Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/geany-1.37.1/data/templates/files/main.cxx
Examining data/geany-1.37.1/data/templates/files/main.c
Examining data/geany-1.37.1/data/filedefs/filetypes.c
Examining data/geany-1.37.1/data/filedefs/filetypes.cpp
Examining data/geany-1.37.1/doc/pluginsignals.c
Examining data/geany-1.37.1/doc/pluginsymbols.c
Examining data/geany-1.37.1/doc/stash-gui-example.c
Examining data/geany-1.37.1/doc/stash-example.c
Examining data/geany-1.37.1/plugins/filebrowser.c
Examining data/geany-1.37.1/plugins/demoproxy.c
Examining data/geany-1.37.1/plugins/classbuilder.c
Examining data/geany-1.37.1/plugins/geanyplugin.h
Examining data/geany-1.37.1/plugins/demoplugin.c
Examining data/geany-1.37.1/plugins/export.c
Examining data/geany-1.37.1/plugins/geanyfunctions.h
Examining data/geany-1.37.1/plugins/saveactions.c
Examining data/geany-1.37.1/plugins/splitwindow.c
Examining data/geany-1.37.1/plugins/htmlchars.c
Examining data/geany-1.37.1/scintilla/lexers/LexHTML.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexTxt2tags.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexNsis.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexPython.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexMatlab.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexCSS.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexBash.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexBasic.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexSmalltalk.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexPO.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexRuby.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexAsm.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexTCL.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexPowerShell.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexDiff.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexPerl.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexErlang.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexProps.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexPascal.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexLaTeX.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexAda.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexMarkdown.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexBatch.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexCOBOL.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexCmake.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexCPP.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexVerilog.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexMake.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexRust.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexR.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexD.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexFortran.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexHaskell.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexYAML.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexLua.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexNull.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexLisp.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexCaml.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexForth.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexCoffeeScript.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexAbaqus.cxx
Examining data/geany-1.37.1/scintilla/lexers/LexSQL.cxx
Examining data/geany-1.37.1/scintilla/src/Editor.h
Examining data/geany-1.37.1/scintilla/src/UniqueString.cxx
Examining data/geany-1.37.1/scintilla/src/Catalogue.h
Examining data/geany-1.37.1/scintilla/src/Partitioning.h
Examining data/geany-1.37.1/scintilla/src/Document.cxx
Examining data/geany-1.37.1/scintilla/src/PositionCache.cxx
Examining data/geany-1.37.1/scintilla/src/Document.h
Examining data/geany-1.37.1/scintilla/src/Position.h
Examining data/geany-1.37.1/scintilla/src/DBCS.cxx
Examining data/geany-1.37.1/scintilla/src/Catalogue.cxx
Examining data/geany-1.37.1/scintilla/src/Editor.cxx
Examining data/geany-1.37.1/scintilla/src/EditView.cxx
Examining data/geany-1.37.1/scintilla/src/Selection.h
Examining data/geany-1.37.1/scintilla/src/Decoration.cxx
Examining data/geany-1.37.1/scintilla/src/CaseFolder.h
Examining data/geany-1.37.1/scintilla/src/Indicator.cxx
Examining data/geany-1.37.1/scintilla/src/EditModel.cxx
Examining data/geany-1.37.1/scintilla/src/DBCS.h
Examining data/geany-1.37.1/scintilla/src/SVector.h
Examining data/geany-1.37.1/scintilla/src/FontQuality.h
Examining data/geany-1.37.1/scintilla/src/RunStyles.h
Examining data/geany-1.37.1/scintilla/src/LineMarker.cxx
Examining data/geany-1.37.1/scintilla/src/CharClassify.cxx
Examining data/geany-1.37.1/scintilla/src/Style.cxx
Examining data/geany-1.37.1/scintilla/src/CallTip.cxx
Examining data/geany-1.37.1/scintilla/src/PerLine.cxx
Examining data/geany-1.37.1/scintilla/src/IntegerRectangle.h
Examining data/geany-1.37.1/scintilla/src/ExternalLexer.cxx
Examining data/geany-1.37.1/scintilla/src/ContractionState.cxx
Examining data/geany-1.37.1/scintilla/src/UniConversion.h
Examining data/geany-1.37.1/scintilla/src/Selection.cxx
Examining data/geany-1.37.1/scintilla/src/SplitVector.h
Examining data/geany-1.37.1/scintilla/src/AutoComplete.cxx
Examining data/geany-1.37.1/scintilla/src/ContractionState.h
Examining data/geany-1.37.1/scintilla/src/ViewStyle.h
Examining data/geany-1.37.1/scintilla/src/ScintillaBase.cxx
Examining data/geany-1.37.1/scintilla/src/XPM.cxx
Examining data/geany-1.37.1/scintilla/src/MarginView.cxx
Examining data/geany-1.37.1/scintilla/src/KeyMap.cxx
Examining data/geany-1.37.1/scintilla/src/UnicodeFromUTF8.h
Examining data/geany-1.37.1/scintilla/src/Style.h
Examining data/geany-1.37.1/scintilla/src/SparseVector.h
Examining data/geany-1.37.1/scintilla/src/UniqueString.h
Examining data/geany-1.37.1/scintilla/src/ElapsedPeriod.h
Examining data/geany-1.37.1/scintilla/src/RESearch.h
Examining data/geany-1.37.1/scintilla/src/KeyMap.h
Examining data/geany-1.37.1/scintilla/src/RESearch.cxx
Examining data/geany-1.37.1/scintilla/src/CharClassify.h
Examining data/geany-1.37.1/scintilla/src/XPM.h
Examining data/geany-1.37.1/scintilla/src/ScintillaBase.h
Examining data/geany-1.37.1/scintilla/src/CaseConvert.h
Examining data/geany-1.37.1/scintilla/src/RunStyles.cxx
Examining data/geany-1.37.1/scintilla/src/ExternalLexer.h
Examining data/geany-1.37.1/scintilla/src/PerLine.h
Examining data/geany-1.37.1/scintilla/src/EditView.h
Examining data/geany-1.37.1/scintilla/src/PositionCache.h
Examining data/geany-1.37.1/scintilla/src/AutoComplete.h
Examining data/geany-1.37.1/scintilla/src/CellBuffer.h
Examining data/geany-1.37.1/scintilla/src/Indicator.h
Examining data/geany-1.37.1/scintilla/src/ViewStyle.cxx
Examining data/geany-1.37.1/scintilla/src/Decoration.h
Examining data/geany-1.37.1/scintilla/src/CaseConvert.cxx
Examining data/geany-1.37.1/scintilla/src/CellBuffer.cxx
Examining data/geany-1.37.1/scintilla/src/MarginView.h
Examining data/geany-1.37.1/scintilla/src/EditModel.h
Examining data/geany-1.37.1/scintilla/src/UniConversion.cxx
Examining data/geany-1.37.1/scintilla/src/LineMarker.h
Examining data/geany-1.37.1/scintilla/src/CaseFolder.cxx
Examining data/geany-1.37.1/scintilla/src/CallTip.h
Examining data/geany-1.37.1/scintilla/include/Platform.h
Examining data/geany-1.37.1/scintilla/include/SciLexer.h
Examining data/geany-1.37.1/scintilla/include/ScintillaWidget.h
Examining data/geany-1.37.1/scintilla/include/Scintilla.h
Examining data/geany-1.37.1/scintilla/include/Compat.h
Examining data/geany-1.37.1/scintilla/include/ILexer.h
Examining data/geany-1.37.1/scintilla/include/ILoader.h
Examining data/geany-1.37.1/scintilla/include/Sci_Position.h
Examining data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx
Examining data/geany-1.37.1/scintilla/gtk/scintilla-marshal.c
Examining data/geany-1.37.1/scintilla/gtk/ScintillaGTK.h
Examining data/geany-1.37.1/scintilla/gtk/ScintillaGTKAccessible.cxx
Examining data/geany-1.37.1/scintilla/gtk/ScintillaGTKAccessible.h
Examining data/geany-1.37.1/scintilla/gtk/Converter.h
Examining data/geany-1.37.1/scintilla/gtk/scintilla-marshal.h
Examining data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx
Examining data/geany-1.37.1/scintilla/lexlib/DefaultLexer.cxx
Examining data/geany-1.37.1/scintilla/lexlib/OptionSet.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerNoExceptions.cxx
Examining data/geany-1.37.1/scintilla/lexlib/CharacterSet.cxx
Examining data/geany-1.37.1/scintilla/lexlib/WordList.h
Examining data/geany-1.37.1/scintilla/lexlib/CharacterCategory.h
Examining data/geany-1.37.1/scintilla/lexlib/StyleContext.cxx
Examining data/geany-1.37.1/scintilla/lexlib/StringCopy.h
Examining data/geany-1.37.1/scintilla/lexlib/PropSetSimple.cxx
Examining data/geany-1.37.1/scintilla/lexlib/Accessor.h
Examining data/geany-1.37.1/scintilla/lexlib/SubStyles.h
Examining data/geany-1.37.1/scintilla/lexlib/Accessor.cxx
Examining data/geany-1.37.1/scintilla/lexlib/LexAccessor.h
Examining data/geany-1.37.1/scintilla/lexlib/DefaultLexer.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerModule.h
Examining data/geany-1.37.1/scintilla/lexlib/CatalogueModules.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerNoExceptions.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerSimple.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerBase.cxx
Examining data/geany-1.37.1/scintilla/lexlib/LexerSimple.cxx
Examining data/geany-1.37.1/scintilla/lexlib/CharacterCategory.cxx
Examining data/geany-1.37.1/scintilla/lexlib/WordList.cxx
Examining data/geany-1.37.1/scintilla/lexlib/SparseState.h
Examining data/geany-1.37.1/scintilla/lexlib/StyleContext.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerBase.h
Examining data/geany-1.37.1/scintilla/lexlib/LexerModule.cxx
Examining data/geany-1.37.1/scintilla/lexlib/PropSetSimple.h
Examining data/geany-1.37.1/scintilla/lexlib/CharacterSet.h
Examining data/geany-1.37.1/ctags/parsers/tcl.c
Examining data/geany-1.37.1/ctags/parsers/abaqus.c
Examining data/geany-1.37.1/ctags/parsers/sql.c
Examining data/geany-1.37.1/ctags/parsers/haxe.c
Examining data/geany-1.37.1/ctags/parsers/bibtex.c
Examining data/geany-1.37.1/ctags/parsers/tex.c
Examining data/geany-1.37.1/ctags/parsers/css.c
Examining data/geany-1.37.1/ctags/parsers/html.c
Examining data/geany-1.37.1/ctags/parsers/php.c
Examining data/geany-1.37.1/ctags/parsers/powershell.c
Examining data/geany-1.37.1/ctags/parsers/verilog.c
Examining data/geany-1.37.1/ctags/parsers/python.c
Examining data/geany-1.37.1/ctags/parsers/ruby.c
Examining data/geany-1.37.1/ctags/parsers/jscript.c
Examining data/geany-1.37.1/ctags/parsers/make.c
Examining data/geany-1.37.1/ctags/parsers/perl.c
Examining data/geany-1.37.1/ctags/parsers/abc.c
Examining data/geany-1.37.1/ctags/parsers/fortran.c
Examining data/geany-1.37.1/ctags/parsers/vhdl.c
Examining data/geany-1.37.1/ctags/parsers/diff.c
Examining data/geany-1.37.1/ctags/parsers/json.c
Examining data/geany-1.37.1/ctags/parsers/rst.c
Examining data/geany-1.37.1/ctags/parsers/erlang.c
Examining data/geany-1.37.1/ctags/parsers/lua.c
Examining data/geany-1.37.1/ctags/parsers/sh.c
Examining data/geany-1.37.1/ctags/parsers/nsis.c
Examining data/geany-1.37.1/ctags/parsers/cobol.c
Examining data/geany-1.37.1/ctags/parsers/asciidoc.c
Examining data/geany-1.37.1/ctags/parsers/pascal.c
Examining data/geany-1.37.1/ctags/parsers/rust.c
Examining data/geany-1.37.1/ctags/parsers/txt2tags.c
Examining data/geany-1.37.1/ctags/parsers/matlab.c
Examining data/geany-1.37.1/ctags/parsers/go.c
Examining data/geany-1.37.1/ctags/parsers/basic.c
Examining data/geany-1.37.1/ctags/parsers/r.c
Examining data/geany-1.37.1/ctags/parsers/docbook.c
Examining data/geany-1.37.1/ctags/parsers/markdown.c
Examining data/geany-1.37.1/ctags/parsers/objc.c
Examining data/geany-1.37.1/ctags/parsers/asm.c
Examining data/geany-1.37.1/ctags/parsers/flex.c
Examining data/geany-1.37.1/ctags/parsers/haskell.c
Examining data/geany-1.37.1/ctags/parsers/c.c
Examining data/geany-1.37.1/ctags/parsers/iniconf.c
Examining data/geany-1.37.1/ctags/main/keyword.c
Examining data/geany-1.37.1/ctags/main/numarray.c
Examining data/geany-1.37.1/ctags/main/args.h
Examining data/geany-1.37.1/ctags/main/output-ctags.c
Examining data/geany-1.37.1/ctags/main/xtag.c
Examining data/geany-1.37.1/ctags/main/sort.h
Examining data/geany-1.37.1/ctags/main/ptag.c
Examining data/geany-1.37.1/ctags/main/htable.h
Examining data/geany-1.37.1/ctags/main/parse.c
Examining data/geany-1.37.1/ctags/main/trashbox.c
Examining data/geany-1.37.1/ctags/main/parsers.h
Examining data/geany-1.37.1/ctags/main/parse.h
Examining data/geany-1.37.1/ctags/main/ptag.h
Examining data/geany-1.37.1/ctags/main/strlist.c
Examining data/geany-1.37.1/ctags/main/repoinfo.c
Examining data/geany-1.37.1/ctags/main/repoinfo.h
Examining data/geany-1.37.1/ctags/main/flags.h
Examining data/geany-1.37.1/ctags/main/kind.h
Examining data/geany-1.37.1/ctags/main/field.c
Examining data/geany-1.37.1/ctags/main/objpool.h
Examining data/geany-1.37.1/ctags/main/debug.c
Examining data/geany-1.37.1/ctags/main/fmt.c
Examining data/geany-1.37.1/ctags/main/dependency.c
Examining data/geany-1.37.1/ctags/main/output.h
Examining data/geany-1.37.1/ctags/main/numarray.h
Examining data/geany-1.37.1/ctags/main/vstring.c
Examining data/geany-1.37.1/ctags/main/ctags-api.h
Examining data/geany-1.37.1/ctags/main/types.h
Examining data/geany-1.37.1/ctags/main/debug.h
Examining data/geany-1.37.1/ctags/main/error.h
Examining data/geany-1.37.1/ctags/main/pcoproc.c
Examining data/geany-1.37.1/ctags/main/lxcmd.c
Examining data/geany-1.37.1/ctags/main/mio.h
Examining data/geany-1.37.1/ctags/main/strlist.h
Examining data/geany-1.37.1/ctags/main/lcpp.c
Examining data/geany-1.37.1/ctags/main/xtag.h
Examining data/geany-1.37.1/ctags/main/flags.c
Examining data/geany-1.37.1/ctags/main/field.h
Examining data/geany-1.37.1/ctags/main/promise.c
Examining data/geany-1.37.1/ctags/main/objpool.c
Examining data/geany-1.37.1/ctags/main/gcc-attr.h
Examining data/geany-1.37.1/ctags/main/ptrarray.c
Examining data/geany-1.37.1/ctags/main/selectors.c
Examining data/geany-1.37.1/ctags/main/e_msoft.h
Examining data/geany-1.37.1/ctags/main/main.h
Examining data/geany-1.37.1/ctags/main/pcoproc.h
Examining data/geany-1.37.1/ctags/main/keyword.h
Examining data/geany-1.37.1/ctags/main/ctags-api.c
Examining data/geany-1.37.1/ctags/main/selectors.h
Examining data/geany-1.37.1/ctags/main/htable.c
Examining data/geany-1.37.1/ctags/main/fmt.h
Examining data/geany-1.37.1/ctags/main/lxpath.c
Examining data/geany-1.37.1/ctags/main/routines.c
Examining data/geany-1.37.1/ctags/main/kind.c
Examining data/geany-1.37.1/ctags/main/ptrarray.h
Examining data/geany-1.37.1/ctags/main/entry.h
Examining data/geany-1.37.1/ctags/main/lcpp.h
Examining data/geany-1.37.1/ctags/main/promise.h
Examining data/geany-1.37.1/ctags/main/dependency.h
Examining data/geany-1.37.1/ctags/main/mbcs.h
Examining data/geany-1.37.1/ctags/main/trashbox.h
Examining data/geany-1.37.1/ctags/main/nestlevel.c
Examining data/geany-1.37.1/ctags/main/error.c
Examining data/geany-1.37.1/ctags/main/nestlevel.h
Examining data/geany-1.37.1/ctags/main/inline.h
Examining data/geany-1.37.1/ctags/main/sort.c
Examining data/geany-1.37.1/ctags/main/trace.h
Examining data/geany-1.37.1/ctags/main/main.c
Examining data/geany-1.37.1/ctags/main/read.h
Examining data/geany-1.37.1/ctags/main/read.c
Examining data/geany-1.37.1/ctags/main/routines.h
Examining data/geany-1.37.1/ctags/main/ctags.h
Examining data/geany-1.37.1/ctags/main/general.h
Examining data/geany-1.37.1/ctags/main/entry.c
Examining data/geany-1.37.1/ctags/main/args.c
Examining data/geany-1.37.1/ctags/main/options.h
Examining data/geany-1.37.1/ctags/main/options.c
Examining data/geany-1.37.1/ctags/main/mio.c
Examining data/geany-1.37.1/ctags/main/lregex.c
Examining data/geany-1.37.1/ctags/main/vstring.h
Examining data/geany-1.37.1/src/editor.h
Examining data/geany-1.37.1/src/geanywraplabel.c
Examining data/geany-1.37.1/src/filetypesprivate.h
Examining data/geany-1.37.1/src/win32.c
Examining data/geany-1.37.1/src/navqueue.h
Examining data/geany-1.37.1/src/keybindings.h
Examining data/geany-1.37.1/src/keybindingsprivate.h
Examining data/geany-1.37.1/src/editor.c
Examining data/geany-1.37.1/src/printing.h
Examining data/geany-1.37.1/src/filetypes.c
Examining data/geany-1.37.1/src/prefs.h
Examining data/geany-1.37.1/src/highlighting.c
Examining data/geany-1.37.1/src/geany.h
Examining data/geany-1.37.1/src/highlighting.h
Examining data/geany-1.37.1/src/templates.c
Examining data/geany-1.37.1/src/sidebar.h
Examining data/geany-1.37.1/src/sciwrappers.h
Examining data/geany-1.37.1/src/project.c
Examining data/geany-1.37.1/src/geanyentryaction.h
Examining data/geany-1.37.1/src/geanymenubuttonaction.h
Examining data/geany-1.37.1/src/dialogs.h
Examining data/geany-1.37.1/src/tools.c
Examining data/geany-1.37.1/src/document.h
Examining data/geany-1.37.1/src/libmain.c
Examining data/geany-1.37.1/src/plugindata.h
Examining data/geany-1.37.1/src/socket.c
Examining data/geany-1.37.1/src/project.h
Examining data/geany-1.37.1/src/callbacks.c
Examining data/geany-1.37.1/src/keybindings.c
Examining data/geany-1.37.1/src/gtkcompat.h
Examining data/geany-1.37.1/src/msgwindow.c
Examining data/geany-1.37.1/src/about.h
Examining data/geany-1.37.1/src/symbols.h
Examining data/geany-1.37.1/src/toolbar.h
Examining data/geany-1.37.1/src/encodings.h
Examining data/geany-1.37.1/src/ui_utils.h
Examining data/geany-1.37.1/src/plugins.h
Examining data/geany-1.37.1/src/tools.h
Examining data/geany-1.37.1/src/symbols.c
Examining data/geany-1.37.1/src/osx.h
Examining data/geany-1.37.1/src/spawn.h
Examining data/geany-1.37.1/src/geanyobject.h
Examining data/geany-1.37.1/src/stash.c
Examining data/geany-1.37.1/src/geanyentryaction.c
Examining data/geany-1.37.1/src/tagmanager/tm_parser.c
Examining data/geany-1.37.1/src/tagmanager/tm_tag.c
Examining data/geany-1.37.1/src/tagmanager/tm_source_file.c
Examining data/geany-1.37.1/src/tagmanager/tm_workspace.h
Examining data/geany-1.37.1/src/tagmanager/tm_parser.h
Examining data/geany-1.37.1/src/tagmanager/tm_tag.h
Examining data/geany-1.37.1/src/tagmanager/tm_workspace.c
Examining data/geany-1.37.1/src/tagmanager/tm_source_file.h
Examining data/geany-1.37.1/src/document.c
Examining data/geany-1.37.1/src/msgwindow.h
Examining data/geany-1.37.1/src/search.h
Examining data/geany-1.37.1/src/geanymenubuttonaction.c
Examining data/geany-1.37.1/src/build.c
Examining data/geany-1.37.1/src/gb.c
Examining data/geany-1.37.1/src/search.c
Examining data/geany-1.37.1/src/pluginprivate.h
Examining data/geany-1.37.1/src/spawn.c
Examining data/geany-1.37.1/src/osx.c
Examining data/geany-1.37.1/src/sciwrappers.c
Examining data/geany-1.37.1/src/stash.h
Examining data/geany-1.37.1/src/log.h
Examining data/geany-1.37.1/src/callbacks.h
Examining data/geany-1.37.1/src/main.h
Examining data/geany-1.37.1/src/prefix.h
Examining data/geany-1.37.1/src/navqueue.c
Examining data/geany-1.37.1/src/geanyobject.c
Examining data/geany-1.37.1/src/templates.h
Examining data/geany-1.37.1/src/support.h
Examining data/geany-1.37.1/src/projectprivate.h
Examining data/geany-1.37.1/src/build.h
Examining data/geany-1.37.1/src/toolbar.c
Examining data/geany-1.37.1/src/prefix.c
Examining data/geany-1.37.1/src/filetypes.h
Examining data/geany-1.37.1/src/win32.h
Examining data/geany-1.37.1/src/notebook.h
Examining data/geany-1.37.1/src/vte.c
Examining data/geany-1.37.1/src/encodings.c
Examining data/geany-1.37.1/src/utils.h
Examining data/geany-1.37.1/src/ui_utils.c
Examining data/geany-1.37.1/src/log.c
Examining data/geany-1.37.1/src/dialogs.c
Examining data/geany-1.37.1/src/pluginutils.c
Examining data/geany-1.37.1/src/main.c
Examining data/geany-1.37.1/src/sidebar.c
Examining data/geany-1.37.1/src/documentprivate.h
Examining data/geany-1.37.1/src/keyfile.h
Examining data/geany-1.37.1/src/vte.h
Examining data/geany-1.37.1/src/socket.h
Examining data/geany-1.37.1/src/printing.c
Examining data/geany-1.37.1/src/utils.c
Examining data/geany-1.37.1/src/notebook.c
Examining data/geany-1.37.1/src/prefs.c
Examining data/geany-1.37.1/src/encodingsprivate.h
Examining data/geany-1.37.1/src/pluginutils.h
Examining data/geany-1.37.1/src/highlightingmappings.h
Examining data/geany-1.37.1/src/geanywraplabel.h
Examining data/geany-1.37.1/src/app.h
Examining data/geany-1.37.1/src/about.c
Examining data/geany-1.37.1/src/plugins.c
Examining data/geany-1.37.1/src/keyfile.c
Examining data/geany-1.37.1/tests/test_utils.c
Examining data/geany-1.37.1/tests/ctags/cxx11-noexcept.cpp
Examining data/geany-1.37.1/tests/ctags/process_order_1.h
Examining data/geany-1.37.1/tests/ctags/cpp_destructor.cpp
Examining data/geany-1.37.1/tests/ctags/bug1093123.cpp
Examining data/geany-1.37.1/tests/ctags/c-digraphs.c
Examining data/geany-1.37.1/tests/ctags/bug1086609.c
Examining data/geany-1.37.1/tests/ctags/bit_field.c
Examining data/geany-1.37.1/tests/ctags/bug1575055.cpp
Examining data/geany-1.37.1/tests/ctags/signature.cpp
Examining data/geany-1.37.1/tests/ctags/bug1020715.c
Examining data/geany-1.37.1/tests/ctags/bug1458930.c
Examining data/geany-1.37.1/tests/ctags/bug556646.c
Examining data/geany-1.37.1/tests/ctags/enum.c
Examining data/geany-1.37.1/tests/ctags/bug1799343-2.cpp
Examining data/geany-1.37.1/tests/ctags/bug849591.cpp
Examining data/geany-1.37.1/tests/ctags/line_directives.c
Examining data/geany-1.37.1/tests/ctags/bug1907083.cpp
Examining data/geany-1.37.1/tests/ctags/bug1020715.cpp
Examining data/geany-1.37.1/tests/ctags/prototype.h
Examining data/geany-1.37.1/tests/ctags/bug1201689.c
Examining data/geany-1.37.1/tests/ctags/extern_variable.h
Examining data/geany-1.37.1/tests/ctags/cxx11-override.cpp
Examining data/geany-1.37.1/tests/ctags/bug1799343-1.cpp
Examining data/geany-1.37.1/tests/ctags/cxx11enum.cpp
Examining data/geany-1.37.1/tests/ctags/bug1799340.cpp
Examining data/geany-1.37.1/tests/ctags/bug507864.c
Examining data/geany-1.37.1/tests/ctags/bug556645.c
Examining data/geany-1.37.1/tests/ctags/bug639639.h
Examining data/geany-1.37.1/tests/ctags/local.c
Examining data/geany-1.37.1/tests/ctags/macros.c
Examining data/geany-1.37.1/tests/ctags/bug639644.hpp
Examining data/geany-1.37.1/tests/ctags/bug1585745.cpp
Examining data/geany-1.37.1/tests/ctags/c-trigraphs.c
Examining data/geany-1.37.1/tests/ctags/bug1773926.cpp
Examining data/geany-1.37.1/tests/ctags/process_order_2.h
Examining data/geany-1.37.1/tests/ctags/var-and-return-type.cpp
Examining data/geany-1.37.1/tests/ctags/static_array.c
Examining data/geany-1.37.1/tests/ctags/func_typedef.h
Examining data/geany-1.37.1/tests/ctags/directives.c
Examining data/geany-1.37.1/tests/ctags/bug1466117.c
Examining data/geany-1.37.1/tests/ctags/bug1924919.cpp
Examining data/geany-1.37.1/tests/ctags/bug1764143.h
Examining data/geany-1.37.1/tests/ctags/bug1548443.cpp
Examining data/geany-1.37.1/tests/ctags/angle_bracket.cpp
Examining data/geany-1.37.1/tests/ctags/backslashes.c
Examining data/geany-1.37.1/tests/ctags/size_t_wchar_t_typedef.c
Examining data/geany-1.37.1/tests/ctags/bug852368.cpp
Examining data/geany-1.37.1/tests/ctags/bug1770479.cpp
Examining data/geany-1.37.1/tests/ctags/bug872494.cpp
Examining data/geany-1.37.1/tests/ctags/cxx14-combined.cpp
Examining data/geany-1.37.1/tests/ctags/cxx11-raw-strings.cpp
Examining data/geany-1.37.1/tests/ctags/namespace.cpp
Examining data/geany-1.37.1/tests/ctags/cxx11-final.cpp
Examining data/geany-1.37.1/tests/ctags/bug1563476.cpp
Examining data/geany-1.37.1/tests/ctags/spurious_label_tags.c
Examining data/geany-1.37.1/tests/ctags/bug1491666.c
Examining data/geany-1.37.1/tests/ctags/bug665086.cpp
Examining data/geany-1.37.1/debian/dumpabiver.c
FINAL RESULTS:
data/geany-1.37.1/plugins/filebrowser.c:118:2: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
MultiByteToWideChar(CP_UTF8, 0, filename, -1, w_filename, sizeof(w_filename));
data/geany-1.37.1/src/socket.c:188:8: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
len = readlink(socket_info.file_name, real_path, sizeof(real_path) - 1);
data/geany-1.37.1/src/vte.c:841:19: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
gint length = readlink(file, buffer, sizeof(buffer));
data/geany-1.37.1/ctags/main/args.c:113:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, vStringValue (vs));
data/geany-1.37.1/ctags/main/args.c:149:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, vStringValue (vs));
data/geany-1.37.1/ctags/main/ctags-api.c:32:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, ap);
data/geany-1.37.1/ctags/main/ctags-api.h:25:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char *access;
data/geany-1.37.1/ctags/main/debug.c:39:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf (format, ap);
data/geany-1.37.1/ctags/main/debug.c:93:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
tag->extensionFields.access != NULL)
data/geany-1.37.1/ctags/main/debug.c:94:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printf (" [access:%s]", tag->extensionFields.access);
data/geany-1.37.1/ctags/main/debug.h:29:53: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define PrintStatus(x) if (debug(DEBUG_STATUS)) printf x;
data/geany-1.37.1/ctags/main/e_msoft.h:42:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/geany-1.37.1/ctags/main/e_msoft.h:42:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/geany-1.37.1/ctags/main/entry.c:270:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (entry, "%sTAG_FILE", PSEUDO_TAG_PREFIX);
data/geany-1.37.1/ctags/main/entry.c:948:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (slot->extensionFields.access)
data/geany-1.37.1/ctags/main/entry.c:949:65: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
slot->extensionFields.access = eStrdup (slot->extensionFields.access);
data/geany-1.37.1/ctags/main/entry.c:1002:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (slot->extensionFields.access)
data/geany-1.37.1/ctags/main/entry.c:1003:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
eFree ((char *)slot->extensionFields.access);
data/geany-1.37.1/ctags/main/entry.c:1103:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
tag->access = info->extensionFields.access;
data/geany-1.37.1/ctags/main/entry.h:66:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char* access;
data/geany-1.37.1/ctags/main/error.c:34:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, ap);
data/geany-1.37.1/ctags/main/field.c:229:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nameWithPrefix, CTAGS_FIELD_PREFIX);
data/geany-1.37.1/ctags/main/field.c:230:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nameWithPrefix, fdesc->spec->name);
data/geany-1.37.1/ctags/main/field.c:356:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((Option.machinable? "%c\t%s\t%s\t%s\t%s\t%s\n": MAKE_FIELD_FMT(c)),
data/geany-1.37.1/ctags/main/field.c:370:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ((Option.machinable? "%s\t%s\t%s\t%s\t%s\t%s\n": MAKE_FIELD_FMT(s)),
data/geany-1.37.1/ctags/main/field.c:598:65: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return renderAsIs (b, WITH_DEFUALT_VALUE (tag->extensionFields.access));
data/geany-1.37.1/ctags/main/field.c:733:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return (tag->extensionFields.access != NULL)? true: false;
data/geany-1.37.1/ctags/main/field.c:909:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nameWithPrefix, CTAGS_FIELD_PREFIX);
data/geany-1.37.1/ctags/main/field.c:910:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (nameWithPrefix, spec->name);
data/geany-1.37.1/ctags/main/gcc-attr.h:22:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define CTAGS_ATTR_PRINTF(s,f) __attribute__((format (printf, s, f)))
data/geany-1.37.1/ctags/main/kind.c:67:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (fmt,
data/geany-1.37.1/ctags/main/kind.c:88:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ((tabSeparated
data/geany-1.37.1/ctags/main/lregex.c:1041:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (Option.machinable? "%s": PR_KIND_FMT (LANG,s), data->langName);
data/geany-1.37.1/ctags/main/lxcmd.c:568:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (Option.machinable? "%s": PR_KIND_FMT (LANG,s), data->langName);
data/geany-1.37.1/ctags/main/mio.c:811:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return vfprintf (mio->impl.file.fp, format, ap);
data/geany-1.37.1/ctags/main/mio.c:825:7: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (&dummy, 1, format, ap_copy);
data/geany-1.37.1/ctags/main/mio.c:833:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
rv = vsprintf ((char *)&mio->impl.mem.buf[mio->impl.mem.pos], format, ap);
data/geany-1.37.1/ctags/main/options.c:581:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = vsnprintf(&dummy, sizeof dummy, fmt, args_copy);
data/geany-1.37.1/ctags/main/options.c:595:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(*strp, size, fmt, args);
data/geany-1.37.1/ctags/main/options.c:608:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, ap);
data/geany-1.37.1/ctags/main/options.c:620:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, format, ap);
data/geany-1.37.1/ctags/main/options.c:1321:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (INVOCATION, getExecutableName ());
data/geany-1.37.1/ctags/main/parse.c:1960:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (Option.machinable? "%s": PR_KIND_FMT (LANG,s), lang->name);
data/geany-1.37.1/ctags/main/pcoproc.c:143:3: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv (filename, argv);
data/geany-1.37.1/ctags/main/routines.c:308:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, str);
data/geany-1.37.1/ctags/main/routines.c:689:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result, s1);
data/geany-1.37.1/ctags/main/routines.c:690:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result + len1, s2);
data/geany-1.37.1/ctags/main/routines.c:691:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (result + len1 + len2, s3);
data/geany-1.37.1/ctags/main/routines.c:831:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (res, fp + 1);
data/geany-1.37.1/ctags/main/routines.c:856:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name, "%s%c%s", tmpdir, OUTPUT_PATH_SEPARATOR, pattern);
data/geany-1.37.1/ctags/main/sort.c:84:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s", sortCommand);
data/geany-1.37.1/ctags/main/sort.c:86:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s -o %s %s", sortCommand,
data/geany-1.37.1/ctags/main/sort.c:90:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %s", sortOrder1, sortOrder2, sortCommand);
data/geany-1.37.1/ctags/main/sort.c:92:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (cmd, "%s %s %s -o %s %s", sortOrder1, sortOrder2,
data/geany-1.37.1/ctags/main/sort.c:108:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system (cmd);
data/geany-1.37.1/ctags/main/sort.c:114:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system (cmd);
data/geany-1.37.1/ctags/main/sort.c:224:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (table [i], line);
data/geany-1.37.1/ctags/main/xtag.c:105:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((Option.machinable? "%c\t%s\t%s\t%s\n": MAKE_XTAG_FMT(c)),
data/geany-1.37.1/ctags/main/xtag.c:117:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf ((Option.machinable? "%s\t%s\t%s\t%s\n": MAKE_XTAG_FMT(s)),
data/geany-1.37.1/ctags/parsers/c.c:176:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessType access; /* access of current statement */
data/geany-1.37.1/ctags/parsers/c.c:752:64: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
printf("access: %s default: %s\n", accessString (st->member.access),
data/geany-1.37.1/ctags/parsers/c.c:1153:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (st->member.access != ACCESS_UNDEFINED)
data/geany-1.37.1/ctags/parsers/c.c:1154:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
result = accessString (st->member.access);
data/geany-1.37.1/ctags/parsers/c.c:3034:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "anon_%s_%d", name_token->name->buffer, contextual_fake_count++);
data/geany-1.37.1/ctags/parsers/fortran.c:450:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s#%u", type, contextual_fake_count++);
data/geany-1.37.1/ctags/parsers/perl.c:27:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TRACE if (TRACE_PERL_C) printf("perl.c:%d: ", __LINE__), printf
data/geany-1.37.1/ctags/parsers/php.c:232:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessType access;
data/geany-1.37.1/ctags/parsers/php.c:240:53: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static const char *accessToString (const accessType access)
data/geany-1.37.1/ctags/parsers/php.c:249:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
Assert (access < COUNT_ACCESS);
data/geany-1.37.1/ctags/parsers/php.c:251:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return names[access];
data/geany-1.37.1/ctags/parsers/php.c:267:46: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const phpKind kind, const accessType access)
data/geany-1.37.1/ctags/parsers/php.c:288:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != ACCESS_UNDEFINED)
data/geany-1.37.1/ctags/parsers/php.c:289:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
e->extensionFields.access = accessToString (access);
data/geany-1.37.1/ctags/parsers/php.c:307:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const accessType access)
data/geany-1.37.1/ctags/parsers/php.c:313:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
initPhpEntry (&e, token, kind, access);
data/geany-1.37.1/ctags/parsers/php.c:353:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const accessType access, const implType impl)
data/geany-1.37.1/ctags/parsers/php.c:359:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
initPhpEntry (&e, token, K_FUNCTION, access);
data/geany-1.37.1/ctags/parsers/php.c:1059:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessType access = CurrentStatement.access;
data/geany-1.37.1/ctags/parsers/php.c:1141:35: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
makeFunctionTag (name, arglist, access, impl);
data/geany-1.37.1/ctags/parsers/php.c:1261:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
accessType access = CurrentStatement.access;
data/geany-1.37.1/ctags/parsers/php.c:1285:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
makeSimplePhpTag (name, kind, access);
data/geany-1.37.1/ctags/parsers/php.c:1297:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
makeSimplePhpTag (name, K_VARIABLE, access);
data/geany-1.37.1/ctags/parsers/powershell.c:82:59: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static const char *findValidAccessType (const char *const access)
data/geany-1.37.1/ctags/parsers/powershell.c:91:19: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (strcasecmp (access, accessTypes[i]) == 0)
data/geany-1.37.1/ctags/parsers/powershell.c:99:55: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const powerShellKind kind, const char *const access)
data/geany-1.37.1/ctags/parsers/powershell.c:106:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access != NULL)
data/geany-1.37.1/ctags/parsers/powershell.c:107:31: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
e->extensionFields.access = access;
data/geany-1.37.1/ctags/parsers/powershell.c:119:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char *const access)
data/geany-1.37.1/ctags/parsers/powershell.c:125:41: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
initPowerShellEntry (&e, token, kind, access);
data/geany-1.37.1/ctags/parsers/powershell.c:131:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char *const access)
data/geany-1.37.1/ctags/parsers/powershell.c:137:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
initPowerShellEntry (&e, token, K_FUNCTION, access);
data/geany-1.37.1/ctags/parsers/powershell.c:401:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return access;
data/geany-1.37.1/ctags/parsers/powershell.c:413:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char *access;
data/geany-1.37.1/ctags/parsers/powershell.c:488:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
makeFunctionTag (nameFree, arglist, access);
data/geany-1.37.1/ctags/parsers/powershell.c:495:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
makeFunctionTag (nameFree, NULL, access);
data/geany-1.37.1/ctags/parsers/powershell.c:516:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const char *access;
data/geany-1.37.1/ctags/parsers/powershell.c:527:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
makeSimplePowerShellTag (name, K_VARIABLE, access);
data/geany-1.37.1/ctags/parsers/python.c:111:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
pythonAccess access;
data/geany-1.37.1/ctags/parsers/python.c:114:50: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
entry->extensionFields.access = PythonAccesses [access];
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:2027:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, format, pArguments);
data/geany-1.37.1/scintilla/lexers/LexCaml.cxx:92:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer,format,pArguments);
data/geany-1.37.1/scintilla/lexers/LexFortran.cxx:658:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevWord, s);
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:141:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevWord, s);
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:294:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevWord, s);
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:494:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prevWord, s);
data/geany-1.37.1/src/libmain.c:597:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PACKAGE " %s (", main_get_version_string());
data/geany-1.37.1/src/libmain.c:600:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(geany_lib_versions,
data/geany-1.37.1/src/spawn.c:1430:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(c >= ' ' && c < 0x80 ? "%c" : "\\x%02x", c);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:151:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
static char get_tag_access(const char *access)
data/geany-1.37.1/src/tagmanager/tm_source_file.c:153:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (0 == strcmp("public", access))
data/geany-1.37.1/src/tagmanager/tm_source_file.c:155:36: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == strcmp("protected", access))
data/geany-1.37.1/src/tagmanager/tm_source_file.c:157:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == strcmp("private", access))
data/geany-1.37.1/src/tagmanager/tm_source_file.c:159:33: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == strcmp("friend", access))
data/geany-1.37.1/src/tagmanager/tm_source_file.c:161:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (0 == strcmp("default", access))
data/geany-1.37.1/src/tagmanager/tm_source_file.c:165:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
g_warning("Unknown access type %s", access);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:210:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (tag_entry->access != NULL)
data/geany-1.37.1/src/tagmanager/tm_source_file.c:211:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
tag->access = get_tag_access(tag_entry->access);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:523:68: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if ((attrs & tm_tag_attr_access_t) && (TAG_ACCESS_UNKNOWN != tag->access))
data/geany-1.37.1/src/tagmanager/tm_source_file.c:524:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fprintf(fp, "%c%c", TA_ACCESS, tag->access);
data/geany-1.37.1/src/tagmanager/tm_tag.c:232:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
a->access == b->access &&
data/geany-1.37.1/src/tagmanager/tm_tag.c:719:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (TAG_ACCESS_PUBLIC == tag->access)
data/geany-1.37.1/src/tagmanager/tm_tag.c:721:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (TAG_ACCESS_PROTECTED == tag->access)
data/geany-1.37.1/src/tagmanager/tm_tag.c:723:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (TAG_ACCESS_PRIVATE == tag->access)
data/geany-1.37.1/src/tagmanager/tm_tag.h:102:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
char access; /**< Access type (public/protected/private/etc.) */
data/geany-1.37.1/src/tagmanager/tm_workspace.c:547:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = system(command);
data/geany-1.37.1/src/utils.c:676:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(file, R_OK | W_OK) != 0)
data/geany-1.37.1/src/utils.h:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(g_alloca(strlen(str) + 1), str)
data/geany-1.37.1/src/win32.c:794:15: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ret = (gint) ShellExecute(NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL);
data/geany-1.37.1/ctags/main/e_msoft.h:34:9: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
#define tempnam(dir,pfx) _tempnam(dir,pfx)
data/geany-1.37.1/ctags/main/general.h:70:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv (const char *);
data/geany-1.37.1/ctags/main/options.c:525:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* const home = getenv ("HOME");
data/geany-1.37.1/ctags/main/options.c:536:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* homeDrive = getenv ("HOMEDRIVE");
data/geany-1.37.1/ctags/main/options.c:537:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* homePath = getenv ("HOMEPATH");
data/geany-1.37.1/ctags/main/options.c:3231:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envOptions = getenv (var);
data/geany-1.37.1/ctags/main/options.c:3236:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
envOptions = getenv (var);
data/geany-1.37.1/ctags/main/options.c:3260:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* dataPath = getenv (CTAGS_DATA_PATH_ENVIRONMENT);
data/geany-1.37.1/ctags/main/options.c:3307:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* libexecPath = getenv (CTAGS_LIBEXEC_PATH_ENVIRONMENT);
data/geany-1.37.1/ctags/main/routines.c:848:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv ("TMP");
data/geany-1.37.1/ctags/main/routines.c:851:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv ("TMPDIR");
data/geany-1.37.1/ctags/main/routines.c:862:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpdir = getenv ("TMP");
data/geany-1.37.1/ctags/main/routines.c:866:9: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
name = tempnam (tmpdir, "tags");
data/geany-1.37.1/ctags/main/routines.c:872:6: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
if (tmpnam (name) != name)
data/geany-1.37.1/plugins/filebrowser.c:352:31: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
SETPTR(current_dir, g_strdup(g_get_home_dir()));
data/geany-1.37.1/plugins/filebrowser.c:823:41: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
utils_string_replace_first(str, "~", g_get_home_dir());
data/geany-1.37.1/plugins/filebrowser.c:830:22: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
new_dir = g_strdup(g_get_home_dir());
data/geany-1.37.1/plugins/saveactions.c:421:69: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
tmp = utils_get_setting_string(config, "backupcopy", "backup_dir", g_get_tmp_dir());
data/geany-1.37.1/src/gb.c:193:22: [3] (random) g_random_double_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->ball_vec[0] = g_random_double_range(.2, .8);
data/geany-1.37.1/src/gb.c:195:6: [3] (random) g_random_boolean:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (g_random_boolean())
data/geany-1.37.1/src/libmain.c:687:38: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
gchar *old_dir = g_build_filename(g_get_home_dir(), ".geany", NULL);
data/geany-1.37.1/src/project.c:1224:52: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
local_prefs.project_file_path = g_build_filename(g_get_home_dir(), PROJECT_DIR, NULL);
data/geany-1.37.1/src/sidebar.c:373:26: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home_dir = g_get_home_dir();
data/geany-1.37.1/src/socket.c:454:50: [3] (random) g_random_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
basename = g_strdup_printf("geany_socket.%08x", g_random_int());
data/geany-1.37.1/src/socket.c:458:32: [3] (buffer) g_get_tmp_dir:
This function is synonymous with 'getenv("TMP")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
real_path = g_build_filename(g_get_tmp_dir(), basename, NULL);
data/geany-1.37.1/src/symbols.c:1675:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const gchar *cflags = getenv("CFLAGS");
data/geany-1.37.1/src/tagmanager/tm_source_file.c:92:14: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
static char *realpath (const char *pathname, char *resolved_path)
data/geany-1.37.1/src/tagmanager/tm_source_file.c:131:7: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if (realpath(file_name, path))
data/geany-1.37.1/src/utils.c:1755:33: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
fuse_path = g_build_filename(g_get_home_dir(), ".gvfs", NULL);
data/geany-1.37.1/ctags/main/ctags-api.c:95:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kinds[257];
data/geany-1.37.1/ctags/main/entry.c:69:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define open _open
data/geany-1.37.1/ctags/main/entry.c:264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry [maxEntryLength + 1];
data/geany-1.37.1/ctags/main/entry.c:281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tab, classType [16];
data/geany-1.37.1/ctags/main/entry.c:567:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const int fd = open (TagFile.name, O_RDWR);
data/geany-1.37.1/ctags/main/entry.h:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extra[ ((XTAG_COUNT) / 8) + 1 ];
data/geany-1.37.1/ctags/main/field.c:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = {[0] = '\0'};
data/geany-1.37.1/ctags/main/field.c:636:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char c[2] = { [1] = '\0' };
data/geany-1.37.1/ctags/main/field.c:699:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/geany-1.37.1/ctags/main/field.c:703:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%ld", tag->extensionFields.endLine);
data/geany-1.37.1/ctags/main/flags.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortChar[3];
data/geany-1.37.1/ctags/main/flags.c:95:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (shortChar, "\\0");
data/geany-1.37.1/ctags/main/lcpp.c:432:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directive [MaxDirectiveName];
data/geany-1.37.1/ctags/main/lcpp.c:612:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delim[16];
data/geany-1.37.1/ctags/main/lxcmd.c:306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * argv[3];
data/geany-1.37.1/ctags/main/lxcmd.c:911:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->address.lineNumber = atol (value);
data/geany-1.37.1/ctags/main/lxcmd.c:984:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
entry->address.lineNumber = atol (p);
data/geany-1.37.1/ctags/main/main.c:353:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *const fp = fopen (fileName, "r");
data/geany-1.37.1/ctags/main/mio.c:249:44: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return mio_new_file_full (filename, mode, fopen, fclose);
data/geany-1.37.1/ctags/main/mio.c:582:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ptr, &mio->impl.mem.buf[mio->impl.mem.pos], copy_bytes);
data/geany-1.37.1/ctags/main/mio.c:712:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mio->impl.mem.buf[mio->impl.mem.pos], ptr, size * nmemb);
data/geany-1.37.1/ctags/main/mio.c:782:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&mio->impl.mem.buf[mio->impl.mem.pos], s, len);
data/geany-1.37.1/ctags/main/options.c:2501:6: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol (parameter) < 1)
data/geany-1.37.1/ctags/main/options.c:2504:29: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Option.maxRecursionDepth = atol(parameter);
data/geany-1.37.1/ctags/main/options.c:2863:8: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atol (parameter) < 0)
data/geany-1.37.1/ctags/main/options.c:2865:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Option.breakLine = atol (parameter);
data/geany-1.37.1/ctags/main/options.c:2999:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const fp = fopen (fileName, "r");
data/geany-1.37.1/ctags/main/options.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char simple[2];
data/geany-1.37.1/ctags/main/parse.c:2134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ltable, LanguageTable, sizeof (parserDefinition*) * LanguageCount);
data/geany-1.37.1/ctags/main/parse.c:2643:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[5] = {[0] = '/', [3] = '/', [4] = '\0'};
data/geany-1.37.1/ctags/main/parse.c:2792:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNum[32];
data/geany-1.37.1/ctags/main/parse.c:2799:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szNum,"%u", lang -> anonumousIdentiferId);
data/geany-1.37.1/ctags/main/ptag.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format [11];
data/geany-1.37.1/ctags/main/ptag.c:37:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (format, "%u", Option.tagFileFormat);
data/geany-1.37.1/ctags/main/read.c:526:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
src = fopen (fileName, openMode);
data/geany-1.37.1/ctags/main/read.c:954:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/geany-1.37.1/ctags/main/routines.c:427:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (CurrentDirectory + strlen (CurrentDirectory), "%c",
data/geany-1.37.1/ctags/main/routines.c:712:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive [3];
data/geany-1.37.1/ctags/main/routines.c:713:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (drive, "%c:", currentdrive ());
data/geany-1.37.1/ctags/main/routines.c:828:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (res, "../");
data/geany-1.37.1/ctags/main/routines.c:857:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp (name);
data/geany-1.37.1/ctags/main/routines.c:869:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
data/geany-1.37.1/ctags/main/routines.c:874:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (name, O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR);
data/geany-1.37.1/ctags/main/selectors.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[0x800];
data/geany-1.37.1/ctags/main/vstring.c:110:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (string->buffer + string->length, s, length);
data/geany-1.37.1/ctags/parsers/asciidoc.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kindchars[SECTION_COUNT]={ '=', '-', '~', '^', '+' };
data/geany-1.37.1/ctags/parsers/c.c:3028:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/geany-1.37.1/ctags/parsers/cobol.c:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[64];
data/geany-1.37.1/ctags/parsers/cobol.c:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char READ_KEYWORD__word[64]; \
data/geany-1.37.1/ctags/parsers/diff.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *DiffDelims[2] = {
data/geany-1.37.1/ctags/parsers/fortran.c:448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/geany-1.37.1/ctags/parsers/haskell.c:142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1001];
data/geany-1.37.1/ctags/parsers/haskell.c:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1001], arg[1001];
data/geany-1.37.1/ctags/parsers/jscript.c:493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[4] = { 0 };
data/geany-1.37.1/ctags/parsers/jscript.c:563:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cp[6 + 1]; /* up to 6 hex + possible closing '}' or invalid char */
data/geany-1.37.1/ctags/parsers/json.c:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/geany-1.37.1/ctags/parsers/php.c:242:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const names[COUNT_ACCESS] = {
data/geany-1.37.1/ctags/parsers/php.c:256:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const names[COUNT_IMPL] = {
data/geany-1.37.1/ctags/parsers/php.c:524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char delimiter[64]; /* arbitrary limit, but more is crazy anyway */
data/geany-1.37.1/ctags/parsers/rst.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kindchars[SECTION_COUNT];
data/geany-1.37.1/ctags/parsers/rst.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m [2] = { [1] = '\0' };
data/geany-1.37.1/plugins/demoproxy.c:112:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/geany-1.37.1/plugins/filebrowser.c:96:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
GtkWidget *open;
data/geany-1.37.1/plugins/filebrowser.c:117:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t w_filename[MAX_PATH];
data/geany-1.37.1/plugins/filebrowser.c:721:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (popup_items.open != NULL)
data/geany-1.37.1/plugins/filebrowser.c:722:40: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_widget_set_sensitive(popup_items.open, have_sel);
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wcForm[2] {};
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:1886:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Append(startword, numword?atoi(numword + 1):-1);
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:1896:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Append(startword, numword?atoi(numword + 1):-1);
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:2024:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:2046:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:771:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, tmputf.c_str(), tmputf.length());
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:789:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded, utf8, inputLength);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:798:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded, tmpEncoded.c_str(), tmpEncoded.length());
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:803:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(encoded, utf8, inputLength);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:1141:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(folded, mapped, lenMapped);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:1167:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCharacter[2] = "A";
data/geany-1.37.1/scintilla/gtk/ScintillaGTKAccessible.cxx:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(utf8Text, tmputf.c_str(), len);
data/geany-1.37.1/scintilla/lexers/LexAbaqus.cxx:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[256] ;
data/geany-1.37.1/scintilla/lexers/LexAsm.cxx:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexAsm.cxx:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[100];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Delimiter[HERE_DELIM_MAX]; // the Delimiter
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:483:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[500];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:484:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[10];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:544:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[500];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:561:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:687:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[HERE_DELIM_MAX];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:708:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[500];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:920:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:1011:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[8] = { '\0' }; // we're not interested in long words anyway
data/geany-1.37.1/scintilla/lexers/LexBasic.cxx:337:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexBasic.cxx:489:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[256];
data/geany-1.37.1/scintilla/lexers/LexBatch.cxx:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strBuffer[1024];
data/geany-1.37.1/scintilla/lexers/LexBatch.cxx:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[1024];
data/geany-1.37.1/scintilla/lexers/LexBatch.cxx:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wordBuffer[81]; // Word Buffer - large to catch long paths
data/geany-1.37.1/scintilla/lexers/LexBatch.cxx:141:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sKeywordBuffer[10]; // Special Keyword Buffer
data/geany-1.37.1/scintilla/lexers/LexCOBOL.cxx:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:145:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char marker[lengthMarker+1] = "";
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:936:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:1066:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:1669:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int isTrue = atoi(tokens[j+1].c_str());
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:1693:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int valA = atoi(tokens[k].c_str());
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:1694:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int valB = atoi(tokens[k+2].c_str());
data/geany-1.37.1/scintilla/lexers/LexCSS.cxx:415:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexCaml.cxx:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2000];
data/geany-1.37.1/scintilla/lexers/LexCaml.cxx:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, LexerName, n), name[n] = '\0';
data/geany-1.37.1/scintilla/lexers/LexCaml.cxx:263:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[24];
data/geany-1.37.1/scintilla/lexers/LexCmake.cxx:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20]; // The key word we are looking for has atmost 13 characters
data/geany-1.37.1/scintilla/lexers/LexCmake.cxx:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[100] = {0};
data/geany-1.37.1/scintilla/lexers/LexCmake.cxx:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowercaseWord[100] = {0};
data/geany-1.37.1/scintilla/lexers/LexCoffeeScript.cxx:183:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/geany-1.37.1/scintilla/lexers/LexD.cxx:290:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/geany-1.37.1/scintilla/lexers/LexD.cxx:352:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexDiff.cxx:48:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (lineBuffer[3] == ' ' && atoi(lineBuffer + 4) && !strchr(lineBuffer, '/'))
data/geany-1.37.1/scintilla/lexers/LexDiff.cxx:59:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(lineBuffer+4) && !strchr(lineBuffer, '/'))
data/geany-1.37.1/scintilla/lexers/LexDiff.cxx:69:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (lineBuffer[3] == ' ' && atoi(lineBuffer+4) && !strchr(lineBuffer, '/'))
data/geany-1.37.1/scintilla/lexers/LexDiff.cxx:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[DIFF_BUFFER_START_SIZE] = "";
data/geany-1.37.1/scintilla/lexers/LexErlang.cxx:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur[100];
data/geany-1.37.1/scintilla/lexers/LexForth.cxx:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexFortran.cxx:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexFortran.cxx:522:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevWord[32] = "";
data/geany-1.37.1/scintilla/lexers/LexFortran.cxx:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/geany-1.37.1/scintilla/lexers/LexHTML.cxx:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexHTML.cxx:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[30 + 1];
data/geany-1.37.1/scintilla/lexers/LexHaskell.cxx:645:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexHaskell.cxx:739:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexLaTeX.cxx:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/geany-1.37.1/scintilla/lexers/LexLaTeX.cxx:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/geany-1.37.1/scintilla/lexers/LexLaTeX.cxx:493:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *structWords[7] = {"part", "chapter", "section", "subsection",
data/geany-1.37.1/scintilla/lexers/LexLaTeX.cxx:501:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ch, buf[16];
data/geany-1.37.1/scintilla/lexers/LexLisp.cxx:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexLua.cxx:148:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexLua.cxx:210:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexLua.cxx:406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10] = "";
data/geany-1.37.1/scintilla/lexers/LexMake.cxx:118:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[1024];
data/geany-1.37.1/scintilla/lexers/LexMatlab.cxx:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexMatlab.cxx:313:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char word[100];
data/geany-1.37.1/scintilla/lexers/LexNsis.cxx:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20]; // The key word we are looking for has atmost 13 characters
data/geany-1.37.1/scintilla/lexers/LexNsis.cxx:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPascal.cxx:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPascal.cxx:377:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[11]; // Size of the longest possible keyword + one additional character + null
data/geany-1.37.1/scintilla/lexers/LexPascal.cxx:422:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPascal.cxx:457:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[11]; // Size of the longest possible keyword + one additional character + null
data/geany-1.37.1/scintilla/lexers/LexPerl.cxx:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPerl.cxx:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Delimiter[HERE_DELIM_MAX]; // the Delimiter
data/geany-1.37.1/scintilla/lexers/LexPerl.cxx:799:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPowerShell.cxx:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPowerShell.cxx:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexPython.cxx:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexR.cxx:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_KEYWORD_LENGTH];
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:715:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Delimiter[256]; // the Delimiter, limit of 256: from Perl
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:738:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevWord[MAX_KEYWORD_LENGTH + 1]; // 1 byte for zero
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:1614:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevWord[MAX_KEYWORD_LENGTH + 1];
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:1663:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevWord[MAX_KEYWORD_LENGTH + 1]; // 1 byte for zero
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:1816:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevWord[MAX_KEYWORD_LENGTH + 1]; // 1 byte for zero
data/geany-1.37.1/scintilla/lexers/LexRust.cxx:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const rustWordLists[NUM_RUST_KEYWORD_LISTS + 1] = {
data/geany-1.37.1/scintilla/lexers/LexRust.cxx:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_RUST_IDENT_CHARS + 1];
data/geany-1.37.1/scintilla/lexers/LexSQL.cxx:465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/geany-1.37.1/scintilla/lexers/LexSQL.cxx:531:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexSQL.cxx:778:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_KW_LEN + 2];
data/geany-1.37.1/scintilla/lexers/LexSmalltalk.cxx:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[256];
data/geany-1.37.1/scintilla/lexers/LexSmalltalk.cxx:181:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
radix = atoi(num + 1);
data/geany-1.37.1/scintilla/lexers/LexSmalltalk.cxx:183:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
radix = atoi(num);
data/geany-1.37.1/scintilla/lexers/LexSmalltalk.cxx:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident[256];
data/geany-1.37.1/scintilla/lexers/LexTCL.cxx:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[100];
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:88:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:261:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevWord[32] = "";
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:286:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:384:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[32];
data/geany-1.37.1/scintilla/lexers/LexVerilog.cxx:502:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexVerilog.cxx:527:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexYAML.cxx:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[100];
data/geany-1.37.1/scintilla/lexers/LexYAML.cxx:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[1024] = "";
data/geany-1.37.1/scintilla/lexlib/LexAccessor.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufferSize+1];
data/geany-1.37.1/scintilla/lexlib/LexAccessor.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char styleBuf[bufferSize];
data/geany-1.37.1/scintilla/lexlib/OptionSet.h:46:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bool option = atoi(val) != 0;
data/geany-1.37.1/scintilla/lexlib/OptionSet.h:54:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int option = atoi(val);
data/geany-1.37.1/scintilla/lexlib/PropSetSimple.cxx:145:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, val.c_str(), n+1);
data/geany-1.37.1/scintilla/lexlib/PropSetSimple.cxx:154:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(val.c_str());
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:41:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **keywords = new char *[words + 1];
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(listTemp, s, lenS);
data/geany-1.37.1/scintilla/src/AutoComplete.cxx:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[maxItemLen];
data/geany-1.37.1/scintilla/src/AutoComplete.cxx:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(item, list + IndexSort.indices[sortMatrix[i] * 2], wordLen);
data/geany-1.37.1/scintilla/src/AutoComplete.cxx:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[maxItemLen];
data/geany-1.37.1/scintilla/src/AutoComplete.cxx:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[maxItemLen];
data/geany-1.37.1/scintilla/src/AutoComplete.cxx:281:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[maxItemLen];
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:575:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conversion[maxConversionLength+1];
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:622:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[UTF8MaxBytes + 1]{};
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:680:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowerUTF8[UTF8MaxBytes+1];
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:682:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upperUTF8[UTF8MaxBytes+1];
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:720:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char originUTF8[lenUTF8]{};
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:721:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char foldedUTF8[lenUTF8]{};
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:722:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowerUTF8[lenUTF8]{};
data/geany-1.37.1/scintilla/src/CaseConvert.cxx:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char upperUTF8[lenUTF8]{};
data/geany-1.37.1/scintilla/src/CaseFolder.h:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapping[256];
data/geany-1.37.1/scintilla/src/CellBuffer.cxx:319:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data[0], data_, lenData_);
data/geany-1.37.1/scintilla/src/CellBuffer.cxx:1102:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char back3[3] = {chBeforePrev, chPrev, chAt};
data/geany-1.37.1/scintilla/src/CellBuffer.cxx:1198:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char next3[3] = {ch, chNext,
data/geany-1.37.1/scintilla/src/CharClassify.h:26:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charClass[maxChar]; // not type cc to save space
data/geany-1.37.1/scintilla/src/Document.cxx:645:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = { leadByte, 0, 0, 0 };
data/geany-1.37.1/scintilla/src/Document.cxx:681:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = {leadByte,0,0,0};
data/geany-1.37.1/scintilla/src/Document.cxx:782:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = {leadByte,0,0,0};
data/geany-1.37.1/scintilla/src/Document.cxx:864:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = { leadByte, 0, 0, 0 };
data/geany-1.37.1/scintilla/src/Document.cxx:903:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = { 0, 0, 0, 0 };
data/geany-1.37.1/scintilla/src/Document.cxx:976:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = {leadByte,0,0,0};
data/geany-1.37.1/scintilla/src/Document.cxx:1987:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char charBytes[UTF8MaxBytes] = { leadByte, 0, 0, 0 };
data/geany-1.37.1/scintilla/src/Document.cxx:2056:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[UTF8MaxBytes + 1] = "";
data/geany-1.37.1/scintilla/src/Document.cxx:2057:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char folded[UTF8MaxBytes * maxFoldingExpansion + 1] = "";
data/geany-1.37.1/scintilla/src/Document.cxx:2115:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[maxBytesCharacter + 1];
data/geany-1.37.1/scintilla/src/Document.cxx:2122:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char folded[maxBytesCharacter * maxFoldingExpansion + 1];
data/geany-1.37.1/scintilla/src/Document.cxx:2148:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char folded[2];
data/geany-1.37.1/scintilla/src/Document.cxx:2874:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffered[2];
data/geany-1.37.1/scintilla/src/EditView.cxx:922:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexits[4] = "";
data/geany-1.37.1/scintilla/src/EditView.cxx:935:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexits, "x%2X", chEOL);
data/geany-1.37.1/scintilla/src/EditView.cxx:1832:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char cc[2] = { static_cast<char>(vsDraw.controlCharSymbol), '\0' };
data/geany-1.37.1/scintilla/src/Editor.cxx:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char c[2] = { static_cast<char>(j), 0 };
data/geany-1.37.1/scintilla/src/Editor.cxx:232:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char c1[3] = { '\xc2', static_cast<char>(0x80+j), 0 };
data/geany-1.37.1/scintilla/src/Editor.cxx:242:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hiByte[2] = { static_cast<char>(k), 0 };
data/geany-1.37.1/scintilla/src/Editor.cxx:243:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
data/geany-1.37.1/scintilla/src/Editor.cxx:244:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexits, "x%2X", k);
data/geany-1.37.1/scintilla/src/Editor.cxx:252:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char hiByte[2] = { ch, 0 };
data/geany-1.37.1/scintilla/src/Editor.cxx:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexits[5]; // Really only needs 4 but that causes warning from gcc 7.1
data/geany-1.37.1/scintilla/src/Editor.cxx:254:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexits, "x%2X", k);
data/geany-1.37.1/scintilla/src/Editor.cxx:1895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/geany-1.37.1/scintilla/src/Editor.cxx:3107:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[2];
data/geany-1.37.1/scintilla/src/Editor.cxx:5587:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[3] = "\\?";
data/geany-1.37.1/scintilla/src/Editor.cxx:5594:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagValue, text, length + 1);
data/geany-1.37.1/scintilla/src/Editor.cxx:5805:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val, len+1);
data/geany-1.37.1/scintilla/src/Editor.cxx:5817:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, val, len);
data/geany-1.37.1/scintilla/src/Editor.cxx:5973:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, selectedText.Data(), iChar);
data/geany-1.37.1/scintilla/src/ExternalLexer.cxx:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fp, &function, sizeof(T));
data/geany-1.37.1/scintilla/src/ExternalLexer.cxx:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lexname[100] = "";
data/geany-1.37.1/scintilla/src/LineMarker.cxx:506:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char character[1];
data/geany-1.37.1/scintilla/src/MarginView.cxx:379:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[100] = "";
data/geany-1.37.1/scintilla/src/MarginView.cxx:382:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%c%c %03X %03X",
data/geany-1.37.1/scintilla/src/MarginView.cxx:390:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(number, "%0X", state);
data/geany-1.37.1/scintilla/src/PerLine.cxx:427:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pa+sizeof(AnnotationHeader), text, pah->length);
data/geany-1.37.1/scintilla/src/PerLine.cxx:459:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(allocation.get() + sizeof(AnnotationHeader), annotations[line].get() + sizeof(AnnotationHeader), pahSource->length);
data/geany-1.37.1/scintilla/src/PerLine.cxx:465:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(annotations[line].get() + sizeof(AnnotationHeader) + pah->length, styles, pah->length);
data/geany-1.37.1/scintilla/src/PositionCache.cxx:574:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(positions.get(), other.positions.get(), lenData * sizeof(XYPOSITION));
data/geany-1.37.1/scintilla/src/PositionCache.cxx:589:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&positions[len], s_, len);
data/geany-1.37.1/scintilla/src/PositionCache.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bracePreviousStyles[2];
data/geany-1.37.1/scintilla/src/RESearch.h:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nfa[MAXNFA]; /* automaton */
data/geany-1.37.1/scintilla/src/RESearch.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bittab[BITBLK]; /* bit table for CCL pre-set bits */
data/geany-1.37.1/scintilla/src/ScintillaBase.cxx:456:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, selected.c_str(), selected.length()+1);
data/geany-1.37.1/scintilla/src/UniConversion.cxx:254:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char UTF8BytesOfLead[256] = {
data/geany-1.37.1/scintilla/src/UniConversion.h:31:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const unsigned char UTF8BytesOfLead[256];
data/geany-1.37.1/scintilla/src/UniqueString.cxx:25:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upcNew.get(), text, len + 1);
data/geany-1.37.1/scintilla/src/ViewStyle.cxx:345:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char cc[2] = { static_cast<char>(controlCharSymbol), '\0' };
data/geany-1.37.1/scintilla/src/XPM.cxx:117:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(line0);
data/geany-1.37.1/scintilla/src/XPM.cxx:119:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(line0);
data/geany-1.37.1/scintilla/src/XPM.cxx:122:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nColours = atoi(line0);
data/geany-1.37.1/scintilla/src/XPM.cxx:124:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(line0) != 1) {
data/geany-1.37.1/scintilla/src/XPM.cxx:201:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strings += atoi(line0);
data/geany-1.37.1/scintilla/src/XPM.cxx:204:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
strings += atoi(line0);
data/geany-1.37.1/src/build.c:2326:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmdbuf, "%02u", cmd);
data/geany-1.37.1/src/build.c:2544:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cmdbuf, "%02u", cmd);
data/geany-1.37.1/src/callbacks.c:882:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*line_no = atoi(text + 1);
data/geany-1.37.1/src/callbacks.c:887:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*line_no = atoi(text) - 1;
data/geany-1.37.1/src/callbacks.c:1882:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(label);
data/geany-1.37.1/src/dialogs.c:77:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} open;
data/geany-1.37.1/src/dialogs.c:140:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filesel_state.open.more_options_visible = gtk_expander_get_expanded(GTK_EXPANDER(expander));
data/geany-1.37.1/src/dialogs.c:141:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filesel_state.open.filter_idx = file_chooser_get_filter_idx(GTK_FILE_CHOOSER(dialog));
data/geany-1.37.1/src/dialogs.c:142:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filesel_state.open.filetype_idx = filetype_combo_box_get_active_filetype(GTK_COMBO_BOX(filetype_combo));
data/geany-1.37.1/src/dialogs.c:145:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (filesel_state.open.filetype_idx >= 0)
data/geany-1.37.1/src/dialogs.c:146:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ft = filetypes_index(filesel_state.open.filetype_idx);
data/geany-1.37.1/src/dialogs.c:148:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filesel_state.open.encoding_idx = ui_encodings_combo_box_get_active_encoding(GTK_COMBO_BOX(encoding_combo));
data/geany-1.37.1/src/dialogs.c:149:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (filesel_state.open.encoding_idx >= 0 && filesel_state.open.encoding_idx < GEANY_ENCODINGS_MAX)
data/geany-1.37.1/src/dialogs.c:149:61: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (filesel_state.open.encoding_idx >= 0 && filesel_state.open.encoding_idx < GEANY_ENCODINGS_MAX)
data/geany-1.37.1/src/dialogs.c:150:38: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
charset = encodings[filesel_state.open.encoding_idx].charset;
data/geany-1.37.1/src/dialogs.c:193:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filesel_state.open.show_hidden = gtk_toggle_button_get_active(togglebutton);
data/geany-1.37.1/src/dialogs.c:194:75: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_file_chooser_set_show_hidden(GTK_FILE_CHOOSER(dialog), filesel_state.open.show_hidden);
data/geany-1.37.1/src/dialogs.c:434:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filesel_state.open.filter_idx = file_chooser_get_filter_idx(GTK_FILE_CHOOSER(dialog));
data/geany-1.37.1/src/dialogs.c:440:71: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_chooser_set_filter_idx(GTK_FILE_CHOOSER(dialog), filesel_state.open.filter_idx);
data/geany-1.37.1/src/dialogs.c:442:66: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_expander_set_expanded(GTK_EXPANDER(expander), filesel_state.open.more_options_visible);
data/geany-1.37.1/src/dialogs.c:443:78: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(check_hidden), filesel_state.open.show_hidden);
data/geany-1.37.1/src/dialogs.c:444:90: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ui_encodings_combo_box_set_active_encoding(GTK_COMBO_BOX(encoding_combo), filesel_state.open.encoding_idx);
data/geany-1.37.1/src/dialogs.c:445:86: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filetype_combo_box_set_active_filetype(GTK_COMBO_BOX(filetype_combo), filesel_state.open.filetype_idx);
data/geany-1.37.1/src/keyfile.c:1203:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pos = atoi(tmp[0]);
data/geany-1.37.1/src/keyfile.c:1205:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ro = atoi(tmp[2]);
data/geany-1.37.1/src/keyfile.c:1208:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
encoding = encodings_get_charset_from_index(atoi(tmp[3]));
data/geany-1.37.1/src/keyfile.c:1214:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indent_type = atoi(tmp[4]);
data/geany-1.37.1/src/keyfile.c:1215:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto_indent = atoi(tmp[5]);
data/geany-1.37.1/src/keyfile.c:1216:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
line_wrapping = atoi(tmp[6]);
data/geany-1.37.1/src/keyfile.c:1222:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
line_breaking = atoi(tmp[8]);
data/geany-1.37.1/src/keyfile.c:1235:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
indent_width = atoi(tmp[9]);
data/geany-1.37.1/src/libmain.c:382:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint number = atoi(&filename[i + 1]);
data/geany-1.37.1/src/libmain.c:559:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl_options.goto_line = atoi((*argv)[i] + 1);
data/geany-1.37.1/src/prefix.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[5000];
data/geany-1.37.1/src/prefix.c:136:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("/proc/self/maps", "r");
data/geany-1.37.1/src/search.c:1158:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *back_button[2] = { "btn_previous" , "check_back" };
data/geany-1.37.1/src/socket.c:710:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl_options.goto_line = atoi(buf);
data/geany-1.37.1/src/socket.c:719:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cl_options.goto_column = atoi(buf);
data/geany-1.37.1/src/spawn.c:697:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(full_argv + cl_argc, argv, argc * sizeof(gchar *));
data/geany-1.37.1/src/spawn.c:1398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[0x1000]; /* larger portions for spawn < file */
data/geany-1.37.1/src/spawn.c:1477:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[0x100];
data/geany-1.37.1/src/spawn.c:1494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[0x100];
data/geany-1.37.1/src/spawn.c:1498:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char working_directory[0x100];
data/geany-1.37.1/src/spawn.c:1499:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[4][0x100];
data/geany-1.37.1/src/spawn.c:1500:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envs[4][0x100];
data/geany-1.37.1/src/spawn.c:1536:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[0x100];
data/geany-1.37.1/src/spawn.c:1566:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_line[0x100];
data/geany-1.37.1/src/stash.c:1069:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value->data.tree_int = atoi(new_text);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:261:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag->line = atol((gchar*)start + 1);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:264:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag->local = atoi((gchar*)start + 1);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:267:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag->type = (TMTagType) atoi((gchar*)start + 1);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:276:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag->pointerOrder = atoi((gchar*)start + 1);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:399:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag->line = atol(p);
data/geany-1.37.1/src/tagmanager/tm_source_file.c:444:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag->line = atol(value);
data/geany-1.37.1/src/ui_utils.c:2626:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(items, arr, sizeof(arr));
data/geany-1.37.1/src/utils.c:631:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, filename, len);
data/geany-1.37.1/src/utils.c:1827:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, str->str, str->len + 1);
data/geany-1.37.1/src/utils.c:2187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(names, file_names, num * sizeof(gchar *));
data/geany-1.37.1/src/win32.c:138:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t title[4096];
data/geany-1.37.1/src/win32.c:176:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, string, len, title, G_N_ELEMENTS(title));
data/geany-1.37.1/src/win32.c:186:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t title[4096];
data/geany-1.37.1/src/win32.c:195:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, filter, len, title, G_N_ELEMENTS(title));
data/geany-1.37.1/src/win32.c:206:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t title[1024];
data/geany-1.37.1/src/win32.c:223:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, string, len, title, G_N_ELEMENTS(title));
data/geany-1.37.1/src/win32.c:234:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t w_dir[MAX_PATH];
data/geany-1.37.1/src/win32.c:242:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, result, -1, w_dir, G_N_ELEMENTS(w_dir));
data/geany-1.37.1/src/win32.c:268:11: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t szDir[MAX_PATH];
data/geany-1.37.1/src/win32.c:288:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t fname[MAX_PATH];
data/geany-1.37.1/src/win32.c:289:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_title[512];
data/geany-1.37.1/src/win32.c:291:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, title, -1, w_title, G_N_ELEMENTS(w_title));
data/geany-1.37.1/src/win32.c:332:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t fname[MAX_PATH];
data/geany-1.37.1/src/win32.c:333:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_title[512];
data/geany-1.37.1/src/win32.c:338:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, title, -1, w_title, G_N_ELEMENTS(w_title));
data/geany-1.37.1/src/win32.c:392:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t fname[MAX_PATH];
data/geany-1.37.1/src/win32.c:393:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_dir[MAX_PATH];
data/geany-1.37.1/src/win32.c:394:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_title[512];
data/geany-1.37.1/src/win32.c:399:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, initial_dir, -1, w_dir, G_N_ELEMENTS(w_dir));
data/geany-1.37.1/src/win32.c:401:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, title, -1, w_title, G_N_ELEMENTS(w_title));
data/geany-1.37.1/src/win32.c:474:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_file[MAX_PATH];
data/geany-1.37.1/src/win32.c:475:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_title[512];
data/geany-1.37.1/src/win32.c:481:6: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
n = MultiByteToWideChar(CP_UTF8, 0, DOC_FILENAME(doc), -1, w_file, G_N_ELEMENTS(w_file));
data/geany-1.37.1/src/win32.c:488:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, doc->file_type->extension, -1, &w_file[n],
data/geany-1.37.1/src/win32.c:492:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, title, -1, w_title, G_N_ELEMENTS(w_title));
data/geany-1.37.1/src/win32.c:537:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_file[MAX_PATH];
data/geany-1.37.1/src/win32.c:538:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w_title[512];
data/geany-1.37.1/src/win32.c:543:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, initial_file, -1, w_file, G_N_ELEMENTS(w_file));
data/geany-1.37.1/src/win32.c:545:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, title, -1, w_title, G_N_ELEMENTS(w_title));
data/geany-1.37.1/src/win32.c:639:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t fname[MAX_PATH];
data/geany-1.37.1/src/win32.c:652:4: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, filename, -1, fname, G_N_ELEMENTS(fname));
data/geany-1.37.1/src/win32.c:718:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t w_msg[512];
data/geany-1.37.1/src/win32.c:719:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t w_title[512];
data/geany-1.37.1/src/win32.c:751:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, msg, -1, w_msg, G_N_ELEMENTS(w_msg));
data/geany-1.37.1/src/win32.c:752:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, title, -1, w_title, G_N_ELEMENTS(w_title));
data/geany-1.37.1/src/win32.c:772:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t w_dir[MAX_PATH];
data/geany-1.37.1/src/win32.c:773:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, dir, -1, w_dir, G_N_ELEMENTS(w_dir));
data/geany-1.37.1/src/win32.c:894:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t expCmdline[32768]; /* 32768 is the limit for ExpandEnvironmentStrings() */
data/geany-1.37.1/src/win32.c:955:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wtarget[MAX_PATH];
data/geany-1.37.1/src/win32.c:1013:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t path[MAX_PATH];
data/geany-1.37.1/tests/ctags/static_array.c:2:8: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static wchar_t charset2uni[256] = {
data/geany-1.37.1/ctags/main/args.c:47:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, start, length);
data/geany-1.37.1/ctags/main/args.c:67:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, *next, length);
data/geany-1.37.1/ctags/main/args.c:101:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp);
data/geany-1.37.1/ctags/main/args.c:109:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp);
data/geany-1.37.1/ctags/main/args.c:129:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp);
data/geany-1.37.1/ctags/main/args.c:136:8: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp);
data/geany-1.37.1/ctags/main/args.c:142:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (fp);
data/geany-1.37.1/ctags/main/entry.c:271:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entryLength = strlen (entry);
data/geany-1.37.1/ctags/main/entry.c:283:8: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf (line + entryLength, "%15s%c", classType, &tab) == 2 &&
data/geany-1.37.1/ctags/main/entry.c:313:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *address = xMalloc (strlen (excmd) + 1, char);
data/geany-1.37.1/ctags/main/entry.c:315:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strspn (address,"0123456789") == strlen (address))
data/geany-1.37.1/ctags/main/entry.c:326:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t fieldLength = strlen (line) + 1;
data/geany-1.37.1/ctags/main/entry.c:350:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (field (TAB1)) == 1 &&
data/geany-1.37.1/ctags/main/entry.c:351:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (field (TAB2)) == 1 &&
data/geany-1.37.1/ctags/main/entry.c:353:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
field (SRC_FILE) [strlen (field (SRC_FILE)) - 1] != ';' &&
data/geany-1.37.1/ctags/main/entry.c:729:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (token);
data/geany-1.37.1/ctags/main/entry.c:854:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen (line);
data/geany-1.37.1/ctags/main/entry.c:1149:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rememberMaxLengths (strlen (tag->name), (size_t) length);
data/geany-1.37.1/ctags/main/entry.c:1170:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rememberMaxLengths (strlen (desc->name), (size_t) length);
data/geany-1.37.1/ctags/main/field.c:227:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameWithPrefix = eMalloc (sizeof CTAGS_FIELD_PREFIX + strlen (fdesc->spec->name) + 1);
data/geany-1.37.1/ctags/main/field.c:885:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (spec->name); i++)
data/geany-1.37.1/ctags/main/field.c:907:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameWithPrefix = eMalloc (sizeof CTAGS_FIELD_PREFIX + strlen (spec->name) + 1);
data/geany-1.37.1/ctags/main/fmt.c:90:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (str);
data/geany-1.37.1/ctags/main/lregex.c:234:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (**name != '\0' && (*name) [strlen (*name) - 1] == '\\')
data/geany-1.37.1/ctags/main/lregex.c:540:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (*kindName, k, comma - k);
data/geany-1.37.1/ctags/main/lxcmd.c:932:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefixLength = strlen (PSEUDO_TAG_PREFIX);
data/geany-1.37.1/ctags/main/lxcmd.c:1025:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefixLength = strlen (PSEUDO_TAG_PREFIX);
data/geany-1.37.1/ctags/main/main.c:503:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(var, sv, strlen (sv)) == 0)
data/geany-1.37.1/ctags/main/mio.c:779:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (s);
data/geany-1.37.1/ctags/main/mio.c:895:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc (mio->impl.file.fp);
data/geany-1.37.1/ctags/main/options.c:714:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (prefix);
data/geany-1.37.1/ctags/main/options.c:1471:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*tail = parameter + strlen (parameter);
data/geany-1.37.1/ctags/main/options.c:1572:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((size_t) (p - list) == strlen (deflt) &&
data/geany-1.37.1/ctags/main/options.c:2167:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t nameLen = strlen (name);
data/geany-1.37.1/ctags/main/options.c:2712:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PREFIX_LEN strlen(PREFIX)
data/geany-1.37.1/ctags/main/options.c:2727:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (lang);
data/geany-1.37.1/ctags/main/options.c:3083:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dent->d_name);
data/geany-1.37.1/ctags/main/options.c:3095:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dent->d_name);
data/geany-1.37.1/ctags/main/parse.c:490:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("-*-");
data/geany-1.37.1/ctags/main/parse.c:495:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, "mode:", strlen("mode:")) == 0)
data/geany-1.37.1/ctags/main/parse.c:498:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen("mode:");
data/geany-1.37.1/ctags/main/parse.c:517:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(p, "-*-", strlen("-*-")) != 0)
data/geany-1.37.1/ctags/main/parse.c:560:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ("mode:");
data/geany-1.37.1/ctags/main/parse.c:615:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(filetype_prefix[i]);
data/geany-1.37.1/ctags/main/parse.c:665:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(prefix[k]);
data/geany-1.37.1/ctags/main/parse.c:1821:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PREFIX_LEN strlen(PREFIX)
data/geany-1.37.1/ctags/main/parse.c:1857:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (lang);
data/geany-1.37.1/ctags/main/pcoproc.c:291:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(in)) != EOF)
data/geany-1.37.1/ctags/main/read.c:957:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pat[strlen(pat) - 1] = '\0';
data/geany-1.37.1/ctags/main/read.c:990:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line);
data/geany-1.37.1/ctags/main/read.c:1041:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc (pp);
data/geany-1.37.1/ctags/main/routines.c:284:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length = strlen (substr);
data/geany-1.37.1/ctags/main/routines.c:296:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length = strlen (substr);
data/geany-1.37.1/ctags/main/routines.c:299:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = str + strlen(str) - length ; p >= str ; --p)
data/geany-1.37.1/ctags/main/routines.c:307:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* result = xMalloc (strlen (str) + 1, char);
data/geany-1.37.1/ctags/main/routines.c:316:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (result, str, len);
data/geany-1.37.1/ctags/main/routines.c:342:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* const result = xMalloc (strlen (str) + 1, char);
data/geany-1.37.1/ctags/main/routines.c:354:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* const result = xMalloc (strlen (str) + 1, char);
data/geany-1.37.1/ctags/main/routines.c:424:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (CurrentDirectory [strlen (CurrentDirectory) - (size_t) 1] !=
data/geany-1.37.1/ctags/main/routines.c:427:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (CurrentDirectory + strlen (CurrentDirectory), "%c",
data/geany-1.37.1/ctags/main/routines.c:492:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (path [strlen (path) - 1] == PATH_SEPARATOR)
data/geany-1.37.1/ctags/main/routines.c:493:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path [strlen (path) - 1] = '\0';
data/geany-1.37.1/ctags/main/routines.c:494:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (! result && strlen (path) > (size_t) 1)
data/geany-1.37.1/ctags/main/routines.c:573:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0 ; i < strlen (PathDelimiters) ; ++i)
data/geany-1.37.1/ctags/main/routines.c:669:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int lastChar = path [strlen (path) - 1];
data/geany-1.37.1/ctags/main/routines.c:686:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
data/geany-1.37.1/ctags/main/routines.c:686:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
data/geany-1.37.1/ctags/main/routines.c:686:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
data/geany-1.37.1/ctags/main/routines.c:746:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (cp, slashp + 3, strlen (slashp + 3) + 1);
data/geany-1.37.1/ctags/main/routines.c:752:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (slashp, slashp + 2, strlen (slashp + 2) + 1);
data/geany-1.37.1/ctags/main/routines.c:825:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = xMalloc (3 * i + strlen (fp + 1) + 1, char);
data/geany-1.37.1/ctags/main/routines.c:855:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = xMalloc (strlen (tmpdir) + 1 + strlen (pattern) + 1, char);
data/geany-1.37.1/ctags/main/routines.c:855:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = xMalloc (strlen (tmpdir) + 1 + strlen (pattern) + 1, char);
data/geany-1.37.1/ctags/main/selectors.c:38:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp(line, prefix, strlen(prefix)) == 0? true: false)
data/geany-1.37.1/ctags/main/selectors.c:152:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *p = line + strlen ("function ");
data/geany-1.37.1/ctags/main/sort.c:66:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length = 4 + strlen (sortOrder1) + strlen (sortOrder2) +
data/geany-1.37.1/ctags/main/sort.c:66:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length = 4 + strlen (sortOrder1) + strlen (sortOrder2) +
data/geany-1.37.1/ctags/main/sort.c:67:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (sortCommand) + (2 * strlen (tagFileName ()));
data/geany-1.37.1/ctags/main/sort.c:67:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (sortCommand) + (2 * strlen (tagFileName ()));
data/geany-1.37.1/ctags/main/sort.c:218:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t stringSize = strlen (line) + 1;
data/geany-1.37.1/ctags/main/vstring.c:127:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (s);
data/geany-1.37.1/ctags/main/vstring.c:142:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (s);
data/geany-1.37.1/ctags/main/vstring.c:248:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string->length = strlen (string->buffer);
data/geany-1.37.1/ctags/parsers/asciidoc.c:329:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int line_len = strlen((const char*) line);
data/geany-1.37.1/ctags/parsers/basic.c:168:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen (kw->token); i++)
data/geany-1.37.1/ctags/parsers/basic.c:203:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char const *end = p + strlen (p) - 1;
data/geany-1.37.1/ctags/parsers/perl.c:76:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = (white!=NULL) ? (size_t)(white-word) : strlen (word);
data/geany-1.37.1/ctags/parsers/perl.c:79:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (id, word, len);
data/geany-1.37.1/ctags/parsers/python.c:681:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t kw_len = strlen (keyword);
data/geany-1.37.1/ctags/parsers/rst.c:326:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int line_len = strlen((const char*) line);
data/geany-1.37.1/ctags/parsers/ruby.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (e && strlen (e->name) > 0 && (!e->placeholder))
data/geany-1.37.1/ctags/parsers/ruby.c:95:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int literal_length = strlen (literal);
data/geany-1.37.1/ctags/parsers/ruby.c:96:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int s_length = strlen ((const char *)*s);
data/geany-1.37.1/ctags/parsers/ruby.c:487:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (e && e->kindIndex == K_CLASS && strlen (e->name) == 0)
data/geany-1.37.1/ctags/parsers/tcl.c:57:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (word);
data/geany-1.37.1/ctags/parsers/txt2tags.c:119:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = line + strlen((const char *) line) - 1;
data/geany-1.37.1/plugins/filebrowser.c:140:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(base_name);
data/geany-1.37.1/plugins/filebrowser.c:409:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(current_dir);
data/geany-1.37.1/plugins/htmlchars.c:660:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
selection_len = strlen(selection);
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:802:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pango_layout_set_text(layout, utfForm.c_str(), strlen(utfForm.c_str()));
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:805:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ClusterIterator iti(layout, strlen(utfForm.c_str()));
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:1710:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(s);
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:1802:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && (0 == strncmp(prefix, s, strlen(prefix)))) {
data/geany-1.37.1/scintilla/gtk/PlatGTK.cxx:1876:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t count = strlen(listText) + 1;
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:425:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
validUTF8 = g_utf8_validate(str, strlen(str), nullptr);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:426:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uniStr = g_utf8_to_ucs4_fast(str, strlen(str), &uniStrLen);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:457:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pes.str) > 0) {
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:786:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const Sci::Position inputLength = (lengthForEncode >= 0) ? lengthForEncode : strlen(utf8);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:1139:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lenMapped = strlen(mapped);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:1175:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string mappedBack = ConvertText(mapped, strlen(mapped),
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:1232:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return std::string(mapper.mapped, strlen(mapper.mapped));
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:1238:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return ConvertText(mapper.mapped, strlen(mapper.mapped), charSetBuffer, "UTF-8", false);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:2181:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int lengthInserted = pdoc->InsertString(CurrentPosition(), event->string, strlen(event->string));
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:2289:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const glong charactersLen = g_utf8_strlen(u8Str, strlen(u8Str));
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:2359:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gunichar *uniStr = g_utf8_to_ucs4_fast(commitStr, strlen(commitStr), &uniStrLen);
data/geany-1.37.1/scintilla/gtk/ScintillaGTK.cxx:2461:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pes.str) > 0) {
data/geany-1.37.1/scintilla/gtk/ScintillaGTKAccessible.cxx:750:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(text);
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:695:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] == '\r')
data/geany-1.37.1/scintilla/lexers/LexBash.cxx:696:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s) - 1] = '\0';
data/geany-1.37.1/scintilla/lexers/LexBatch.cxx:70:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(strBuffer, lineBuffer, endPos);
data/geany-1.37.1/scintilla/lexers/LexCPP.cxx:957:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lenS = strlen(s);
data/geany-1.37.1/scintilla/lexers/LexCaml.cxx:136:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(LexerName);
data/geany-1.37.1/scintilla/lexers/LexCmake.cxx:142:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(word) > 3 ) {
data/geany-1.37.1/scintilla/lexers/LexCmake.cxx:143:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( word[1] == '{' && word[strlen(word)-1] == '}' )
data/geany-1.37.1/scintilla/lexers/LexFortran.cxx:679:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(prevWord, "");
data/geany-1.37.1/scintilla/lexers/LexHaskell.cxx:571:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sc.Forward(static_cast<int>(strlen("\\begin{code}")));
data/geany-1.37.1/scintilla/lexers/LexHaskell.cxx:592:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sc.Forward(static_cast<int>(strlen("\\end{code}")));
data/geany-1.37.1/scintilla/lexers/LexLaTeX.cxx:156:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Sci_PositionU l = static_cast<Sci_PositionU>(strlen(needle));
data/geany-1.37.1/scintilla/lexers/LexNsis.cxx:238:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(s) > 3 )
data/geany-1.37.1/scintilla/lexers/LexNsis.cxx:240:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( s[1] == '{' && s[strlen(s)-1] == '}' )
data/geany-1.37.1/scintilla/lexers/LexRuby.cxx:151:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((pos + static_cast<int>(strlen(val))) >= lengthDoc) {
data/geany-1.37.1/scintilla/lexers/LexTCL.cxx:151:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (w[strlen(w)-1]=='\r')
data/geany-1.37.1/scintilla/lexers/LexTCL.cxx:152:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w[strlen(w)-1]=0;
data/geany-1.37.1/scintilla/lexers/LexTCL.cxx:165:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (sc.GetRelative(-static_cast<int>(strlen(s))-1) == '{' &&
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:300:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=j+static_cast<Sci_PositionU>(strlen(prevWord)); j<endPos; j++)
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:308:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(prevWord, ";");
data/geany-1.37.1/scintilla/lexers/LexVHDL.cxx:375:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(prevWord, ";");
data/geany-1.37.1/scintilla/lexers/LexYAML.cxx:60:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s, lineBuffer, len);
data/geany-1.37.1/scintilla/lexlib/LexerBase.cxx:65:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
props.Set(key, val, strlen(key), strlen(val));
data/geany-1.37.1/scintilla/lexlib/LexerBase.cxx:65:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
props.Set(key, val, strlen(key), strlen(val));
data/geany-1.37.1/scintilla/lexlib/SparseState.h:85:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
different = !std::equal(low, states.end(), other.states.begin());
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:120:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t lenS = strlen(s) + 1;
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:272:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t suffixLengthA = strlen(a);
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:273:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t suffixLengthB = strlen(b);
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:291:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t suffixLengthA = strlen(a);
data/geany-1.37.1/scintilla/lexlib/WordList.cxx:292:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t suffixLengthB = strlen(b);
data/geany-1.37.1/scintilla/src/AutoComplete.cxx:228:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t lenWord = strlen(word);
data/geany-1.37.1/scintilla/src/CallTip.cxx:203:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chunkEnd = chunkVal + strlen(chunkVal);
data/geany-1.37.1/scintilla/src/Document.cxx:3133:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::wstring ws = WStringFromUTF8(s, strlen(s));
data/geany-1.37.1/scintilla/src/EditView.cxx:829:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcSegment.top + vsDraw.maxAscent, s, static_cast<int>(s ? strlen(s) : 0),
data/geany-1.37.1/scintilla/src/EditView.cxx:1112:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int lengthFoldDisplayText = static_cast<int>(strlen(foldDisplayText));
data/geany-1.37.1/scintilla/src/EditView.cxx:1222:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rcSegment.left += (static_cast<int>(surface->WidthText(fontText, textFoldDisplay, static_cast<int>(strlen(textFoldDisplay)))) + vsDraw.aveCharWidth);
data/geany-1.37.1/scintilla/src/EditView.cxx:2373:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"99999" lineNumberPrintSpace, 5 + static_cast<int>(strlen(lineNumberPrintSpace))));
data/geany-1.37.1/scintilla/src/Editor.cxx:1061:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdoc->InsertString(pdoc->Length(), eol, strlen(eol));
data/geany-1.37.1/scintilla/src/Editor.cxx:1066:101: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const Sci::Position lengthInserted = pdoc->InsertString(CurrentPosition() + selectionLength, eol, strlen(eol));
data/geany-1.37.1/scintilla/src/Editor.cxx:1648:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eol, strlen(eol));
data/geany-1.37.1/scintilla/src/Editor.cxx:1827:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return Sci::lround(surface->WidthText(vs.styles[style].font, text, static_cast<int>(strlen(text))));
data/geany-1.37.1/scintilla/src/Editor.cxx:2085:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const Sci::Position length = strlen(endline);
data/geany-1.37.1/scintilla/src/Editor.cxx:3038:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
eolLen = strlen(eol);
data/geany-1.37.1/scintilla/src/Editor.cxx:3093:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const Sci::Position insertLength = pdoc->InsertString(positionInsert, eol, strlen(eol));
data/geany-1.37.1/scintilla/src/Editor.cxx:4068:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Sci::Position lengthFound = strlen(ft->lpstrText);
data/geany-1.37.1/scintilla/src/Editor.cxx:4117:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Sci::Position lengthFound = strlen(txt);
data/geany-1.37.1/scintilla/src/Editor.cxx:4364:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DropAt(position, value, strlen(value), moving, rectangular);
data/geany-1.37.1/scintilla/src/Editor.cxx:5604:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(text);
data/geany-1.37.1/scintilla/src/Editor.cxx:5801:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = val ? strlen(val) : 0;
data/geany-1.37.1/scintilla/src/Editor.cxx:5852:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdoc->InsertString(0, text, strlen(text));
data/geany-1.37.1/scintilla/src/Editor.cxx:6012:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sel.MainCaret(), replacement, strlen(replacement));
data/geany-1.37.1/scintilla/src/Editor.cxx:6222:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const Sci::Position lengthInserted = pdoc->InsertString(insertPos, sz, strlen(sz));
data/geany-1.37.1/scintilla/src/PerLine.cxx:420:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
annotations[line] = AllocateAnnotation(strlen(text), style);
data/geany-1.37.1/scintilla/src/PerLine.cxx:425:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pah->length = static_cast<int>(strlen(text));
data/geany-1.37.1/scintilla/src/ScintillaBase.cxx:262:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(typeSep-list) : strlen(list);
data/geany-1.37.1/scintilla/src/ScintillaBase.cxx:722:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
props.Set(key, val, strlen(key), strlen(val));
data/geany-1.37.1/scintilla/src/ScintillaBase.cxx:722:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
props.Set(key, val, strlen(key), strlen(val));
data/geany-1.37.1/scintilla/src/UniqueString.cxx:23:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t len = strlen(text);
data/geany-1.37.1/src/build.c:311:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(l = strlen((*(cl[j][i]))[k].entries[n])) > m)
data/geany-1.37.1/src/build.c:1075:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(input);
data/geany-1.37.1/src/build.c:2107:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(b);
data/geany-1.37.1/src/build.c:2109:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(a);
data/geany-1.37.1/src/build.c:2319:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixlen = prefix == NULL ? 0 : strlen(prefix);
data/geany-1.37.1/src/build.c:2534:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixlen = prefix == NULL ? 0 : strlen(prefix);
data/geany-1.37.1/src/callbacks.c:604:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sci_set_selection_start(sci, sci_get_current_position(sci) - strlen(text));
data/geany-1.37.1/src/callbacks.c:1113:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sci_goto_pos(doc->editor->sci, 21 + strlen(template_prefs.developer) + strlen(template_prefs.mail), TRUE);
data/geany-1.37.1/src/callbacks.c:1113:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sci_goto_pos(doc->editor->sci, 21 + strlen(template_prefs.developer) + strlen(template_prefs.mail), TRUE);
data/geany-1.37.1/src/document.c:2180:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/geany-1.37.1/src/document.c:2273:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ttf.chrg.cpMax = start_pos + strlen(text);
data/geany-1.37.1/src/editor.c:647:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(str);
data/geany-1.37.1/src/editor.c:725:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos -= strlen(context_sep);
data/geany-1.37.1/src/editor.c:764:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos -= strlen(name);
data/geany-1.37.1/src/editor.c:1011:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sci_set_current_position(sci, pos + strlen(text), TRUE);
data/geany-1.37.1/src/editor.c:1024:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) <= strlen(stem))
data/geany-1.37.1/src/editor.c:1024:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) <= strlen(stem))
data/geany-1.37.1/src/editor.c:1027:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text += strlen(stem); /* skip stem */
data/geany-1.37.1/src/editor.c:1176:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
document_open_file_list(nt->text, strlen(nt->text));
data/geany-1.37.1/src/editor.c:2125:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return autocomplete_tags(editor, filetypes_index(GEANY_FILETYPES_HTML), tmp, strlen(tmp));
data/geany-1.37.1/src/editor.c:2263:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rootlen = strlen(root);
data/geany-1.37.1/src/editor.c:2424:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_erase(template, cursor_steps, strlen(geany_cursor_marker));
data/geany-1.37.1/src/editor.c:2623:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/geany-1.37.1/src/editor.c:2939:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSM(editor->sci, SCI_DELETERANGE, end, strlen(cc));
data/geany-1.37.1/src/editor.c:2944:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSM(editor->sci, SCI_DELETERANGE, start, strlen(co));
data/geany-1.37.1/src/editor.c:3026:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
co_len = strlen(co);
data/geany-1.37.1/src/editor.c:3058:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize tm_len = strlen(editor_prefs.comment_toggle_mark);
data/geany-1.37.1/src/editor.c:3128:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize tm_len = strlen(editor_prefs.comment_toggle_mark);
data/geany-1.37.1/src/editor.c:3150:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
co_len = strlen(co);
data/geany-1.37.1/src/editor.c:3232:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent_len = (gint) strlen(indent);
data/geany-1.37.1/src/editor.c:3249:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
indent_len = (gint) strlen(indent);
data/geany-1.37.1/src/editor.c:3321:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
co_len = strlen(co);
data/geany-1.37.1/src/editor.c:3547:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen(previous_line);
data/geany-1.37.1/src/editor.c:3639:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(text);
data/geany-1.37.1/src/editor.c:3656:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(co);
data/geany-1.37.1/src/editor.c:3662:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(indent);
data/geany-1.37.1/src/encodings.c:695:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(buffer);
data/geany-1.37.1/src/encodings.c:901:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer->len = strlen(converted_text);
data/geany-1.37.1/src/encodings.c:939:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer->len = strlen(converted_text);
data/geany-1.37.1/src/encodings.c:973:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer->len = strlen(converted_text);
data/geany-1.37.1/src/encodings.c:1065:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer.len = strlen(buffer.data);
data/geany-1.37.1/src/filetypes.c:302:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_str_has_suffix(filename + strlen(prefix), ".conf"))
data/geany-1.37.1/src/filetypes.c:479:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(pat);
data/geany-1.37.1/src/filetypes.c:595:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) > 2 && line[0] == '#' && line[1] == '!')
data/geany-1.37.1/src/highlighting.c:598:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
whitespace = g_malloc0(strlen(whitespace_chars) + 1);
data/geany-1.37.1/src/libmain.c:360:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/geany-1.37.1/src/libmain.c:536:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/geany-1.37.1/src/msgwindow.c:457:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/geany-1.37.1/src/prefix.c:163:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (path);
data/geany-1.37.1/src/printing.c:111:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint default_w = 50 * strlen(text) * PANGO_SCALE;
data/geany-1.37.1/src/project.c:712:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/geany-1.37.1/src/sciwrappers.c:247:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SSM(sci, SCI_ADDTEXT, strlen(text), (sptr_t) text);
data/geany-1.37.1/src/search.c:1665:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utf8_text_len = strlen(utf8_search_text);
data/geany-1.37.1/src/search.c:2018:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*match_ = match_info_new(flags, ret, ret + strlen(str));
data/geany-1.37.1/src/search.c:2034:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*match_ = match_info_new(flags, ret, ret + strlen(str));
data/geany-1.37.1/src/search.c:2099:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(grp);
data/geany-1.37.1/src/sidebar.c:360:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *head = g_strndup(str, strlen(prefix));
data/geany-1.37.1/src/sidebar.c:381:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(project_base_path);
data/geany-1.37.1/src/sidebar.c:405:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rest = dirname + strlen(home_dir);
data/geany-1.37.1/src/socket.c:138:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
socket_fd_write_all(sock, line, strlen(line));
data/geany-1.37.1/src/socket.c:147:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
socket_fd_write_all(sock, col, strlen(col));
data/geany-1.37.1/src/socket.c:164:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
socket_fd_write_all(sock, filename, strlen(filename));
data/geany-1.37.1/src/socket.c:407:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, path, sizeof(addr.sun_path) - 1);
data/geany-1.37.1/src/socket.c:485:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(addr.sun_path, real_path, sizeof(addr.sun_path) - 1);
data/geany-1.37.1/src/socket.c:685:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize buf_len = strlen(buf);
data/geany-1.37.1/src/socket.c:699:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
socket_fd_write_all(sock, doc_list, strlen(doc_list));
data/geany-1.37.1/src/socket.c:805:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fd, buf, len);
data/geany-1.37.1/src/spawn.c:403:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(message);
data/geany-1.37.1/src/spawn.c:541:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
arguments = strstr(command_line, program) + strlen(program);
data/geany-1.37.1/src/spawn.c:840:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SpawnReadFunc read;
data/geany-1.37.1/src/spawn.c:957:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sc->cb.read(buffer, input_cond, sc->cb_data);
data/geany-1.37.1/src/spawn.c:974:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sc->cb.read(buffer, input_cond, sc->cb_data);
data/geany-1.37.1/src/spawn.c:1005:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sc->cb.read(buffer, input_cond | failure_cond, sc->cb_data);
data/geany-1.37.1/src/tagmanager/tm_parser.c:713:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (map->size != strlen(kinds))
data/geany-1.37.1/src/tagmanager/tm_parser.c:715:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map->size, (int)strlen(kinds), ctagsGetLangName(lang));
data/geany-1.37.1/src/tagmanager/tm_tag.c:177:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(FALLBACK(t1->name, ""), FALLBACK(t2->name, ""), strlen(FALLBACK(t1->name, "")));
data/geany-1.37.1/src/tagmanager/tm_tag.c:188:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
returnval = strncmp(FALLBACK(t1->name, ""), FALLBACK(t2->name, ""), strlen(FALLBACK(t1->name, "")));
data/geany-1.37.1/src/tagmanager/tm_workspace.c:385:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t str_len = strlen(str);
data/geany-1.37.1/src/tagmanager/tm_workspace.c:462:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dirty_len = strlen(includes[i]);
data/geany-1.37.1/src/tagmanager/tm_workspace.c:470:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(clean_path, includes[i] + 1, dirty_len - 1);
data/geany-1.37.1/src/tagmanager/tm_workspace.c:792:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *name = base ? g_strdup(base + strlen(sep)) : g_strdup(scoped_name);
data/geany-1.37.1/src/tagmanager/tm_workspace.c:909:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cls_scope = strlen(cls_scope) > 0 ? cls_scope : NULL;
data/geany-1.37.1/src/templates.c:298:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(doc->real_path, path, strlen(path)) == 0)
data/geany-1.37.1/src/templates.c:384:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (indent > strlen(line_prefix)) ? (indent - strlen(line_prefix)) : strlen(line_prefix);
data/geany-1.37.1/src/templates.c:384:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (indent > strlen(line_prefix)) ? (indent - strlen(line_prefix)) : strlen(line_prefix);
data/geany-1.37.1/src/templates.c:384:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (indent > strlen(line_prefix)) ? (indent - strlen(line_prefix)) : strlen(line_prefix);
data/geany-1.37.1/src/templates.c:645:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd = g_strndup(wildcard + 9, strlen(wildcard) - 10);
data/geany-1.37.1/src/toolbar.c:807:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_selection_data_set(data, atom, 8, (guchar*) name, strlen(name));
data/geany-1.37.1/src/tools.c:213:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input.size = strlen(sel);
data/geany-1.37.1/src/ui_utils.c:744:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sci_goto_pos(doc->editor->sci, pos + strlen(time_str), FALSE);
data/geany-1.37.1/src/ui_utils.c:2106:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize len = strlen(app->configdir);
data/geany-1.37.1/src/ui_utils.c:3052:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_text_len = (gint) strlen(new_text);
data/geany-1.37.1/src/utils.c:233:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/geany-1.37.1/src/utils.c:561:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/geany-1.37.1/src/utils.c:986:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf + 1, spec + 2, sizeof(buf) - 2);
data/geany-1.37.1/src/utils.c:1078:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/geany-1.37.1/src/utils.c:1083:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i++ >= strlen(string))
data/geany-1.37.1/src/utils.c:1106:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i >= strlen(string))
data/geany-1.37.1/src/utils.c:1122:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (i >= strlen(string))
data/geany-1.37.1/src/utils.c:1133:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((i + 2) < strlen(string)) && (isdigit(string[i + 1]) || isxdigit(string[i + 1]))
data/geany-1.37.1/src/utils.c:1143:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((i + 2) < strlen(string)) && (isdigit(string[i + 1]) || isxdigit(string[i + 1]))
data/geany-1.37.1/src/utils.c:1363:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (path == NULL || strlen(path) == 0)
data/geany-1.37.1/src/utils.c:1510:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(replace);
data/geany-1.37.1/src/utils.c:1532:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gsize needle_length = strlen(needle);
data/geany-1.37.1/src/utils.c:1569:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
utils_string_replace(haystack, pos, strlen(needle), replace);
data/geany-1.37.1/src/utils.c:1605:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start = end - len + strlen(replace);
data/geany-1.37.1/src/utils.c:1756:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(fuse_path);
data/geany-1.37.1/src/utils.c:1813:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_erase(str, pos, strlen(needle));
data/geany-1.37.1/src/utils.c:1826:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (str->len <= strlen(filename))
data/geany-1.37.1/src/utils.c:1905:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint skip = strlen(uri_file_prefix);
data/geany-1.37.1/src/utils.c:2105:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(first);
data/geany-1.37.1/src/utils.c:2211:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lcs_len = strlen(lcs);
data/geany-1.37.1/src/utils.h:73:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(g_alloca(strlen(str) + 1), str)
data/geany-1.37.1/src/vte.c:823:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vf->vte_terminal_feed_child(VTE_TERMINAL(vc->vte), cmd, strlen(cmd));
data/geany-1.37.1/src/vte.c:923:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
vf->vte_terminal_feed_child(VTE_TERMINAL(widget), text, strlen(text));
data/geany-1.37.1/src/vte.c:1022:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/geany-1.37.1/src/win32.c:173:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/geany-1.37.1/src/win32.c:192:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filter);
data/geany-1.37.1/src/win32.c:220:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/geany-1.37.1/src/win32.c:435:11: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x != wcslen(fname))
ANALYSIS SUMMARY:
Hits = 806
Lines analyzed = 207510 in approximately 4.61 seconds (44987 lines/second)
Physical Source Lines of Code (SLOC) = 157345
Hits@level = [0] 178 [1] 294 [2] 355 [3] 29 [4] 125 [5] 3
Hits@level+ = [0+] 984 [1+] 806 [2+] 512 [3+] 157 [4+] 128 [5+] 3
Hits/KSLOC@level+ = [0+] 6.25377 [1+] 5.1225 [2+] 3.254 [3+] 0.997807 [4+] 0.813499 [5+] 0.0190664
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.