20.08/zfuncs.cc:3508:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchpath[XFCC]; data/fotoxx-20.08/zfuncs.cc:3509:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[XFCC]; data/fotoxx-20.08/zfuncs.cc:3577:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char matchfile[XFCC]; data/fotoxx-20.08/zfuncs.cc:3578:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char searchpath[XFCC]; data/fotoxx-20.08/zfuncs.cc:3579:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[XFCC]; data/fotoxx-20.08/zfuncs.cc:4663:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[200]; data/fotoxx-20.08/zfuncs.cc:4734:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char appname1[60], appname2[40]; data/fotoxx-20.08/zfuncs.cc:4745:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[300]; data/fotoxx-20.08/zfuncs.cc:4746:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desktopfile1[100], desktopfile2[100]; data/fotoxx-20.08/zfuncs.cc:4747:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconfile1[100], iconfile2[100]; data/fotoxx-20.08/zfuncs.cc:4748:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exectext1[100], exectext2[100]; data/fotoxx-20.08/zfuncs.cc:4749:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char icontext1[100], icontext2[100]; data/fotoxx-20.08/zfuncs.cc:4789:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(desktopfile2,"r"); // open existing desktop file data/fotoxx-20.08/zfuncs.cc:4849:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desktopfileloc[200]; data/fotoxx-20.08/zfuncs.cc:4850:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconfileloc[200]; data/fotoxx-20.08/zfuncs.cc:4913:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logfile[200], oldlog[200]; data/fotoxx-20.08/zfuncs.cc:4914:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[300], Phomedir[200]; data/fotoxx-20.08/zfuncs.cc:4949:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(Phomedir,"r"); data/fotoxx-20.08/zfuncs.cc:4988:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(zprefix,"/usr/bin/"); data/fotoxx-20.08/zfuncs.cc:4993:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else (strcpy(zprefix,"/usr")); // if /xxxxx/bin --> /xxxxx 6.4 data/fotoxx-20.08/zfuncs.cc:5074:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[40], bfont[48], mfont[48], mbfont[56]; data/fotoxx-20.08/zfuncs.cc:5075:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char junk[40]; data/fotoxx-20.08/zfuncs.cc:5143:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, fname[20], fext[8]; data/fotoxx-20.08/zfuncs.cc:5144:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lc_RC[8]; // -lc or -lc_RC data/fotoxx-20.08/zfuncs.cc:5184:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pp,"-en"); // /folders.../fname-en.fext data/fotoxx-20.08/zfuncs.cc:5195:7: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filespec,"/extras"); // due to Linux chaos data/fotoxx-20.08/zfuncs.cc:5211:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200]; data/fotoxx-20.08/zfuncs.cc:5227:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filex[40], filespec[200], command[200]; data/fotoxx-20.08/zfuncs.cc:5231:4: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filex,".gz"); data/fotoxx-20.08/zfuncs.cc:5260:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prog[40]; data/fotoxx-20.08/zfuncs.cc:5267:18: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(prog,"firefox"); data/fotoxx-20.08/zfuncs.cc:5270:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(prog,"chromium-browser --new-window"); data/fotoxx-20.08/zfuncs.cc:5273:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (! err) strcpy(prog,"xdg-open"); data/fotoxx-20.08/zfuncs.cc:5329:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topicnames[1000]; data/fotoxx-20.08/zfuncs.cc:5345:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[200], buff1[200], buff2[200]; data/fotoxx-20.08/zfuncs.cc:5346:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[50], image[100]; data/fotoxx-20.08/zfuncs.cc:5371:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"r"); data/fotoxx-20.08/zfuncs.cc:5570:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[50], weblink[200]; data/fotoxx-20.08/zfuncs.cc:5664:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *textlines[10000]; data/fotoxx-20.08/zfuncs.cc:5665:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *topicnames[1000]; data/fotoxx-20.08/zfuncs.cc:5666:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filespec[200], buff[200], image[100]; data/fotoxx-20.08/zfuncs.cc:5667:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topic[50]; data/fotoxx-20.08/zfuncs.cc:5680:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filespec,"r"); data/fotoxx-20.08/zfuncs.cc:5792:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apprunsfile[200], uuid[12]; data/fotoxx-20.08/zfuncs.cc:5807:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(apprunsfile,"r"); // open appruns file data/fotoxx-20.08/zfuncs.cc:5825:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(apprunsfile,"w"); // update appruns file data/fotoxx-20.08/zfuncs.cc:5846:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apprunsfile[200], uuid[12]; data/fotoxx-20.08/zfuncs.cc:5848:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff1[140], buff2[100]; data/fotoxx-20.08/zfuncs.cc:5854:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(apprunsfile,"r"); // open appruns file data/fotoxx-20.08/zfuncs.cc:5878:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char apprunsfile[200], uuid[12]; data/fotoxx-20.08/zfuncs.cc:5896:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(apprunsfile,"r"); // open appruns file data/fotoxx-20.08/zfuncs.cc:5913:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(apprunsfile,"w"); // update appruns file data/fotoxx-20.08/zfuncs.cc:5994:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[E2Xmaxcc], *ppq1, *ppq2; data/fotoxx-20.08/zfuncs.cc:5996:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Etext[E2Xmaxcc], Ttext[E2Xmaxcc]; // .po text: "line 1 %s \n" "line 2" data/fotoxx-20.08/zfuncs.cc:6013:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char installpo[200], localpo[200]; data/fotoxx-20.08/zfuncs.cc:6043:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy(zlocale,"en"); // use English data/fotoxx-20.08/zfuncs.cc:6046:24: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. if (*zlocale < 'a') strcpy(zlocale,"en"); // use English if garbage data/fotoxx-20.08/zfuncs.cc:6079:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fidr = fopen(usepo,"r"); // open .po file data/fotoxx-20.08/zfuncs.cc:6215:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cleanstring[E2Xmaxcc]; data/fotoxx-20.08/zfuncs.cc:6435:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textline[2000]; data/fotoxx-20.08/zfuncs.cc:6465:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textline[2000]; data/fotoxx-20.08/zfuncs.cc:6503:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textline[2000]; data/fotoxx-20.08/zfuncs.cc:6543:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char textline[2000]; data/fotoxx-20.08/zfuncs.cc:6747:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(filename,"w"); // open file data/fotoxx-20.08/zfuncs.cc:7218:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconpath[300], *pp; data/fotoxx-20.08/zfuncs.cc:7350:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconfile[200]; // icon file full path < 200 6.8 data/fotoxx-20.08/zfuncs.cc:7404:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, buff[maxText]; data/fotoxx-20.08/zfuncs.cc:7431:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(menufile,"r"); // read window geometry data/fotoxx-20.08/zfuncs.cc:7505:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size = atoi(pp+5); data/fotoxx-20.08/zfuncs.cc:7688:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(menufile,"w"); // open for write data/fotoxx-20.08/zfuncs.cc:7721:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pp,"%03d.png",ii); // find first available NNN.png file data/fotoxx-20.08/zfuncs.cc:7999:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[maxText], *pp; data/fotoxx-20.08/zfuncs.cc:8042:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(text," [unique-name].txt"); // remind unique menu file name data/fotoxx-20.08/zfuncs.cc:8101:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[200], filetype[60], dtfile[200]; data/fotoxx-20.08/zfuncs.cc:8102:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, name[100], exec[200], icon[200]; data/fotoxx-20.08/zfuncs.cc:8103:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wildiconfile[200]; data/fotoxx-20.08/zfuncs.cc:8180:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(dtfile,"r"); // read .desktop file data/fotoxx-20.08/zfuncs.cc:8521:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iconpath[200], *mdesc, *name__; data/fotoxx-20.08/zfuncs.cc:9073:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vdata[30], iconpath[200]; data/fotoxx-20.08/zfuncs.cc:9246:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pp = strField(data,'|',1); gdkrgba.red = f256 * atoi(pp); // RGB values are 0-1 data/fotoxx-20.08/zfuncs.cc:9247:57: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pp = strField(data,'|',2); gdkrgba.green = f256 * atoi(pp); data/fotoxx-20.08/zfuncs.cc:9248:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pp = strField(data,'|',3); gdkrgba.blue = f256 * atoi(pp); data/fotoxx-20.08/zfuncs.cc:9405:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pname[8]; data/fotoxx-20.08/zfuncs.cc:9564:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wdata, sdata[12]; data/fotoxx-20.08/zfuncs.cc:9655:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) gdkrgba.red = f256 * atoi(pp); // RGB range is 0-1 data/fotoxx-20.08/zfuncs.cc:9657:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) gdkrgba.green = f256 * atoi(pp); data/fotoxx-20.08/zfuncs.cc:9659:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (pp) gdkrgba.blue = f256 * atoi(pp); data/fotoxx-20.08/zfuncs.cc:9872:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sdata[20]; data/fotoxx-20.08/zfuncs.cc:10137:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wdata, sdata[20]; data/fotoxx-20.08/zfuncs.cc:10247:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; data/fotoxx-20.08/zfuncs.cc:10287:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[1000]; data/fotoxx-20.08/zfuncs.cc:10368:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(zd->event,"zstat"); // event = "zstat" data/fotoxx-20.08/zfuncs.cc:10559:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[16]; data/fotoxx-20.08/zfuncs.cc:10568:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[32]; data/fotoxx-20.08/zfuncs.cc:10577:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[32]; data/fotoxx-20.08/zfuncs.cc:10588:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt2[1000]; data/fotoxx-20.08/zfuncs.cc:10623:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). idata = atoi(zdata); data/fotoxx-20.08/zfuncs.cc:10824:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[200], *pp; data/fotoxx-20.08/zfuncs.cc:10839:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"w"); data/fotoxx-20.08/zfuncs.cc:10857:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file[200], data[100], *pp; data/fotoxx-20.08/zfuncs.cc:10871:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(file,"r"); data/fotoxx-20.08/zfuncs.cc:10892:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wintitle[64]; // window title (ID) data/fotoxx-20.08/zfuncs.cc:10910:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char posfile[200], buff[100], wintitle[64], *pp; data/fotoxx-20.08/zfuncs.cc:10920:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(posfile,"r"); data/fotoxx-20.08/zfuncs.cc:10954:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(posfile,"w"); data/fotoxx-20.08/zfuncs.cc:10993:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wintitle[64], *pp; data/fotoxx-20.08/zfuncs.cc:11077:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wintitle[64], *pp; data/fotoxx-20.08/zfuncs.cc:11160:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zdinputsfile[200], buff[ccmax2]; data/fotoxx-20.08/zfuncs.cc:11161:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zdtitle[ccmax1], wname[Nwmax][ccmax1], wdata[Nwmax][ccmax2]; data/fotoxx-20.08/zfuncs.cc:11162:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *pp, *pp1, *pp2, wdata2[ccmax2+50]; data/fotoxx-20.08/zfuncs.cc:11172:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(zdinputsfile,"r"); // no file data/fotoxx-20.08/zfuncs.cc:11185:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Nw = atoi(pp); data/fotoxx-20.08/zfuncs.cc:11240:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fid = fopen(zdinputsfile,"w"); data/fotoxx-20.08/zfuncs.cc:11276:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zdtitle[ccmax1], wname[ccmax1], wdata[ccmax2], *type; data/fotoxx-20.08/zfuncs.cc:11468:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char findtext[40] = ""; data/fotoxx-20.08/zfuncs.cc:11531:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/fotoxx-20.08/zfuncs.cc:11551:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/fotoxx-20.08/zfuncs.cc:11609:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/fotoxx-20.08/zfuncs.cc:11627:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/fotoxx-20.08/zfuncs.cc:11805:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1000], *pp; data/fotoxx-20.08/zfuncs.cc:11833:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000]; data/fotoxx-20.08/zfuncs.cc:11868:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[500]; data/fotoxx-20.08/zfuncs.cc:11912:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[1000], xmessage[1000]; data/fotoxx-20.08/zfuncs.cc:11958:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[400], messagebold[460]; data/fotoxx-20.08/zfuncs.cc:12236:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *filex[10], reqfull[10], isfull[10]; data/fotoxx-20.08/zfuncs.cc:12846:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char printsettingsfile[200], pagesetupfile[200]; data/fotoxx-20.08/zfuncs.cc:13334:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imagepath[200]; data/fotoxx-20.08/zfuncs.cc:13525:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pix2,pix1,nch-1); data/fotoxx-20.08/zfuncs.cc:13542:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font2[60]; data/fotoxx-20.08/zfuncs.cc:14292:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(wmi,"queue"); data/fotoxx-20.08/zfuncs.h:512:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zstat_button[40]; // completion button label data/fotoxx-20.08/zfuncs.h:522:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char event[40]; // active event or widget data/fotoxx-20.08/zfuncs.h:749:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wmi[8]; data/fotoxx-20.08/f.albums.cc:418:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dfile = zstrdup(cfile,strlen(dpp)); // construct pathname data/fotoxx-20.08/f.combine.cc:3147:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) >= 4) strcpy(pp,".jpg"); data/fotoxx-20.08/f.edit.cc:4156:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(keyvals[0]) > 999) keyvals[0][999] = 0; data/fotoxx-20.08/f.edit.cc:4176:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = font + strlen(font); data/fotoxx-20.08/f.edit.cc:4396:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) goto badfile; data/fotoxx-20.08/f.edit.cc:4550:23: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (! *attr->text) strcpy(attr->text," "); // no text 20.0 data/fotoxx-20.08/f.edit.cc:8860:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(menuname) + strlen(command) + 4; data/fotoxx-20.08/f.edit.cc:8860:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(menuname) + strlen(command) + 4; data/fotoxx-20.08/f.file.cc:96:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp); data/fotoxx-20.08/f.file.cc:99:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pp+1,curr_file,cc); data/fotoxx-20.08/f.file.cc:653:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) == 4 && pp[1] == 'v' // look for file version .vNN data/fotoxx-20.08/f.file.cc:661:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) == 4 && pp[1] == 'v' data/fotoxx-20.08/f.file.cc:675:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) < 8) { data/fotoxx-20.08/f.file.cc:682:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = rename_new + strlen(rename_new); data/fotoxx-20.08/f.file.cc:699:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(rename_new,suffix,199); // append .ext or .vNN.ext data/fotoxx-20.08/f.file.cc:715:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ccp = strlen(pdir); // length of /folders/ data/fotoxx-20.08/f.file.cc:716:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ccn = strlen(rename_new); // length of file data/fotoxx-20.08/f.file.cc:717:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pext) ccx = strlen(pext); // length of .ext data/fotoxx-20.08/f.file.cc:721:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newfile,rename_file,ccp); // /folders.../newfilename.ext data/fotoxx-20.08/f.file.cc:1401:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(fname); data/fotoxx-20.08/f.file.cc:1403:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(filespec,"/"); data/fotoxx-20.08/f.file.cc:1450:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 4) return 1; data/fotoxx-20.08/f.file.cc:1723:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(copymove_loc) + strlen(newname) + 2; // new file = /new/location/newname.ext data/fotoxx-20.08/f.file.cc:1723:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(copymove_loc) + strlen(newname) + 2; // new file = /new/location/newname.ext data/fotoxx-20.08/f.file.cc:1726:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(newfile,"/"); data/fotoxx-20.08/f.file.cc:1733:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp2) pp2 = newfile + strlen(newfile); data/fotoxx-20.08/f.file.cc:2585:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp2) pp2 = pp1 + strlen(pp1); data/fotoxx-20.08/f.file.cc:2612:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(rootname); data/fotoxx-20.08/f.file.cc:2647:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(rootname); data/fotoxx-20.08/f.file.cc:2701:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(retname); data/fotoxx-20.08/f.file.cc:2868:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pext) pext = outfile2 + strlen(outfile2); data/fotoxx-20.08/f.file.cc:2939:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(edithist); // edits made before this file was opened data/fotoxx-20.08/f.file.cc:2945:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(edithist+cc1," "); // update edit history data/fotoxx-20.08/f.file.cc:2954:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(URS_funcs[ii]); data/fotoxx-20.08/f.file.cc:2956:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(edithist+cc1+cc2,"|"); data/fotoxx-20.08/f.file.cc:2961:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(CEF->funcname); // add curr. edit to history list data/fotoxx-20.08/f.file.cc:2963:10: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(edithist+cc1+cc2,"|"); data/fotoxx-20.08/f.file.cc:3217:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pext = outfile + strlen(outfile); // wrong or missing, add new .ext data/fotoxx-20.08/f.file.cc:3308:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 5) pp = filename + strlen(filename); data/fotoxx-20.08/f.file.cc:3308:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 5) pp = filename + strlen(filename); data/fotoxx-20.08/f.file.cc:3353:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(file) > 200) { data/fotoxx-20.08/f.file.cc:3385:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prec) > 998) { data/fotoxx-20.08/f.file.cc:3604:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pext) pext = ptiff + strlen(ptiff); data/fotoxx-20.08/f.file.cc:3790:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp); // return folders/file data/fotoxx-20.08/f.gallery.cc:288:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(galleryname) - 1; // remove trailing '/' data/fotoxx-20.08/f.gallery.cc:753:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(ffolder,"/"); data/fotoxx-20.08/f.gallery.cc:814:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text); data/fotoxx-20.08/f.gallery.cc:818:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = cc + strlen(fname) + 1; data/fotoxx-20.08/f.gallery.cc:822:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc += strlen(pdt); data/fotoxx-20.08/f.gallery.cc:1064:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ww = fontsize * strlen(fspec2); data/fotoxx-20.08/f.gallery.cc:1232:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ww = fontsize * strlen(fspec2); data/fotoxx-20.08/f.gallery.cc:1459:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else cc = strlen(pp1); // pp1 pp2 data/fotoxx-20.08/f.gallery.cc:1675:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = pp + strlen(pp); data/fotoxx-20.08/f.gallery.cc:2171:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp1); data/fotoxx-20.08/f.gallery.cc:2614:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nn = strlen(olddir) - 1; data/fotoxx-20.08/f.gallery.cc:2902:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tdcc = strlen(thumbfolder); data/fotoxx-20.08/f.gallery.cc:2939:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcc = strlen(ppx); // file .ext > 6 chars. data/fotoxx-20.08/f.gallery.cc:2946:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(ppx2+xcc," "); data/fotoxx-20.08/f.gallery.cc:2955:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tcc = strlen(myRAWtypes) + xcc + 2; data/fotoxx-20.08/f.gallery.cc:2967:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tcc = strlen(myVIDEOtypes) + xcc + 2; data/fotoxx-20.08/f.gallery.cc:3003:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(thumbfolder); data/fotoxx-20.08/f.gallery.cc:3004:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cc > strlen(thumbfile) - 12) { // /thumbfolder/imagefolder/file.xxx.jpeg data/fotoxx-20.08/f.gallery.cc:3010:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(imagefile); data/fotoxx-20.08/f.gallery.cc:3039:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(thumbfolder); data/fotoxx-20.08/f.gallery.cc:3040:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(RP); data/fotoxx-20.08/f.gallery.cc:4402:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 40) continue; data/fotoxx-20.08/f.gallery.cc:4463:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(imagefile) + 34; // construct bookmark record: data/fotoxx-20.08/f.gallery.cc:4519:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(bookmarkname); data/fotoxx-20.08/f.gallery.cc:4565:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(bookmarkline,blanks,32-cc); data/fotoxx-20.08/f.gallery.cc:4671:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pcc = strlen(pdir); data/fotoxx-20.08/f.mashup.cc:485:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(file2); data/fotoxx-20.08/f.mashup.cc:497:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) < 4) { data/fotoxx-20.08/f.mashup.cc:502:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 5) pp = file + strlen(file); data/fotoxx-20.08/f.mashup.cc:502:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 5) pp = file + strlen(file); data/fotoxx-20.08/f.mashup.cc:898:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cc = read(nfid,image[ii].vtranmap,vcc); data/fotoxx-20.08/f.mashup.cc:923:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cc = read(nfid,image[ii].warpx,wcc); data/fotoxx-20.08/f.mashup.cc:926:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cc = read(nfid,image[ii].warpy,wcc); data/fotoxx-20.08/f.mashup.cc:2572:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = font + strlen(font); data/fotoxx-20.08/f.mashup.cc:4409:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(uniquename) > 3) break; data/fotoxx-20.08/f.meta.cc:523:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (keyval[2] && strlen(keyval[2]) > 19) keyval[2][19] = 0; // truncate dates to yyyy-mm-dd hh:mm:ss data/fotoxx-20.08/f.meta.cc:524:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (keyval[3] && strlen(keyval[3]) > 19) keyval[3][19] = 0; data/fotoxx-20.08/f.meta.cc:527:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) > 4 && pp[4] == ':') pp[4] = '-'; // change yyyy:mm:dd to yyyy-mm-dd data/fotoxx-20.08/f.meta.cc:528:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) > 7 && pp[7] == ':') pp[7] = '-'; data/fotoxx-20.08/f.meta.cc:530:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) > 4 && pp[4] == ':') pp[4] = '-'; data/fotoxx-20.08/f.meta.cc:531:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp && strlen(pp) > 7 && pp[7] == ':') pp[7] = '-'; data/fotoxx-20.08/f.meta.cc:1203:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(newtag); data/fotoxx-20.08/f.meta.cc:1232:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(matchtags[nt],pp1,cc2); // save deftags that match data/fotoxx-20.08/f.meta.cc:1246:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp1 += strlen(pp1); data/fotoxx-20.08/f.meta.cc:1258:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(newtag); data/fotoxx-20.08/f.meta.cc:1280:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newtag,pp1,cc1); // use deftag upper/lower case data/fotoxx-20.08/f.meta.cc:1371:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(meta_rating,"0"); data/fotoxx-20.08/f.meta.cc:1993:18: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (*text) strcat(text,"\n"); data/fotoxx-20.08/f.meta.cc:1998:18: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (*text) strcat(text,"\n"); data/fotoxx-20.08/f.meta.cc:2385:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(newtag); data/fotoxx-20.08/f.meta.cc:2414:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(matchtags[nt],pp1,cc2); // save deftags that match data/fotoxx-20.08/f.meta.cc:2428:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp1 += strlen(pp1); data/fotoxx-20.08/f.meta.cc:2440:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(newtag); data/fotoxx-20.08/f.meta.cc:2462:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newtag,pp1,cc1); // use deftag upper/lower case data/fotoxx-20.08/f.meta.cc:2947:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(newdatetime); data/fotoxx-20.08/f.meta.cc:4026:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = 30 + strlen(country) - utf8len(country); data/fotoxx-20.08/f.meta.cc:4038:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = 30 + strlen(country) - utf8len(country); data/fotoxx-20.08/f.meta.cc:4040:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = 30 + strlen(location) - utf8len(location); data/fotoxx-20.08/f.meta.cc:4053:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = 26 + strlen(country) - utf8len(country); data/fotoxx-20.08/f.meta.cc:4055:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = 26 + strlen(location) - utf8len(location); data/fotoxx-20.08/f.meta.cc:4080:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = 26 + strlen(country) - utf8len(country); data/fotoxx-20.08/f.meta.cc:4082:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = 26 + strlen(location) - utf8len(location); data/fotoxx-20.08/f.meta.cc:4453:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (pp) textwidget_highlight_word(widget,line,pos,strlen(pp)); data/fotoxx-20.08/f.meta.cc:4473:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(pdate,txline,4); // "yyyy" data/fotoxx-20.08/f.meta.cc:4826:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(searchtags," "); // trailing blank after "tagname," 20.0 data/fotoxx-20.08/f.meta.cc:4950:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(searchtags," "); // trailing blank after "tagname," 20.0 data/fotoxx-20.08/f.meta.cc:5014:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(entertag); data/fotoxx-20.08/f.meta.cc:5043:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(matchtags[nt],pp1,cc2); // save deftags that match data/fotoxx-20.08/f.meta.cc:5057:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp1 += strlen(pp1); data/fotoxx-20.08/f.meta.cc:5134:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(searchDateFrom); data/fotoxx-20.08/f.meta.cc:5138:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(searchDateTo); data/fotoxx-20.08/f.meta.cc:5143:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(mm,searchDateTo+5,2); // get mm = "01" .. "12" data/fotoxx-20.08/f.meta.cc:6140:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc += strlen(text2); data/fotoxx-20.08/f.meta.cc:6178:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pdate); data/fotoxx-20.08/f.meta.cc:6188:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pdate2) != 10) goto badformat; data/fotoxx-20.08/f.meta.cc:6225:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(ptime); data/fotoxx-20.08/f.meta.cc:6232:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ptime2) != 8) goto badformat; data/fotoxx-20.08/f.meta.cc:6269:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(ptime); data/fotoxx-20.08/f.meta.cc:6318:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(datetime); data/fotoxx-20.08/f.meta.cc:6366:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(tag); data/fotoxx-20.08/f.meta.cc:6379:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(taglist); // append to tag list if space enough data/fotoxx-20.08/f.meta.cc:6440:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atcc = strlen(pp); // copy non-matching tag data/fotoxx-20.08/f.meta.cc:6516:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp1) > tagGcc-2) goto cattoobig; // all category tags too long data/fotoxx-20.08/f.meta.cc:6519:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp2) < 3) continue; // category with no tags data/fotoxx-20.08/f.meta.cc:6565:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nocatcc = strlen(pp1); data/fotoxx-20.08/f.meta.cc:6595:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp2) pp2 = pp1 + strlen(pp1); data/fotoxx-20.08/f.meta.cc:6646:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else cc = strlen(pp1); data/fotoxx-20.08/f.meta.cc:6659:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tcc += strlen(catg) + 2 + 2 * ntags + 2; // category, all tags, delimiters data/fotoxx-20.08/f.meta.cc:6666:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 += strlen(catg); data/fotoxx-20.08/f.meta.cc:6673:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 += strlen(pp2); data/fotoxx-20.08/f.meta.cc:6749:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(tag2); data/fotoxx-20.08/f.meta.cc:6798:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(catg1); data/fotoxx-20.08/f.meta.cc:6810:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(catg1) + strlen(tag1) + 6; data/fotoxx-20.08/f.meta.cc:6810:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(catg1) + strlen(tag1) + 6; data/fotoxx-20.08/f.meta.cc:6821:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(tag1); data/fotoxx-20.08/f.meta.cc:6822:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(pp1); // add new tag to old record data/fotoxx-20.08/f.meta.cc:6862:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(tag2); data/fotoxx-20.08/f.meta.cc:6988:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp2) < 3) continue; // reject bad data data/fotoxx-20.08/f.meta.cc:6989:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp2) > tagcc) continue; data/fotoxx-20.08/f.meta.cc:7011:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp2) pp2 = pp1 + strlen(pp1); data/fotoxx-20.08/f.meta.cc:7081:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(meta_rating,"0"); data/fotoxx-20.08/f.meta.cc:7116:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp); data/fotoxx-20.08/f.meta.cc:7160:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(meta_location,""); // replace missing data with "" data/fotoxx-20.08/f.meta.cc:7166:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(meta_country,""); data/fotoxx-20.08/f.meta.cc:7172:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(meta_lati,""); data/fotoxx-20.08/f.meta.cc:7178:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(meta_longi,""); data/fotoxx-20.08/f.meta.cc:7303:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(xmeta_keys[ii]) + strlen(xmeta_data[ii]) > 100) continue; // impractical for image search data/fotoxx-20.08/f.meta.cc:7303:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(xmeta_keys[ii]) + strlen(xmeta_data[ii]) > 100) continue; // impractical for image search data/fotoxx-20.08/f.meta.cc:7305:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcc += strlen(xmeta_keys[ii]); // "keyname=keydata^ " data/fotoxx-20.08/f.meta.cc:7308:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcc += strlen(xmeta_data[ii]); data/fotoxx-20.08/f.meta.cc:7577:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(location); data/fotoxx-20.08/f.meta.cc:7581:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(country); data/fotoxx-20.08/f.meta.cc:9142:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) continue; data/fotoxx-20.08/f.meta.cc:9244:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) continue; data/fotoxx-20.08/f.meta.cc:9358:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keys[ii]); // -keyname data/fotoxx-20.08/f.meta.cc:9386:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) > 40) pp[40] = 0; data/fotoxx-20.08/f.meta.cc:9396:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) > 6) kdata[jj] = zstrdup(pp+6); data/fotoxx-20.08/f.meta.cc:9413:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ucc = strlen(keys[jj]); // look for matching input keyname data/fotoxx-20.08/f.meta.cc:9415:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) > ucc+2) kdata[jj] = zstrdup(pp+ucc+2); data/fotoxx-20.08/f.meta.cc:9455:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keys[ii]) + strlen(kdata[ii]) + 3; data/fotoxx-20.08/f.meta.cc:9455:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keys[ii]) + strlen(kdata[ii]) + 3; data/fotoxx-20.08/f.meta.cc:9465:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keys[ii]); data/fotoxx-20.08/f.meta.cc:9534:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keys[ii]) + strlen(kdata[ii]) + 3; data/fotoxx-20.08/f.meta.cc:9534:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keys[ii]) + strlen(kdata[ii]) + 3; data/fotoxx-20.08/f.meta.cc:9825:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(exifdate); data/fotoxx-20.08/f.meta.cc:9827:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 3) strncpy(tagdate+0,exifdate+0,4); data/fotoxx-20.08/f.meta.cc:9828:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 6) strncpy(tagdate+4,exifdate+5,2); data/fotoxx-20.08/f.meta.cc:9829:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 9) strncpy(tagdate+6,exifdate+8,2); data/fotoxx-20.08/f.meta.cc:9830:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 12) strncpy(tagdate+8,exifdate+11,2); data/fotoxx-20.08/f.meta.cc:9831:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 15) strncpy(tagdate+10,exifdate+14,2); data/fotoxx-20.08/f.meta.cc:9832:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 18) strncpy(tagdate+12,exifdate+17,2); data/fotoxx-20.08/f.meta.cc:9842:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(tagdate); data/fotoxx-20.08/f.meta.cc:9845:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 3) strncpy(exifdate+0,tagdate+0,4); data/fotoxx-20.08/f.meta.cc:9846:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 5) strncpy(exifdate+5,tagdate+4,2); data/fotoxx-20.08/f.meta.cc:9847:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 7) strncpy(exifdate+8,tagdate+6,2); data/fotoxx-20.08/f.meta.cc:9848:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 9) strncpy(exifdate+11,tagdate+8,2); data/fotoxx-20.08/f.meta.cc:9849:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 11) strncpy(exifdate+14,tagdate+10,2); data/fotoxx-20.08/f.meta.cc:9850:17: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (cc > 13) strncpy(exifdate+17,tagdate+12,2); data/fotoxx-20.08/f.meta.cc:9995:12: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(xxrec_new->rating,"0"); data/fotoxx-20.08/f.meta.cc:10170:15: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. nn = sscanf(pp+6,"%15s %15s %1s %d %d %d", data/fotoxx-20.08/f.meta.cc:10174:44: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. if (strmatch(pdate,"undated")) strcpy(xxrec->pdate,""); data/fotoxx-20.08/f.meta.cc:10216:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(xxrec->fdate,""); data/fotoxx-20.08/f.meta.cc:10219:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(xxrec->pdate,""); data/fotoxx-20.08/f.meta.cc:10222:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(xxrec->rating,"0"); data/fotoxx-20.08/f.pixmap.cc:3674:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp) pp = tiffile + strlen(tiffile); data/fotoxx-20.08/f.pixmap.cc:3702:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp) pp = tiffile + strlen(tiffile); data/fotoxx-20.08/f.pixmap.cc:3734:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp) pp = tiffile + strlen(tiffile); data/fotoxx-20.08/f.pixmap.cc:3840:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp) pp = thumbfile + strlen(thumbfile); data/fotoxx-20.08/f.pixmap.cc:3972:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp) pp = thumbfile + strlen(thumbfile); data/fotoxx-20.08/f.process.cc:293:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(outloc) - 1; // remove trailing '/' data/fotoxx-20.08/f.process.cc:303:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(outname) - 8 + strlen(inname); data/fotoxx-20.08/f.process.cc:303:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(outname) - 8 + strlen(inname); data/fotoxx-20.08/f.process.cc:358:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(outloc) + strlen(outname) + strlen(outext) + 4; data/fotoxx-20.08/f.process.cc:358:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(outloc) + strlen(outname) + strlen(outext) + 4; data/fotoxx-20.08/f.process.cc:358:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(outloc) + strlen(outname) + strlen(outext) + 4; data/fotoxx-20.08/f.process.cc:756:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(newloc) - 1; data/fotoxx-20.08/f.process.cc:1520:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp); // | data/fotoxx-20.08/f.process.cc:1653:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(location) - 1; data/fotoxx-20.08/f.process.cc:2082:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp) + 8; data/fotoxx-20.08/f.process.cc:2177:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(tolocation) - 1; // remove trailing '/' if present data/fotoxx-20.08/f.process.cc:2287:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 99) { data/fotoxx-20.08/f.tools.cc:240:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(buff); data/fotoxx-20.08/f.tools.cc:248:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(buff); data/fotoxx-20.08/f.tools.cc:294:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) < 4) break; data/fotoxx-20.08/f.tools.cc:546:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(thumbfolder) - 11 ; // check /thumbnails name data/fotoxx-20.08/f.tools.cc:570:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(topfolders[ii]); data/fotoxx-20.08/f.tools.cc:571:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(topfolders[jj]); data/fotoxx-20.08/f.tools.cc:583:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(pp1+cc1,"/"); data/fotoxx-20.08/f.tools.cc:584:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(pp2+cc2,"/"); data/fotoxx-20.08/f.tools.cc:615:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(topfol2[ii],"/"); data/fotoxx-20.08/f.tools.cc:616:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). topcc2[ii] = strlen(topfol2[ii]); data/fotoxx-20.08/f.tools.cc:621:7: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(misstop2[ii],"/"); data/fotoxx-20.08/f.tools.cc:622:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). misscc2[ii] = strlen(misstop2[ii]); data/fotoxx-20.08/f.tools.cc:1025:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = thumbfile + strlen(thumbfolder); // corresponding file within data/fotoxx-20.08/f.tools.cc:1172:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (exifdate && strlen(exifdate) > 3) // exif date (photo date) data/fotoxx-20.08/f.tools.cc:1175:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (iptcrating && strlen(iptcrating)) { // iptc rating '0' - '5' data/fotoxx-20.08/f.tools.cc:1179:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(xxrec_tab[xrec]->rating,"0"); // not present data/fotoxx-20.08/f.tools.cc:1193:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (iptctags && strlen(iptctags)) { // iptc tags data/fotoxx-20.08/f.tools.cc:1198:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (iptccapt && strlen(iptccapt)) { // iptc caption data/fotoxx-20.08/f.tools.cc:1203:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (exifcomms && strlen(exifcomms)) { // exif comments data/fotoxx-20.08/f.tools.cc:1208:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (exifcity && strlen(exifcity)) { data/fotoxx-20.08/f.tools.cc:1213:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (exifcountry && strlen(exifcountry)) { data/fotoxx-20.08/f.tools.cc:1232:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). acc = strlen(exifkeys[ii]) + strlen(ppv[ii]) + 3; data/fotoxx-20.08/f.tools.cc:1232:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). acc = strlen(exifkeys[ii]) + strlen(ppv[ii]) + 3; data/fotoxx-20.08/f.tools.cc:1238:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcc += strlen(exifkeys[ii]); // "keyname=keydata^ " data/fotoxx-20.08/f.tools.cc:1241:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xcc += strlen(ppv[ii]); data/fotoxx-20.08/f.tools.cc:1457:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = oldhome + strlen(oldhome); // remove trailing '/' if present data/fotoxx-20.08/f.tools.cc:1478:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp = newhome + strlen(newhome); // remove trailing '/' if present data/fotoxx-20.08/f.tools.cc:2437:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(keyname); data/fotoxx-20.08/f.tools.cc:5827:26: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (Ndead == maxdead) strcat(text,"+"); data/fotoxx-20.08/f.tools.cc:6220:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(zfuncs::zlocale); // current language data/fotoxx-20.08/f.tools.cc:6399:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp += strlen(HERE); data/fotoxx-20.08/fotoxx.cc:397:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy0(initial_file,pp+1,strlen(pp)-1); data/fotoxx-20.08/fotoxx.cc:399:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(initial_file); // assume relative to CWD data/fotoxx-20.08/fotoxx.cc:554:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(desktopname); data/fotoxx-20.08/fotoxx.cc:2006:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(shortkey); data/fotoxx-20.08/fotoxx.cc:2019:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shortkey) == 1) // 19.0 data/fotoxx-20.08/fotoxx.cc:2040:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(shortkey) == 1) // 19.0 data/fotoxx-20.08/fotoxx.cc:2187:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ffolder,curr_file,96); // or use /folder/path... data/fotoxx-20.08/fotoxx.cc:3965:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(wdata); data/fotoxx-20.08/fotoxx.cc:4018:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(wdata); data/fotoxx-20.08/fotoxx.cc:4743:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 40) continue; // rubbish data/fotoxx-20.08/fotoxx.cc:4781:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) == 0) break; data/fotoxx-20.08/zfuncs.cc:316:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *pp = (char *) zmalloc(strlen(string) + 1 + addcc); // add additional chars. data/fotoxx-20.08/zfuncs.cc:515:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pfunc); data/fotoxx-20.08/zfuncs.cc:613:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&filebuff[ii][0],file,99); data/fotoxx-20.08/zfuncs.cc:614:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(&funcbuff[ii][0],func,39); data/fotoxx-20.08/zfuncs.cc:994:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fcc = strlen(pnames[ii]); data/fotoxx-20.08/zfuncs.cc:1179:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(*lockfile); data/fotoxx-20.08/zfuncs.cc:1426:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(command) + 1000; data/fotoxx-20.08/zfuncs.cc:1462:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(command) + 1000; data/fotoxx-20.08/zfuncs.cc:1684:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(buff); data/fotoxx-20.08/zfuncs.cc:1745:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(ppath); data/fotoxx-20.08/zfuncs.cc:1761:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) > 199) return 1; // filename too long data/fotoxx-20.08/zfuncs.cc:1768:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! pp || strlen(pp) > 7) return 0; // file part, no .ext data/fotoxx-20.08/zfuncs.cc:1869:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp1); // construct output file path: data/fotoxx-20.08/zfuncs.cc:1871:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 = dfile2 + strlen(dfile2); data/fotoxx-20.08/zfuncs.cc:1930:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cc = read(fid1,buff,BIOCC); // read huge blocks data/fotoxx-20.08/zfuncs.cc:2032:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ccv = strlen(argv[ii]); data/fotoxx-20.08/zfuncs.cc:2444:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest,source,cc); data/fotoxx-20.08/zfuncs.cc:2446:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(source) >= cc) return 1; // truncated data/fotoxx-20.08/zfuncs.cc:2457:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest,source,cc); data/fotoxx-20.08/zfuncs.cc:2458:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ii = strlen(source); data/fotoxx-20.08/zfuncs.cc:2475:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ii = strlen(dest); data/fotoxx-20.08/zfuncs.cc:2492:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pp2 = source + strlen(source) - 1; data/fotoxx-20.08/zfuncs.cc:2495:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dest,""); // null or blank input 7.1 data/fotoxx-20.08/zfuncs.cc:2552:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxcc = maxcc - strlen(dest) - 1; data/fotoxx-20.08/zfuncs.cc:2559:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(dest,ps,maxcc); data/fotoxx-20.08/zfuncs.cc:2560:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxcc = maxcc - strlen(ps); data/fotoxx-20.08/zfuncs.cc:2658:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc1 = strlen(ssin); data/fotoxx-20.08/zfuncs.cc:2659:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(ssout); data/fotoxx-20.08/zfuncs.cc:2796:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (! ccin) ccin = strlen(in); data/fotoxx-20.08/zfuncs.cc:2822:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pNum); data/fotoxx-20.08/zfuncs.cc:2875:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cc = strlen(string); data/fotoxx-20.08/zfuncs.cc:2973:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(utf8out,utf8in+ii,kk); data/fotoxx-20.08/zfuncs.cc:3292:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cc) *cc = strlen(string); data/fotoxx-20.08/zfuncs.cc:3521:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(wpath); data/fotoxx-20.08/zfuncs.cc:3550:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(matchfile); // get rid of trailing \n data/fotoxx-20.08/zfuncs.cc:3591:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(wpath); data/fotoxx-20.08/zfuncs.cc:3620:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(matchfile); // get rid of trailing \n data/fotoxx-20.08/zfuncs.cc:4762:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(appname2,appname1,cc); // appname2: appname data/fotoxx-20.08/zfuncs.cc:4799:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(appimagexe); // appimage executable file data/fotoxx-20.08/zfuncs.cc:4960:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(zhomedir); // stop humongous username data/fotoxx-20.08/zfuncs.cc:5169:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(filespec); data/fotoxx-20.08/zfuncs.cc:5172:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(filespec); // | data/fotoxx-20.08/zfuncs.cc:5434:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(pp1+2); data/fotoxx-20.08/zfuncs.cc:5463:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else cc = strlen(pp1) - 2; // (with poss. embedded markups) data/fotoxx-20.08/zfuncs.cc:5500:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else cc = strlen(pp1) - 2; data/fotoxx-20.08/zfuncs.cc:5537:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(topic); data/fotoxx-20.08/zfuncs.cc:5613:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else cc = strlen(pp1); data/fotoxx-20.08/zfuncs.cc:5809:12: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. nn = fscanf(fid,"U%8s R%d P%d",uuid,&runs,&permit); // read "Uxxxxxxxx Rxxx Px" data/fotoxx-20.08/zfuncs.cc:5856:9: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. nn = fscanf(fid,"U%8s R%d P%d",uuid,&runs,&permit); // read "Uxxxxxxxx Rxxx Px" data/fotoxx-20.08/zfuncs.cc:5898:12: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. nn = fscanf(fid,"U%8s R%d P%d",uuid,&runs,&permit); // read "Uxxxxxxxx Rxxx Px" data/fotoxx-20.08/zfuncs.cc:6129:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(Ttext) < 3) // translation is "" (quotes included) data/fotoxx-20.08/zfuncs.cc:6245:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) == 0) pp = english; // translation is "" data/fotoxx-20.08/zfuncs.cc:6268:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tstring[ii]) == 0) break; // translation is "" data/fotoxx-20.08/zfuncs.cc:6639:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(matchtext); // highlight matching text data/fotoxx-20.08/zfuncs.cc:6804:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(ztext); data/fotoxx-20.08/zfuncs.cc:7424:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mdcc = strlen(menudir); data/fotoxx-20.08/zfuncs.cc:7466:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp+5) > 0) data/fotoxx-20.08/zfuncs.cc:7475:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp+5)) menus[me].func = zstrdup(pp+5); data/fotoxx-20.08/zfuncs.cc:7601:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text2 = (char *) zmalloc(strlen(text)+100); // replace "\n" with newline 6.3 data/fotoxx-20.08/zfuncs.cc:8041:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) < 9) { data/fotoxx-20.08/zfuncs.cc:8056:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(text) < 8) { // have local "NNN.png" 6.8 data/fotoxx-20.08/zfuncs.cc:8542:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(desc); data/fotoxx-20.08/zfuncs.cc:8546:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mdesc+cc+1," "); data/fotoxx-20.08/zfuncs.cc:8598:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(name); // menu name with trailing blanks 6.3 data/fotoxx-20.08/zfuncs.cc:10084:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(kbshortcuts[ii]); data/fotoxx-20.08/zfuncs.cc:10269:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text); data/fotoxx-20.08/zfuncs.cc:10313:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text); data/fotoxx-20.08/zfuncs.cc:10315:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(text+cc,cliptext,999-cc); // add clipboard text data/fotoxx-20.08/zfuncs.cc:10935:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(wintitle) < 3) continue; data/fotoxx-20.08/zfuncs.cc:11032:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) return; data/fotoxx-20.08/zfuncs.cc:11108:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pp) < 2) return; data/fotoxx-20.08/zfuncs.cc:11202:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc2 = strlen(pp2); data/fotoxx-20.08/zfuncs.cc:11333:12: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. else strcpy(wdata,""); data/fotoxx-20.08/zfuncs.cc:12153:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(text) + 4; // construct popup window data/fotoxx-20.08/zfuncs.cc:13208:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cc = strlen(file); data/fotoxx-20.08/zfuncs.cc:13263:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = (char *) zmalloc(strlen(inp)+1); data/fotoxx-20.08/zfuncs.cc:13652:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (string) xcc = strlen(string); // string length data/fotoxx-20.08/zfuncs.cc:13714:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (str) xcc = strlen(str); data/fotoxx-20.08/zfuncs.cc:13746:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s2) cc2 = strlen(s2); data/fotoxx-20.08/zfuncs.cc:13760:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (s1) cc1 = strlen(s1); data/fotoxx-20.08/zfuncs.cc:13774:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int scc = strlen(string); data/fotoxx-20.08/zfuncs.cc:13800:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xpp+pos,string,scc); // insert string, without null data/fotoxx-20.08/zfuncs.cc:13812:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int scc = strlen(string); data/fotoxx-20.08/zfuncs.cc:13832:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(xpp+pos,string,scc); // insert string, without null data/fotoxx-20.08/zfuncs.cc:13851:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (xcc != (int) strlen(xpp)) zappcrash("xstring xcc != strlen(xpp)",null); data/fotoxx-20.08/zfuncs.cc:14146:10: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(table+pos,string,cc); // insert new string data/fotoxx-20.08/zfuncs.cc:14345:7: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); // sleep in 1 millisec. steps data/fotoxx-20.08/zfuncs.cc:14484:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int cc = strlen(name); ANALYSIS SUMMARY: Hits = 2004 Lines analyzed = 109463 in approximately 2.89 seconds (37931 lines/second) Physical Source Lines of Code (SLOC) = 77827 Hits@level = [0] 607 [1] 335 [2] 1345 [3] 36 [4] 275 [5] 13 Hits@level+ = [0+] 2611 [1+] 2004 [2+] 1669 [3+] 324 [4+] 288 [5+] 13 Hits/KSLOC@level+ = [0+] 33.5488 [1+] 25.7494 [2+] 21.445 [3+] 4.16308 [4+] 3.70052 [5+] 0.167037 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.