Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gpx-2.6.7/src/gpx/gpx-main.c
Examining data/gpx-2.6.7/src/gpx/gpx.c
Examining data/gpx-2.6.7/src/gpx/gpx.h
Examining data/gpx-2.6.7/src/gpx/gpxresp.c
Examining data/gpx-2.6.7/src/gpx/vector.c
Examining data/gpx-2.6.7/src/gpx/vector.h
Examining data/gpx-2.6.7/src/gpx/winsio.c
Examining data/gpx-2.6.7/src/gpx/winsio.h
Examining data/gpx-2.6.7/src/pymodule/gpxmodule.c
Examining data/gpx-2.6.7/src/shared/classic_machines.h
Examining data/gpx-2.6.7/src/shared/eeprominfo.h
Examining data/gpx-2.6.7/src/shared/machine.h
Examining data/gpx-2.6.7/src/shared/machine_config.c
Examining data/gpx-2.6.7/src/shared/machine_config.h
Examining data/gpx-2.6.7/src/shared/opt.c
Examining data/gpx-2.6.7/src/shared/opt.h
Examining data/gpx-2.6.7/src/shared/portable_endian.h
Examining data/gpx-2.6.7/src/shared/s3g.c
Examining data/gpx-2.6.7/src/shared/s3g.h
Examining data/gpx-2.6.7/src/shared/s3g_commands.h
Examining data/gpx-2.6.7/src/shared/s3g_private.h
Examining data/gpx-2.6.7/src/shared/s3g_stdio.c
Examining data/gpx-2.6.7/src/shared/s3g_stdio.h
Examining data/gpx-2.6.7/src/shared/sailfish_7_7.h
Examining data/gpx-2.6.7/src/shared/std_eeprommaps.h
Examining data/gpx-2.6.7/src/shared/std_machines.h
Examining data/gpx-2.6.7/src/utils/machines.c
Examining data/gpx-2.6.7/src/utils/s3gdump.c
FINAL RESULTS:
data/gpx-2.6.7/src/gpx/gpx-main.c:653:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(temp_config_name, ".ini", sizeof(temp_config_name)-1);
data/gpx-2.6.7/src/gpx/gpxresp.c:1101:14: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
else if (chmod(pn, st.st_mode | S_IRGRP)) {
data/gpx-2.6.7/src/gpx/gpx-main.c:276:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(gpx->flag.verboseMode) fprintf(gpx->log, "Communicating via: %s" EOL, filename);
data/gpx-2.6.7/src/gpx/gpx-main.c:303:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access(fbuf, R_OK)) {
data/gpx-2.6.7/src/gpx/gpx-main.c:314:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(fbuf, R_OK)) {
data/gpx-2.6.7/src/gpx/gpx-main.c:404:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "(line %u) Configuration syntax error: unrecognised parameters" EOL, i);
data/gpx-2.6.7/src/gpx/gpx-main.c:435:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NO_SERIAL_SUPPORT_MSG EOL);
data/gpx-2.6.7/src/gpx/gpx-main.c:459:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NO_SERIAL_SUPPORT_MSG EOL);
data/gpx-2.6.7/src/gpx/gpx-main.c:494:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "Command line error: unsupported baud rate '%s'" EOL, optarg);
data/gpx-2.6.7/src/gpx/gpx-main.c:498:42: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(gpx.flag.verboseMode) fprintf(stderr, "Setting baud rate to: %i bps" EOL, i);
data/gpx-2.6.7/src/gpx/gpx-main.c:503:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, NO_SERIAL_SUPPORT_MSG EOL);
data/gpx-2.6.7/src/gpx/gpx-main.c:631:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "Command line error: cannot load configuration file '%s'" EOL, config);
data/gpx-2.6.7/src/gpx/gpx-main.c:636:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "(line %u) Configuration syntax error in %s: unrecognised paremeters" EOL, i, config);
data/gpx-2.6.7/src/gpx/gpx-main.c:716:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(gpx.flag.verboseMode) fprintf(gpx.log, "Reading from: %s" EOL, filename);
data/gpx-2.6.7/src/gpx/gpx-main.c:799:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(gpx.flag.verboseMode) fprintf(gpx.log, "Writing to: %s" EOL, filename);
data/gpx-2.6.7/src/gpx/gpx-main.c:822:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gpx.buffer.out + sl, filename);
data/gpx-2.6.7/src/gpx/gpx-main.c:827:57: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(file_out2 && gpx.flag.verboseMode) fprintf(gpx.log, "Writing to: %s" EOL, gpx.buffer.out);
data/gpx-2.6.7/src/gpx/gpx-main.c:842:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx.log, "GCode flavor: %s" EOL, gpx.flag.reprapFlavor ? "Reprap" : "Makerbot");
data/gpx-2.6.7/src/gpx/gpx-main.c:856:38: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(gpx.flag.verboseMode) fprintf(gpx.log, "Loading eeprom config: %s" EOL, eeprom);
data/gpx-2.6.7/src/gpx/gpx-main.c:859:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "Command line error: cannot load eeprom configuration file '%s'" EOL, eeprom);
data/gpx-2.6.7/src/gpx/gpx-main.c:864:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "(line %u) Eeprom configuration syntax error in %s: unrecognised paremeters" EOL, i, eeprom);
data/gpx-2.6.7/src/gpx/gpx.c:96:18: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
result = vfprintf(gpx->log, fmt, args);
data/gpx-2.6.7/src/gpx/gpx.c:114:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "\t%-3s = %s" EOL, (*ptr)->type, (*ptr)->desc);
data/gpx-2.6.7/src/gpx/gpx.c:120:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, "\t%-3s = %s" EOL, (*pma)->alias, (*pma)->desc);
data/gpx-2.6.7/src/gpx/gpx.c:159:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "gpx_set_machine: %s" EOL, machine_type) );
data/gpx-2.6.7/src/gpx/gpx.c:163:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "gpx_set_machine FAILED to find: %s" EOL, machine_type) );
data/gpx-2.6.7/src/gpx/gpx.c:170:18: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Loading machine definition: %s" EOL, machine->desc) );
data/gpx-2.6.7/src/gpx/gpx.c:178:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(machineIni, R_OK) == SUCCESS) {
data/gpx-2.6.7/src/gpx/gpx.c:179:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Using custom machine definition from: %s" EOL, machineIni) );
data/gpx-2.6.7/src/gpx/gpx.c:186:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Unable to access: %s" EOL, machineIni) );
data/gpx-2.6.7/src/gpx/gpx.c:3121:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(@zPos %0.2f) Nozzle[A] temperature %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:3128:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(@zPos %0.2f) Nozzle[B] temperature %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:3137:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(@zPos %0.2f) Build platform[A] temperature %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:3144:34: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(@zPos %0.2f) Build platform[B] temperature %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:3605:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(@start) Nozzle temperature %uc" EOL, nozzle_temperature) );
data/gpx-2.6.7/src/gpx/gpx.c:3626:26: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(@start) Build platform temperature %uc" EOL, build_platform_temperature) );
data/gpx-2.6.7/src/gpx/gpx.c:4059:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
SHOW( fprintf(gpx->log, "Configuration error: insufficient virtual memory" EOL) )
data/gpx-2.6.7/src/gpx/gpx.c:4317:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
SHOW( fprintf(gpx->log, "GPX programming error; NULL context "
data/gpx-2.6.7/src/gpx/gpx.c:4336:15: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
SHOW( fprintf(gpx->log, "GPX programming error; invalid "
data/gpx-2.6.7/src/gpx/gpx.c:5105:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "Only reset to sd position 0 is supported: M26 S0" EOL);} )
data/gpx-2.6.7/src/gpx/gpx.c:6036:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Extruder T%u firmware v%u.%u" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6046:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Extruder T%u temperature: %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6055:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Extruder T%u is%sready" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6064:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Build platform T%u temperature: %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6073:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Extruder T%u target temperature: %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6082:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Build platform T%u target temperature: %uc" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6091:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Build platform T%u is%sready" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6102:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "Extruder T%u status" EOL, extruder_id);
data/gpx-2.6.7/src/gpx/gpx.c:6154:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Motherboard firmware v%u.%u" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6175:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Printer is%sready" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6196:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Capture to file: %s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6204:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Capture to file ended: %u bytes written" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6212:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Play back captured file: %d, %s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6223:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Get next filename: '%s' %s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6232:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "Get build name: '%s'" EOL, sio->response.sd.filename) );
data/gpx-2.6.7/src/gpx/gpx.c:6257:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "X = %0.2fmm%s%s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6261:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "Y = %0.2fmm%s%s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6265:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "Z = %0.2fmm%s%s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6269:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "A = %0.2fmm%s%s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6273:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "B = %0.2fmm%s%s" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6321:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(line %u) Build status: %s, %u hours, %u minutes" EOL,
data/gpx-2.6.7/src/gpx/gpx.c:6346:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "%s firmware v%u.%u" EOL, get_firmware_variant(sio->response.firmware.variant),
data/gpx-2.6.7/src/gpx/gpx.c:6387:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSESIO( fprintf(gpx->log, "port_handler write: %lu" EOL, (unsigned long)length) );
data/gpx-2.6.7/src/gpx/gpx.c:6398:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSESIO( fprintf(gpx->log, EOL "port_handler read:" EOL) );
data/gpx-2.6.7/src/gpx/gpx.c:6405:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSESIO( fprintf(gpx->log, EOL "want 1 bytes = %u" EOL, (unsigned)bytes) );
data/gpx-2.6.7/src/gpx/gpx.c:6421:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSESIO( fprintf(gpx->log, EOL "want 1 bytes = %u" EOL, (unsigned)bytes) );
data/gpx-2.6.7/src/gpx/gpx.c:6432:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSESIO( fprintf(gpx->log, EOL) );
data/gpx-2.6.7/src/gpx/gpx.c:6434:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSESIO( fprintf(gpx->log, EOL "want %u bytes = %u" EOL, (unsigned)payload_length + 1, (unsigned)bytes) );
data/gpx-2.6.7/src/gpx/gpx.c:6440:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "(retry %u) Input CRC mismatch: packet discarded" EOL, retry_count);
data/gpx-2.6.7/src/gpx/gpx.c:6449:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Generic Packet error: packet discarded" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6509:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Output CRC mismatch: packet discarded" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6514:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Query packet too big: packet discarded" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6519:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Command not supported or recognized" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6524:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Downstream timeout" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6529:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Tool lock timeout" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6534:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Cancel build" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6542:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Bot is Building from SD card" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6547:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Bot is shutdown due to overheating" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6552:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
VERBOSE( fprintf(gpx->log, "(retry %u) Packet timeout error: packet discarded" EOL, retry_count) );
data/gpx-2.6.7/src/gpx/gpx.c:6680:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "Extrusion length: %#0.3f metres" EOL, round(gpx->accumulated.a + gpx->accumulated.b) / 1000);
data/gpx-2.6.7/src/gpx/gpx.c:6684:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "%lu seconds" EOL, seconds);
data/gpx-2.6.7/src/gpx/gpx.c:6685:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(gpx->log, "X3G output filesize: %lu bytes" EOL, gpx->accumulated.bytes);
data/gpx-2.6.7/src/gpx/gpxresp.c:124:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf(tio->translation + tio->cur,
data/gpx-2.6.7/src/gpx/gpxresp.c:149:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(tio->gpx->log, fmt, args);
data/gpx-2.6.7/src/gpx/gpxresp.c:1277:32: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(rval == EOSERROR && access(printer_port, R_OK)) {
data/gpx-2.6.7/src/gpx/winsio.c:89:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(gpx->flag.verboseMode) fprintf(gpx->log, "Communicating via: %s" EOL, filename);
data/gpx-2.6.7/src/shared/s3g.c:705:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, ap);
data/gpx-2.6.7/src/shared/s3g.c:709:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/gpx-2.6.7/src/gpx/gpx-main.c:300:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("LOCALAPPDATA");
data/gpx-2.6.7/src/gpx/gpx-main.c:311:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/gpx-2.6.7/src/gpx/gpx-main.c:380:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "CD:E:FIL:N:W:b:c:de:gf:ilm:n:pqrstu:vwx:y:z:?")) != -1) {
data/gpx-2.6.7/src/gpx/gpx-main.c:417:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "CD:E:FIL:N:W:b:c:de:gf:ilm:n:pqrstu:vwx:y:z:?")) != -1) {
data/gpx-2.6.7/src/utils/machines.c:65:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, argv, "c?")) != -1)
data/gpx-2.6.7/src/utils/s3gdump.c:61:18: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt(argc, (char **)argv, ":h?")) != GETOPTS_END)
data/gpx-2.6.7/src/gpx/gpx-main.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp_config_name[24];
data/gpx-2.6.7/src/gpx/gpx-main.c:207:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((port = open(filename, O_RDWR | O_NOCTTY | O_NONBLOCK)) < 0) {
data/gpx-2.6.7/src/gpx/gpx-main.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[1024];
data/gpx-2.6.7/src/gpx/gpx-main.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fbuf, argv0, len);
data/gpx-2.6.7/src/gpx/gpx-main.c:336:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fbuf + len, ".ini");
data/gpx-2.6.7/src/gpx/gpx-main.c:463:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(optarg);
data/gpx-2.6.7/src/gpx/gpx-main.c:600:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gpx.buffer.out, filename, l);
data/gpx-2.6.7/src/gpx/gpx-main.c:606:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gpx.buffer.out, filename, sl);
data/gpx-2.6.7/src/gpx/gpx-main.c:619:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((gpx.log = fopen(logname, "w+")) == NULL) {
data/gpx-2.6.7/src/gpx/gpx-main.c:651:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp_config_name, "gpx-XXXXXX");
data/gpx-2.6.7/src/gpx/gpx-main.c:654:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp_config = fopen(temp_config_name, "w");
data/gpx-2.6.7/src/gpx/gpx-main.c:717:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file_in = fopen(filename, "rw")) == NULL) {
data/gpx-2.6.7/src/gpx/gpx-main.c:763:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gpx.buffer.out, filename, l);
data/gpx-2.6.7/src/gpx/gpx-main.c:779:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, ".X3G");
data/gpx-2.6.7/src/gpx/gpx-main.c:782:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ext, ".x3g");
data/gpx-2.6.7/src/gpx/gpx-main.c:795:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((file_out = fopen(filename, "wb")) == NULL) {
data/gpx-2.6.7/src/gpx/gpx-main.c:820:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gpx.buffer.out, gpx.sdCardPath, sl);
data/gpx-2.6.7/src/gpx/gpx-main.c:826:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_out2 = fopen(gpx.buffer.out, "wb");
data/gpx-2.6.7/src/gpx/gpx.c:169:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gpx->machine, machine, sizeof(Machine));
data/gpx-2.6.7/src/gpx/gpx.c:174:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char machineIni[1024];
data/gpx-2.6.7/src/gpx/gpx.c:443:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/gpx-2.6.7/src/gpx/gpx.c:454:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/gpx-2.6.7/src/gpx/gpx.c:465:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/gpx-2.6.7/src/gpx/gpx.c:478:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/gpx-2.6.7/src/gpx/gpx.c:496:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/gpx-2.6.7/src/gpx/gpx.c:508:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/gpx-2.6.7/src/gpx/gpx.c:523:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/gpx-2.6.7/src/gpx/gpx.c:3431:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned temperature = atoi(t);
data/gpx-2.6.7/src/gpx/gpx.c:3786:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[sizeof(axes_names)], *p = s;
data/gpx-2.6.7/src/gpx/gpx.c:3942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section[INI_SECTION_MAX] = "";
data/gpx-2.6.7/src/gpx/gpx.c:3943:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_name[INI_NAME_MAX] = "";
data/gpx-2.6.7/src/gpx/gpx.c:4027:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, "r");
data/gpx-2.6.7/src/gpx/gpx.c:4116:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gpx->flag.verboseMode = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4121:69: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(PROPERTY_IS("ditto_printing")) gpx->flag.dittoPrinting = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4122:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("build_progress")) gpx->flag.buildProgress = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4124:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("recalculate_5d")) gpx->flag.rewrite5D = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4149:104: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(gpx->machine.a.has_heated_build_platform) gpx->override[A].build_platform_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4150:104: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(gpx->machine.b.has_heated_build_platform) gpx->override[B].build_platform_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4156:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gpx->flag.verboseMode = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4174:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("endstop")) gpx->machine.x.endstop = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4184:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("endstop")) gpx->machine.y.endstop = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4194:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("endstop")) gpx->machine.z.endstop = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4204:102: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("has_heated_build_platform")) gpx->machine.a.has_heated_build_platform = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4211:88: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| PROPERTY_IS("nozzle_temperature")) gpx->override[A].active_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4212:92: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("standby_temperature")) gpx->override[A].standby_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4213:106: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("build_platform_temperature")) gpx->override[A].build_platform_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4222:102: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("has_heated_build_platform")) gpx->machine.b.has_heated_build_platform = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4229:88: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
|| PROPERTY_IS("nozzle_temperature")) gpx->override[B].active_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4230:92: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("standby_temperature")) gpx->override[B].standby_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4231:106: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("build_platform_temperature")) gpx->override[B].build_platform_temperature = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4242:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gpx->machine.extruder_count = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4245:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if(PROPERTY_IS("timeout")) gpx->machine.timeout = atoi(value);
data/gpx-2.6.7/src/gpx/gpx.c:4426:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
next_line = gpx->lineNumber = atoi(digits);
data/gpx-2.6.7/src/gpx/gpx.c:4517:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gpx->command.g = atoi(digits);
data/gpx-2.6.7/src/gpx/gpx.c:4523:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gpx->command.m = atoi(digits);
data/gpx-2.6.7/src/gpx/gpx.c:4537:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gpx->command.t = atoi(digits);
data/gpx-2.6.7/src/gpx/gpx.h:265:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[BUFFER_MAX + 1];
data/gpx-2.6.7/src/gpx/gpx.h:266:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[BUFFER_MAX + 1];
data/gpx-2.6.7/src/gpx/gpx.h:423:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[31];
data/gpx-2.6.7/src/gpx/gpx.h:439:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[PROTOCOL_FILENAME_MAX];
data/gpx-2.6.7/src/gpx/gpx.h:551:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char translation[BUFFER_MAX + 1];
data/gpx-2.6.7/src/gpx/gpxresp.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psttb->rgs + i, psttb->rgs + i + 1, (psttb->cs - i - 1) * sizeof(char *));
data/gpx-2.6.7/src/gpx/gpxresp.c:316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PROTOCOL_FILENAME_MAX];
data/gpx-2.6.7/src/gpx/gpxresp.c:1203:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((tio.upstream = open(daemon_port, O_RDWR)) < 0) {
data/gpx-2.6.7/src/gpx/vector.c:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pv->pb + ((size_t)i * pv->cb), p, pv->cb);
data/gpx-2.6.7/src/gpx/winsio.c:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/gpx-2.6.7/src/pymodule/gpxmodule.c:153:39: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (logpath != NULL && (gpx.log = fopen(logpath, "a")) == NULL) {
data/gpx-2.6.7/src/shared/machine_config.c:208:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m, d, sizeof(Machine));
data/gpx-2.6.7/src/shared/machine_config.c:217:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m, def, sizeof(Machine));
data/gpx-2.6.7/src/shared/opt.c:114:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/gpx-2.6.7/src/shared/opt.c:239:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (value) memcpy(tmp->value, value, lv);
data/gpx-2.6.7/src/shared/opt.c:264:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64], *bufptr, *ptr;
data/gpx-2.6.7/src/shared/opt.c:507:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], *group;
data/gpx-2.6.7/src/shared/opt.c:517:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/gpx-2.6.7/src/shared/s3g.c:42:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/gpx-2.6.7/src/shared/s3g.c:50:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[2];
data/gpx-2.6.7/src/shared/s3g.c:376:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f32.u.c, buf, 4); \
data/gpx-2.6.7/src/shared/s3g.c:386:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f32.u.c, buf, 4); \
data/gpx-2.6.7/src/shared/s3g.c:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f32.u.c, buf, 4); \
data/gpx-2.6.7/src/shared/s3g.c:414:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f16.u.c, buf, 2); \
data/gpx-2.6.7/src/shared/s3g.c:424:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f16.u.c, buf, 2); \
data/gpx-2.6.7/src/shared/s3g.c:491:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&cmd->t.tool.subcmd_value, buf + 3, sizeof(uint16_t));
data/gpx-2.6.7/src/shared/s3g.c:704:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/gpx-2.6.7/src/shared/s3g.c:720:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/gpx-2.6.7/src/shared/s3g.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[32];
data/gpx-2.6.7/src/shared/s3g.c:783:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (axis <= (sizeof(names)/sizeof(const char *)))
data/gpx-2.6.7/src/shared/s3g.c:804:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/gpx-2.6.7/src/shared/s3g.h:267:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[64];
data/gpx-2.6.7/src/shared/s3g.h:286:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[64];
data/gpx-2.6.7/src/shared/s3g.h:323:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd_raw[MAX_S3G_CMD_LEN];
data/gpx-2.6.7/src/shared/s3g_stdio.c:246:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpbuf[1024];
data/gpx-2.6.7/src/shared/s3g_stdio.c:408:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(fname, oflag, mode);
data/gpx-2.6.7/src/utils/machines.c:100:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (dlen) memcpy(fname, argv[0], dlen);
data/gpx-2.6.7/src/utils/machines.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname + dlen, (*ptr)->type, len);
data/gpx-2.6.7/src/utils/machines.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fname + dlen + len, ".ini", 5);
data/gpx-2.6.7/src/utils/machines.c:103:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "w");
data/gpx-2.6.7/src/utils/machines.c:106:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&machine, *ptr, sizeof(Machine));
data/gpx-2.6.7/src/gpx/gpx-main.c:330:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv0);
data/gpx-2.6.7/src/gpx/gpx-main.c:605:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(filename);
data/gpx-2.6.7/src/gpx/gpx-main.c:646:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(temp_config_name, "/tmp/gpx-XXXXXX.ini",
data/gpx-2.6.7/src/gpx/gpx-main.c:762:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = ext ? ext - filename : strlen(filename);
data/gpx-2.6.7/src/gpx/gpx-main.c:802:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long sl = strlen(gpx.sdCardPath);
data/gpx-2.6.7/src/gpx/gpx.c:70:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(nsec / 1000);
data/gpx-2.6.7/src/gpx/gpx.c:80:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(sec * 1000);
data/gpx-2.6.7/src/gpx/gpx.c:1210:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_string(gpx, filename, strlen(filename));
data/gpx-2.6.7/src/gpx/gpx.c:1236:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_string(gpx, filename, strlen(filename));
data/gpx-2.6.7/src/gpx/gpx.c:2049:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long length = strlen(message);
data/gpx-2.6.7/src/gpx/gpx.c:2170:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filename);
data/gpx-2.6.7/src/gpx/gpx.c:2962:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(string_value) >= pem->len)
data/gpx-2.6.7/src/gpx/gpx.c:2964:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CALL( write_eeprom(gpx, pem->address, string_value, strlen(string_value) + 1) );
data/gpx-2.6.7/src/gpx/gpx.c:2965:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gcodeResult(gpx, "EEPROM wrote %d bytes to address 0x%x\n", strlen(string_value) + 1, pem->address);
data/gpx-2.6.7/src/gpx/gpx.c:3284:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(type_name) != 1)
data/gpx-2.6.7/src/gpx/gpx.c:3361:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *e = p + strlen(p);
data/gpx-2.6.7/src/gpx/gpx.c:3901:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* p = s + strlen(s);
data/gpx-2.6.7/src/gpx/gpx.c:3932:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, size);
data/gpx-2.6.7/src/gpx/gpx.c:4071:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpend = tmp0 + strlen(tmp0);
data/gpx-2.6.7/src/gpx/gpx.c:5932:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gpx->buffer.in) != BUFFER_MAX - 1) {
data/gpx-2.6.7/src/gpx/gpx.c:5937:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gpx->buffer.in) == BUFFER_MAX - 1) {
data/gpx-2.6.7/src/gpx/gpx.c:6357:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define readport read
data/gpx-2.6.7/src/gpx/gpx.c:6376:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(port, buffer, bytes);
data/gpx-2.6.7/src/gpx/gpx.c:6618:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gpx->buffer.in) != BUFFER_MAX - 1) {
data/gpx-2.6.7/src/gpx/gpx.c:6623:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gpx->buffer.in) == BUFFER_MAX - 1) {
data/gpx-2.6.7/src/gpx/gpx.c:6711:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned length = (unsigned)strlen(value) / 2;
data/gpx-2.6.7/src/gpx/gpx.c:6722:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned length = (unsigned)strlen(value);
data/gpx-2.6.7/src/gpx/gpxresp.c:318:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inremain = strlen(filename);
data/gpx-2.6.7/src/gpx/gpxresp.c:327:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, buf, PROTOCOL_FILENAME_MAX);
data/gpx-2.6.7/src/gpx/gpxresp.c:765:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(gpx->buffer.in, "M105", sizeof(gpx->buffer.in));
data/gpx-2.6.7/src/gpx/gpxresp.c:890:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gpx->buffer.in, s, sizeof(gpx->buffer.in) - 1);
data/gpx-2.6.7/src/gpx/gpxresp.c:1138:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(tio.translation);
data/gpx-2.6.7/src/gpx/gpxresp.c:1139:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(len != write(tio.upstream, tio.translation, strlen(tio.translation))) {
data/gpx-2.6.7/src/gpx/gpxresp.c:1233:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes_read = read(tio.upstream, p, 1)) != 1) {
data/gpx-2.6.7/src/gpx/gpxresp.c:1259:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gpx->buffer.in) != BUFFER_MAX - 1) {
data/gpx-2.6.7/src/gpx/gpxresp.c:1264:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(gpx->buffer.in) == BUFFER_MAX - 1) {
data/gpx-2.6.7/src/gpx/winsio.c:82:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((bytes = read(*sio_port, buffer, sizeof(buffer))) > 0) {
data/gpx-2.6.7/src/pymodule/gpxmodule.c:885:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/gpx-2.6.7/src/shared/opt.c:164:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(opt_add_inner(group, group ? strlen(group) : (size_t)0, option, value));
data/gpx-2.6.7/src/shared/opt.c:174:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpend = tmp0 + strlen(tmp0);
data/gpx-2.6.7/src/shared/opt.c:185:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((iret = opt_add_inner(tmp, strlen(tmp), option, value)))
data/gpx-2.6.7/src/shared/opt.c:221:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lo = option ? strlen(option) : 0;
data/gpx-2.6.7/src/shared/opt.c:222:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lv = value ? strlen(value) : 0;
data/gpx-2.6.7/src/shared/opt.c:274:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lg = group ? strlen(group) : 0;
data/gpx-2.6.7/src/shared/opt.c:275:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lo = option ? strlen(option) : 0;
data/gpx-2.6.7/src/shared/opt.c:351:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr = line + strlen(line) - 1;
data/gpx-2.6.7/src/shared/s3g.c:320:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (!ctx->read)
data/gpx-2.6.7/src/shared/s3g.c:338:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != (bytes_expected = (*ctx->read)(ctx->r_ctx, buf0, maxbuf, 1)))
data/gpx-2.6.7/src/shared/s3g.c:374:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (4 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 4))) \
data/gpx-2.6.7/src/shared/s3g.c:384:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (4 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 4))) \
data/gpx-2.6.7/src/shared/s3g.c:393:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (4 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 4))) \
data/gpx-2.6.7/src/shared/s3g.c:403:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 1))) \
data/gpx-2.6.7/src/shared/s3g.c:412:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (2 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 2))) \
data/gpx-2.6.7/src/shared/s3g.c:422:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (2 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 2))) \
data/gpx-2.6.7/src/shared/s3g.c:467:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf,
data/gpx-2.6.7/src/shared/s3g.c:477:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((ssize_t)3 != (*ctx->read)(ctx->r_ctx, buf, maxbuf, 3))
data/gpx-2.6.7/src/shared/s3g.c:484:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((bytes_read = (*ctx->read)(ctx->r_ctx, buf + 3, maxbuf - 3,
data/gpx-2.6.7/src/shared/s3g.c:587:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 1)))
data/gpx-2.6.7/src/shared/s3g.c:621:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (1 != (bytes_read = (*ctx->read)(ctx->r_ctx, buf, maxbuf, 1)))
data/gpx-2.6.7/src/shared/s3g.c:706:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*ctx->write)(ctx->w_ctx, (unsigned char *)buf, strlen(buf));
data/gpx-2.6.7/src/shared/s3g.c:750:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
{ if (buf[0]) strncat(buf, ", ", maxbuf); \
data/gpx-2.6.7/src/shared/s3g.c:751:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, (x), maxbuf); }
data/gpx-2.6.7/src/shared/s3g.c:758:16: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
if (isEnable) strncat(buf, (flags & 0x80) ? "+" : "-", maxbuf);
data/gpx-2.6.7/src/shared/s3g.c:769:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf, "<NO AXES>", maxbuf);
data/gpx-2.6.7/src/shared/s3g.c:784:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, names[axis], maxbuf);
data/gpx-2.6.7/src/shared/s3g_private.h:46:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s3g_read_proc_t *read; // File driver read procedure; req'd for reading
data/gpx-2.6.7/src/shared/s3g_stdio.c:156:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((n = read(fd, buf, nbytes)) <= 0 && FD_TEMPORARY_ERR())
data/gpx-2.6.7/src/utils/machines.c:85:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dlen = strlen(argv[0]);
data/gpx-2.6.7/src/utils/machines.c:94:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen((*ptr)->type);
ANALYSIS SUMMARY:
Hits = 260
Lines analyzed = 15634 in approximately 0.44 seconds (35342 lines/second)
Physical Source Lines of Code (SLOC) = 10973
Hits@level = [0] 168 [1] 69 [2] 97 [3] 6 [4] 86 [5] 2
Hits@level+ = [0+] 428 [1+] 260 [2+] 191 [3+] 94 [4+] 88 [5+] 2
Hits/KSLOC@level+ = [0+] 39.0048 [1+] 23.6945 [2+] 17.4064 [3+] 8.56648 [4+] 8.01968 [5+] 0.182266
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.