Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/htmldoc-1.9.8/cgi-bin/topdf.c Examining data/htmldoc-1.9.8/htmldoc/array-private.h Examining data/htmldoc-1.9.8/htmldoc/array.c Examining data/htmldoc-1.9.8/htmldoc/array.h Examining data/htmldoc-1.9.8/htmldoc/debug.h Examining data/htmldoc-1.9.8/htmldoc/epub.cxx Examining data/htmldoc-1.9.8/htmldoc/file.c Examining data/htmldoc-1.9.8/htmldoc/file.h Examining data/htmldoc-1.9.8/htmldoc/gui.cxx Examining data/htmldoc-1.9.8/htmldoc/gui.h Examining data/htmldoc-1.9.8/htmldoc/hdstring.h Examining data/htmldoc-1.9.8/htmldoc/html.cxx Examining data/htmldoc-1.9.8/htmldoc/html.h Examining data/htmldoc-1.9.8/htmldoc/htmldoc.cxx Examining data/htmldoc-1.9.8/htmldoc/htmldoc.h Examining data/htmldoc-1.9.8/htmldoc/htmllib.cxx Examining data/htmldoc-1.9.8/htmldoc/htmlsep.cxx Examining data/htmldoc-1.9.8/htmldoc/http-addr.c Examining data/htmldoc-1.9.8/htmldoc/http-addrlist.c Examining data/htmldoc-1.9.8/htmldoc/http-private.h Examining data/htmldoc-1.9.8/htmldoc/http-support.c Examining data/htmldoc-1.9.8/htmldoc/http.c Examining data/htmldoc-1.9.8/htmldoc/http.h Examining data/htmldoc-1.9.8/htmldoc/image.cxx Examining data/htmldoc-1.9.8/htmldoc/image.h Examining data/htmldoc-1.9.8/htmldoc/iso8859.cxx Examining data/htmldoc-1.9.8/htmldoc/iso8859.h Examining data/htmldoc-1.9.8/htmldoc/license.cxx Examining data/htmldoc-1.9.8/htmldoc/markdown.cxx Examining data/htmldoc-1.9.8/htmldoc/markdown.h Examining data/htmldoc-1.9.8/htmldoc/md5-private.h Examining data/htmldoc-1.9.8/htmldoc/md5.c Examining data/htmldoc-1.9.8/htmldoc/mmd.c Examining data/htmldoc-1.9.8/htmldoc/mmd.h Examining data/htmldoc-1.9.8/htmldoc/progress.cxx Examining data/htmldoc-1.9.8/htmldoc/progress.h Examining data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx Examining data/htmldoc-1.9.8/htmldoc/rc4.c Examining data/htmldoc-1.9.8/htmldoc/rc4.h Examining data/htmldoc-1.9.8/htmldoc/snprintf.c Examining data/htmldoc-1.9.8/htmldoc/string.c Examining data/htmldoc-1.9.8/htmldoc/testhtml.cxx Examining data/htmldoc-1.9.8/htmldoc/tls-darwin.c Examining data/htmldoc-1.9.8/htmldoc/tls-gnutls.c Examining data/htmldoc-1.9.8/htmldoc/tls-sspi.c Examining data/htmldoc-1.9.8/htmldoc/tls.c Examining data/htmldoc-1.9.8/htmldoc/toc.cxx Examining data/htmldoc-1.9.8/htmldoc/types.h Examining data/htmldoc-1.9.8/htmldoc/util.cxx Examining data/htmldoc-1.9.8/htmldoc/zipc.c Examining data/htmldoc-1.9.8/htmldoc/zipc.h Examining data/htmldoc-1.9.8/jpeg/jaricom.c Examining data/htmldoc-1.9.8/jpeg/jcapimin.c Examining data/htmldoc-1.9.8/jpeg/jcapistd.c Examining data/htmldoc-1.9.8/jpeg/jcarith.c Examining data/htmldoc-1.9.8/jpeg/jccoefct.c Examining data/htmldoc-1.9.8/jpeg/jccolor.c Examining data/htmldoc-1.9.8/jpeg/jcdctmgr.c Examining data/htmldoc-1.9.8/jpeg/jchuff.c Examining data/htmldoc-1.9.8/jpeg/jcinit.c Examining data/htmldoc-1.9.8/jpeg/jcmainct.c Examining data/htmldoc-1.9.8/jpeg/jcmarker.c Examining data/htmldoc-1.9.8/jpeg/jcmaster.c Examining data/htmldoc-1.9.8/jpeg/jcomapi.c Examining data/htmldoc-1.9.8/jpeg/jconfig.h Examining data/htmldoc-1.9.8/jpeg/jcparam.c Examining data/htmldoc-1.9.8/jpeg/jcprepct.c Examining data/htmldoc-1.9.8/jpeg/jcsample.c Examining data/htmldoc-1.9.8/jpeg/jctrans.c Examining data/htmldoc-1.9.8/jpeg/jdapimin.c Examining data/htmldoc-1.9.8/jpeg/jdapistd.c Examining data/htmldoc-1.9.8/jpeg/jdarith.c Examining data/htmldoc-1.9.8/jpeg/jdatadst.c Examining data/htmldoc-1.9.8/jpeg/jdatasrc.c Examining data/htmldoc-1.9.8/jpeg/jdcoefct.c Examining data/htmldoc-1.9.8/jpeg/jdcolor.c Examining data/htmldoc-1.9.8/jpeg/jdct.h Examining data/htmldoc-1.9.8/jpeg/jddctmgr.c Examining data/htmldoc-1.9.8/jpeg/jdhuff.c Examining data/htmldoc-1.9.8/jpeg/jdinput.c Examining data/htmldoc-1.9.8/jpeg/jdmainct.c Examining data/htmldoc-1.9.8/jpeg/jdmarker.c Examining data/htmldoc-1.9.8/jpeg/jdmaster.c Examining data/htmldoc-1.9.8/jpeg/jdmerge.c Examining data/htmldoc-1.9.8/jpeg/jdpostct.c Examining data/htmldoc-1.9.8/jpeg/jdsample.c Examining data/htmldoc-1.9.8/jpeg/jdtrans.c Examining data/htmldoc-1.9.8/jpeg/jerror.c Examining data/htmldoc-1.9.8/jpeg/jerror.h Examining data/htmldoc-1.9.8/jpeg/jfdctflt.c Examining data/htmldoc-1.9.8/jpeg/jfdctfst.c Examining data/htmldoc-1.9.8/jpeg/jfdctint.c Examining data/htmldoc-1.9.8/jpeg/jidctflt.c Examining data/htmldoc-1.9.8/jpeg/jidctfst.c Examining data/htmldoc-1.9.8/jpeg/jidctint.c Examining data/htmldoc-1.9.8/jpeg/jinclude.h Examining data/htmldoc-1.9.8/jpeg/jmemmgr.c Examining data/htmldoc-1.9.8/jpeg/jmemnobs.c Examining data/htmldoc-1.9.8/jpeg/jmemsys.h Examining data/htmldoc-1.9.8/jpeg/jmorecfg.h Examining data/htmldoc-1.9.8/jpeg/jpegint.h Examining data/htmldoc-1.9.8/jpeg/jpeglib.h Examining data/htmldoc-1.9.8/jpeg/jquant1.c Examining data/htmldoc-1.9.8/jpeg/jquant2.c Examining data/htmldoc-1.9.8/jpeg/jutils.c Examining data/htmldoc-1.9.8/jpeg/jversion.h Examining data/htmldoc-1.9.8/png/png.c Examining data/htmldoc-1.9.8/png/png.h Examining data/htmldoc-1.9.8/png/pngconf.h Examining data/htmldoc-1.9.8/png/pngdebug.h Examining data/htmldoc-1.9.8/png/pngerror.c Examining data/htmldoc-1.9.8/png/pngget.c Examining data/htmldoc-1.9.8/png/pnginfo.h Examining data/htmldoc-1.9.8/png/pnglibconf.h Examining data/htmldoc-1.9.8/png/pngmem.c Examining data/htmldoc-1.9.8/png/pngpread.c Examining data/htmldoc-1.9.8/png/pngpriv.h Examining data/htmldoc-1.9.8/png/pngread.c Examining data/htmldoc-1.9.8/png/pngrio.c Examining data/htmldoc-1.9.8/png/pngrtran.c Examining data/htmldoc-1.9.8/png/pngrutil.c Examining data/htmldoc-1.9.8/png/pngset.c Examining data/htmldoc-1.9.8/png/pngstruct.h Examining data/htmldoc-1.9.8/png/pngtrans.c Examining data/htmldoc-1.9.8/png/pngwio.c Examining data/htmldoc-1.9.8/png/pngwrite.c Examining data/htmldoc-1.9.8/png/pngwtran.c Examining data/htmldoc-1.9.8/png/pngwutil.c Examining data/htmldoc-1.9.8/vcnet/config.h Examining data/htmldoc-1.9.8/vcnet/icons.h Examining data/htmldoc-1.9.8/xcode/config.h Examining data/htmldoc-1.9.8/zlib/adler32.c Examining data/htmldoc-1.9.8/zlib/compress.c Examining data/htmldoc-1.9.8/zlib/crc32.c Examining data/htmldoc-1.9.8/zlib/crc32.h Examining data/htmldoc-1.9.8/zlib/deflate.c Examining data/htmldoc-1.9.8/zlib/deflate.h Examining data/htmldoc-1.9.8/zlib/gzclose.c Examining data/htmldoc-1.9.8/zlib/gzguts.h Examining data/htmldoc-1.9.8/zlib/gzlib.c Examining data/htmldoc-1.9.8/zlib/gzread.c Examining data/htmldoc-1.9.8/zlib/gzwrite.c Examining data/htmldoc-1.9.8/zlib/infback.c Examining data/htmldoc-1.9.8/zlib/inffast.c Examining data/htmldoc-1.9.8/zlib/inffast.h Examining data/htmldoc-1.9.8/zlib/inffixed.h Examining data/htmldoc-1.9.8/zlib/inflate.c Examining data/htmldoc-1.9.8/zlib/inflate.h Examining data/htmldoc-1.9.8/zlib/inftrees.c Examining data/htmldoc-1.9.8/zlib/inftrees.h Examining data/htmldoc-1.9.8/zlib/trees.c Examining data/htmldoc-1.9.8/zlib/trees.h Examining data/htmldoc-1.9.8/zlib/uncompr.c Examining data/htmldoc-1.9.8/zlib/zconf.h Examining data/htmldoc-1.9.8/zlib/zlib.h Examining data/htmldoc-1.9.8/zlib/zutil.c Examining data/htmldoc-1.9.8/zlib/zutil.h FINAL RESULTS: data/htmldoc-1.9.8/htmldoc/http-addr.c:221:5: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(addr->un.sun_path, 0140777); data/htmldoc-1.9.8/cgi-bin/topdf.c:13:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(command, "htmldoc -t pdf --webpage %s", filename); data/htmldoc-1.9.8/cgi-bin/topdf.c:15:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (popen(command, "w")); data/htmldoc-1.9.8/cgi-bin/topdf.c:23:11: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return (popen("htmldoc -t pdf --webpage -", "w")); data/htmldoc-1.9.8/htmldoc/debug.h:21:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG_printf(x) printf x data/htmldoc-1.9.8/htmldoc/file.c:158:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, sizeof(filename), TEMPLATE, tmpdir, (long)getpid(), (int)(i + 1)); data/htmldoc-1.9.8/htmldoc/file.c:185:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, sizeof(filename), TEMPLATE, tmpdir, (long)getpid(), (int)(i + 1)); data/htmldoc-1.9.8/htmldoc/file.c:196:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(filename, sizeof(filename), TEMPLATE, tmpdir, (long)getpid(), (int)web_files); data/htmldoc-1.9.8/htmldoc/file.c:392:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!access(filename, 0)) data/htmldoc-1.9.8/htmldoc/file.c:1112:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(name, (size_t)len, TEMPLATE, tmpdir, (long)getpid(), (int)web_files); data/htmldoc-1.9.8/htmldoc/gui.cxx:2912:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(command, sizeof(command), gui->htmlEditor->value(), data/htmldoc-1.9.8/htmldoc/gui.cxx:2924:11: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command)) data/htmldoc-1.9.8/htmldoc/gui.cxx:3925:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, 0) == 0) data/htmldoc-1.9.8/htmldoc/hdstring.h:42:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/htmldoc-1.9.8/htmldoc/hdstring.h:42:23: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/htmldoc-1.9.8/htmldoc/hdstring.h:43:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/htmldoc-1.9.8/htmldoc/hdstring.h:88:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf hd_snprintf data/htmldoc-1.9.8/htmldoc/hdstring.h:93:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf hd_vsnprintf data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:198:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(bookfile, 0)) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:203:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(bookfile, 0)) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:210:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!access(bookfile, 0)) data/htmldoc-1.9.8/htmldoc/http-support.c:467:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(resource, sizeof(resource), resourcef, ap); data/htmldoc-1.9.8/htmldoc/http.c:1915:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(buf, sizeof(buf), format, ap); data/htmldoc-1.9.8/htmldoc/http.c:2828:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(http->fields[HTTP_FIELD_CONTENT_LENGTH], HTTP_MAX_VALUE, data/htmldoc-1.9.8/htmldoc/mmd.c:18:29: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG_printf(...) fprintf(stderr, __VA_ARGS__) data/htmldoc-1.9.8/htmldoc/mmd.c:25:30: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG2_printf(...) fprintf(stderr, __VA_ARGS__) data/htmldoc-1.9.8/htmldoc/mmd.c:69:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/htmldoc-1.9.8/htmldoc/mmd.c:69:21: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/htmldoc-1.9.8/htmldoc/progress.cxx:57:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(text, sizeof(text), format, ap); data/htmldoc-1.9.8/htmldoc/progress.cxx:163:3: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(text, sizeof(text), format, ap); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4675:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG_printf(x) printf x data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5638:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG_printf(x) printf x data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7343:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG_printf(x) printf x data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8968:27: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DEBUG_printf(x) printf x data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12897:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. length = vsnprintf(buf, sizeof(buf), format, ap); data/htmldoc-1.9.8/htmldoc/snprintf.c:111:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, double)); data/htmldoc-1.9.8/htmldoc/snprintf.c:125:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:146:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, int)); data/htmldoc-1.9.8/htmldoc/snprintf.c:160:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:174:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, void *)); data/htmldoc-1.9.8/htmldoc/snprintf.c:188:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:253:6: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(temp, tformat, va_arg(ap, int)); data/htmldoc-1.9.8/htmldoc/snprintf.c:267:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bufptr, temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:310:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. bytes = vsnprintf(buffer, bufsize, format, ap); data/htmldoc-1.9.8/htmldoc/string.c:50:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return (strcpy(t, s)); data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1524:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, R_OK) && tls_cups_keychain) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:680:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(buffer, 0)) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:691:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(buffer, 0)) data/htmldoc-1.9.8/htmldoc/zipc.c:555:7: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. if (vsnprintf(buffer, sizeof(buffer), format, ap) < 0) data/htmldoc-1.9.8/jpeg/jerror.c:194:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer, msgtext, err->msg_parm.s); data/htmldoc-1.9.8/jpeg/jerror.c:196:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer, msgtext, data/htmldoc-1.9.8/png/pngdebug.h:84:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? " " : \ data/htmldoc-1.9.8/png/pngdebug.h:92:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? " " : \ data/htmldoc-1.9.8/png/pngdebug.h:100:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? " " : \ data/htmldoc-1.9.8/png/pngdebug.h:113:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(PNG_DEBUG_FILE,format); \ data/htmldoc-1.9.8/png/pngdebug.h:124:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(PNG_DEBUG_FILE,format,p1); \ data/htmldoc-1.9.8/png/pngdebug.h:135:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(PNG_DEBUG_FILE,format,p1,p2); \ data/htmldoc-1.9.8/png/pngerror.c:734:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, PNG_STRING_NEWLINE); data/htmldoc-1.9.8/png/pngerror.c:741:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, PNG_STRING_NEWLINE); data/htmldoc-1.9.8/png/pngerror.c:749:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, PNG_STRING_NEWLINE); data/htmldoc-1.9.8/png/pngerror.c:805:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, PNG_STRING_NEWLINE); data/htmldoc-1.9.8/png/pngerror.c:812:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, PNG_STRING_NEWLINE); data/htmldoc-1.9.8/png/pngerror.c:820:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, PNG_STRING_NEWLINE); data/htmldoc-1.9.8/vcnet/config.h:33:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. #define access _access data/htmldoc-1.9.8/vcnet/config.h:41:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/htmldoc-1.9.8/vcnet/config.h:41:19: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/htmldoc-1.9.8/vcnet/config.h:44:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/htmldoc-1.9.8/zlib/gzguts.h:78:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # if !defined(vsnprintf) && !defined(NO_vsnprintf) data/htmldoc-1.9.8/zlib/gzguts.h:80:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/htmldoc-1.9.8/zlib/gzguts.h:103:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/htmldoc-1.9.8/zlib/gzguts.h:103:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/htmldoc-1.9.8/zlib/gzlib.c:216:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(state->path, path); data/htmldoc-1.9.8/zlib/gzlib.c:610:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(state->msg, state->path); data/htmldoc-1.9.8/zlib/gzlib.c:612:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(state->msg, msg); data/htmldoc-1.9.8/zlib/gzwrite.c:346:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void)vsprintf((char *)(state->in), format, va); data/htmldoc-1.9.8/zlib/gzwrite.c:350:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. len = vsprintf((char *)(state->in), format, va); data/htmldoc-1.9.8/zlib/gzwrite.c:354:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)vsnprintf((char *)(state->in), size, format, va); data/htmldoc-1.9.8/zlib/gzwrite.c:357:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf((char *)(state->in), size, format, va); data/htmldoc-1.9.8/zlib/gzwrite.c:431:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf((char *)(state->in), format, a1, a2, a3, a4, a5, a6, a7, a8, data/htmldoc-1.9.8/zlib/gzwrite.c:436:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len = sprintf((char *)(state->in), format, a1, a2, a3, a4, a5, a6, a7, a8, data/htmldoc-1.9.8/zlib/gzwrite.c:441:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf((char *)(state->in), size, format, a1, a2, a3, a4, a5, a6, a7, a8, data/htmldoc-1.9.8/zlib/gzwrite.c:445:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = snprintf((char *)(state->in), size, format, a1, a2, a3, a4, a5, a6, data/htmldoc-1.9.8/zlib/zutil.h:224:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Trace(x) {if (z_verbose>=0) fprintf x ;} data/htmldoc-1.9.8/zlib/zutil.h:225:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracev(x) {if (z_verbose>0) fprintf x ;} data/htmldoc-1.9.8/zlib/zutil.h:226:40: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracevv(x) {if (z_verbose>1) fprintf x ;} data/htmldoc-1.9.8/zlib/zutil.h:227:48: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} data/htmldoc-1.9.8/zlib/zutil.h:228:49: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} data/htmldoc-1.9.8/htmldoc/file.c:136:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmpdir = getenv("TEMP")) == NULL) data/htmldoc-1.9.8/htmldoc/file.c:142:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmpdir = getenv("TMPDIR")) == NULL) data/htmldoc-1.9.8/htmldoc/file.c:150:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debug = getenv("HTMLDOC_DEBUG"); data/htmldoc-1.9.8/htmldoc/file.c:1102:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmpdir = getenv("TEMP")) == NULL) data/htmldoc-1.9.8/htmldoc/file.c:1108:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((tmpdir = getenv("TMPDIR")) == NULL) data/htmldoc-1.9.8/htmldoc/gui.cxx:2919:12: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, command, NULL, NULL, FALSE, data/htmldoc-1.9.8/htmldoc/gui.cxx:2919:12: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. if (!CreateProcess(NULL, command, NULL, NULL, FALSE, data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:145:8: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("HTMLDOC_NOCGI") && getenv("GATEWAY_INTERFACE") && data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:145:35: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("HTMLDOC_NOCGI") && getenv("GATEWAY_INTERFACE") && data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:146:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("SERVER_NAME") && getenv("SERVER_SOFTWARE")) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:146:32: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("SERVER_NAME") && getenv("SERVER_SOFTWARE")) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:175:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. file_cookies(getenv("HTTP_COOKIE")); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:176:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. file_referer(getenv("HTTP_REFERER")); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:180:59: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. progress_error(HD_ERROR_NONE, "INFO: TEMP is \"%s\"", getenv("TEMP")); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:182:61: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. progress_error(HD_ERROR_NONE, "INFO: TMPDIR is \"%s\"", getenv("TMPDIR")); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:194:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((path_translated = getenv("PATH_TRANSLATED")) != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1191:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. https = getenv("HTTPS"); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1192:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. path_info = getenv("PATH_INFO"); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1193:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. query = getenv("QUERY_STRING"); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1194:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. server_name = getenv("SERVER_NAME"); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1195:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. server_port = getenv("SERVER_PORT"); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1292:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((debug = getenv("HTMLDOC_DEBUG")) != NULL && data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1349:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((home = getenv("HOME")) == NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1712:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((snap = getenv("SNAP")) != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1733:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("HTMLDOC_DATA") != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1734:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. _htmlData = getenv("HTMLDOC_DATA"); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1737:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("HTMLDOC_HELP") != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1738:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. GUI::help_dir = getenv("HTMLDOC_HELP"); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3591:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((debug = getenv("HTMLDOC_DEBUG")) == NULL || data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3641:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((debug = getenv("HTMLDOC_DEBUG")) == NULL || data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:536:35: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *source_date_epoch = getenv("SOURCE_DATE_EPOCH"); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1030:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((debug = getenv("HTMLDOC_DEBUG")) == NULL || data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2182:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((debug = getenv("HTMLDOC_DEBUG")) != NULL && strstr(debug, "margin")) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2750:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((debug = getenv("HTMLDOC_DEBUG")) != NULL && strstr(debug, "margin")) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6358:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((htmldoc_debug = getenv("HTMLDOC_DEBUG")) != NULL && data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11699:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1466:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *home = getenv("HOME"); /* HOME environment variable */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:674:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *home = getenv("HOME"); /* HOME environment variable */ data/htmldoc-1.9.8/jpeg/jmemmgr.c:36:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char * getenv JPP((const char * name)); data/htmldoc-1.9.8/jpeg/jmemmgr.c:1107:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((memenv = getenv("JPEGMEM")) != NULL) { data/htmldoc-1.9.8/vcnet/config.h:258:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_RAND() random() data/htmldoc-1.9.8/vcnet/config.h:259:28: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_SRAND(v) srandom(v) data/htmldoc-1.9.8/vcnet/config.h:261:26: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_RAND() lrand48() data/htmldoc-1.9.8/vcnet/config.h:265:28: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_SRAND(v) srand(v) data/htmldoc-1.9.8/xcode/config.h:180:26: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_RAND() random() data/htmldoc-1.9.8/xcode/config.h:181:28: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_SRAND(v) srandom(v) data/htmldoc-1.9.8/xcode/config.h:183:26: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_RAND() lrand48() data/htmldoc-1.9.8/xcode/config.h:187:28: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define HTMLDOC_SRAND(v) srand(v) data/htmldoc-1.9.8/cgi-bin/topdf.c:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; /* Command to execute */ data/htmldoc-1.9.8/htmldoc/array.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(da->saved, a->saved, sizeof(a->saved)); data/htmldoc-1.9.8/htmldoc/array.c:419:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(da->elements, a->elements, (size_t)a->num_elements * sizeof(void *)); data/htmldoc-1.9.8/htmldoc/epub.cxx:187:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(title_file, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/epub.cxx:946:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[100]; /* String buffer */ data/htmldoc-1.9.8/htmldoc/epub.cxx:1214:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char epubname[1024]; /* Name in ZIP container */ data/htmldoc-1.9.8/htmldoc/epub.cxx:1381:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[32]; /* Temporary string buffer */ data/htmldoc-1.9.8/htmldoc/file.c:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char proxy_host[HTTP_MAX_URI] = ""; /* Proxy hostname */ data/htmldoc-1.9.8/htmldoc/file.c:72:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cookies[1024] = ""; /* HTTP cookies, if any */ data/htmldoc-1.9.8/htmldoc/file.c:73:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char referer_url[HTTP_MAX_VALUE] = ""; data/htmldoc-1.9.8/htmldoc/file.c:85:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; /* Buffer for files with targets */ data/htmldoc-1.9.8/htmldoc/file.c:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Temporary file */ data/htmldoc-1.9.8/htmldoc/file.c:124:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[1024]; /* Temporary directory */ data/htmldoc-1.9.8/htmldoc/file.c:243:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; /* Buffer for files with targets */ data/htmldoc-1.9.8/htmldoc/file.c:255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scheme[HTTP_MAX_URI], data/htmldoc-1.9.8/htmldoc/file.c:306:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; /* Buffer for files with targets */ data/htmldoc-1.9.8/htmldoc/file.c:351:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scheme[HTTP_MAX_URI], /* Method/scheme */ data/htmldoc-1.9.8/htmldoc/file.c:358:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connpath[HTTP_MAX_URI], /* Path for GET */ data/htmldoc-1.9.8/htmldoc/file.c:365:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempname[HTTP_MAX_URI]; /* Temporary filename */ data/htmldoc-1.9.8/htmldoc/file.c:406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; /* Data buffer */ data/htmldoc-1.9.8/htmldoc/file.c:618:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basename[HTTP_MAX_URI]; /* Base (unquoted) filename */ data/htmldoc-1.9.8/htmldoc/file.c:620:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char filename[HTTP_MAX_URI]; /* Current filename */ data/htmldoc-1.9.8/htmldoc/file.c:842:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cwd[1024]; /* Current directory */ data/htmldoc-1.9.8/htmldoc/file.c:843:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024]; /* Temporary pathname */ data/htmldoc-1.9.8/htmldoc/file.c:844:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newfilename[1024]; /* New filename */ data/htmldoc-1.9.8/htmldoc/file.c:962:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scheme[HTTP_MAX_URI], /* Method name (must be HTTP) */ data/htmldoc-1.9.8/htmldoc/file.c:1063:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[1024]; /* Buffer for temp dir */ data/htmldoc-1.9.8/htmldoc/file.c:1114:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(name, OPENMODE, OPENPERM)) >= 0) data/htmldoc-1.9.8/htmldoc/gui.cxx:1140:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *htmldoc[1] = { (char *)"htmldoc" }; // argv[] array data/htmldoc-1.9.8/htmldoc/gui.cxx:1210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[4]; // Format string data/htmldoc-1.9.8/htmldoc/gui.cxx:1268:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NumberUp = atoi(numberUp->text(numberUp->value())); data/htmldoc-1.9.8/htmldoc/gui.cxx:1348:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[255]; // Page size string data/htmldoc-1.9.8/htmldoc/gui.cxx:1349:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char formats[256]; // Format characters data/htmldoc-1.9.8/htmldoc/gui.cxx:1618:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[10240]; // Line from file data/htmldoc-1.9.8/htmldoc/gui.cxx:1620:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char basename[1024]; // Base filename data/htmldoc-1.9.8/htmldoc/gui.cxx:1639:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "r"); data/htmldoc-1.9.8/htmldoc/gui.cxx:1706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024], // Option name data/htmldoc-1.9.8/htmldoc/gui.cxx:2108:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(temp2); data/htmldoc-1.9.8/htmldoc/gui.cxx:2139:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tocLevels->value(atoi(temp2)); data/htmldoc-1.9.8/htmldoc/gui.cxx:2358:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "w"); data/htmldoc-1.9.8/htmldoc/gui.cxx:2798:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/htmldoc-1.9.8/htmldoc/gui.cxx:2799:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char directory[1024]; data/htmldoc-1.9.8/htmldoc/gui.cxx:2806:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(gui->fc->value(i), "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/gui.cxx:2838:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(line); data/htmldoc-1.9.8/htmldoc/gui.cxx:2898:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; // Editor command data/htmldoc-1.9.8/htmldoc/gui.cxx:3158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; // Name of the output file data/htmldoc-1.9.8/htmldoc/gui.cxx:3239:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024], // Output filename data/htmldoc-1.9.8/htmldoc/gui.cxx:3533:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[1024]; // Command string data/htmldoc-1.9.8/htmldoc/gui.cxx:3682:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newcolor[255]; // New color string data/htmldoc-1.9.8/htmldoc/gui.cxx:3750:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newcolor[255]; // New color string data/htmldoc-1.9.8/htmldoc/gui.cxx:3790:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newcolor[255]; // New color string data/htmldoc-1.9.8/htmldoc/gui.cxx:3828:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char link[1024]; // filename#link data/htmldoc-1.9.8/htmldoc/gui.cxx:3906:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realname[1024]; // Real filename data/htmldoc-1.9.8/htmldoc/gui.cxx:4012:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024]; // Temporary string data/htmldoc-1.9.8/htmldoc/gui.cxx:4019:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base[1024], // Base directory of HTML file data/htmldoc-1.9.8/htmldoc/gui.cxx:4093:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (docfile = fopen(filename, "rb")) != NULL) data/htmldoc-1.9.8/htmldoc/gui.h:198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char book_filename[1024]; data/htmldoc-1.9.8/htmldoc/gui.h:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char title_string[1024]; data/htmldoc-1.9.8/htmldoc/html.cxx:212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realname[1024]; /* Real filename */ data/htmldoc-1.9.8/htmldoc/html.cxx:235:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *out = fopen(realname, "wb"); data/htmldoc-1.9.8/htmldoc/html.cxx:241:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *out = fopen(OutputPath, "wb"); data/htmldoc-1.9.8/htmldoc/html.cxx:463:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(title_file, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/html.h:290:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *_htmlFonts[TYPE_MAX][STYLE_MAX]; data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bookfile[1024]; // Book filename data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:261:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy((char *)BodyColor, argv[i], sizeof(BodyColor)); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:293:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy((char *)BodyImage, argv[i], sizeof(BodyImage)); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:341:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Compression = atoi(argv[i] + 14); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:753:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OutputJPEG = atoi(argv[i] + 7); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:849:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NumberUp = atoi(argv[i]); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1065:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TocLevels = atoi(argv[i]); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url[1024]; // URL data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1202:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NULL, server_name, atoi(server_port), path_info); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1205:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NULL, server_name, atoi(server_port), path_info); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1322:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char home[1024]; // Home (profile) directory data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1326:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char htmldocrc[1024];// HTMLDOC RC file data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1368:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2048]; // Line from RC file data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1376:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(prefs_getrc(), "r")) != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1392:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). LinkStyle = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1396:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageWidth = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1398:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageLength = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1400:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageLeft = atoi(line + 9); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1402:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageRight = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1404:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageTop = atoi(line + 8); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1406:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageBottom = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1408:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PageDuplex = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1410:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Landscape = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1412:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Compression = atoi(line + 12); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1415:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OutputColor = atoi(line + 12); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1419:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TocNumbers = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1421:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TocLevels = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1423:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OutputJPEG = atoi(line + 1); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1429:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NumberUp = atoi(line + 9); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1437:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _htmlBodyFont = (typeface_t)atoi(line + 9); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1439:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). _htmlHeadingFont = (typeface_t)atoi(line + 12); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1446:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). HeadFootType = (typeface_t)atoi(line + 13); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1448:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). HeadFootStyle = (style_t)atoi(line + 14); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1456:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PDFVersion = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1459:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PSLevel = atoi(line + 8); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1461:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PSCommands = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1463:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). XRXComments = atoi(line + 12); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1467:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PDFPageMode = atoi(line + 9); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1469:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PDFPageLayout = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1471:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PDFFirstPage = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1473:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). PDFEffect = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1479:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Encryption = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1481:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Permissions = atoi(line + 12); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1487:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Links = atoi(line + 6); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1489:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). EmbedFonts = atoi(line + 9); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1491:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). EmbedFonts = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1497:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). StrictHTML = atoi(line + 11); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1503:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Tooltips = atoi(line + 9); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1551:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(prefs_getrc(), "w")) != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1633:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char data[1024]; // Data directory data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1634:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char doc[1024]; // Documentation directory data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1635:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char path[4096]; // PATH environment variable data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PROC_PIDPATHINFO_MAXSIZE + 1]; data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1686:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char resources[1024]; // Resources directory data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1714:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char datadir[1024]; // Data directory data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1720:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char docdir[1024]; // Documentation directory data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1793:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[10240]; // Line from file data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1796:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[2048]; // Current path data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1816:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(local, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1888:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024], // Option name data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1928:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OutputJPEG = atoi(temp + 7); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1988:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Compression = atoi(temp + 14); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2156:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). NumberUp = atoi(temp2); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2189:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TocLevels = atoi(temp2); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2453:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base[1024]; // Base directory name of file data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2460:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((docfile = fopen(realname, "rb")) != NULL) data/htmldoc-1.9.8/htmldoc/htmldoc.h:139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char OutputPath[1024] VALUE(""); /* Output directory/name */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char OwnerPassword[33] VALUE(""), /* Owner password */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char *Header[3] NULL3, /* Header for regular pages */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char TitleImage[1024] VALUE(""), /* Title page image */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:194:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char HFImage[MAX_HF_IMAGES][1024] /* Header/footer images */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char Path[2048] VALUE(""), /* Search path */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:205:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR const char *PDFModes[3] /* Mode strings */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:210:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR const char *PDFLayouts[4] /* Layout strings */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:215:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR const char *PDFPages[3] /* First page strings */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:220:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR const char *PDFEffects[17] /* Effect strings */ data/htmldoc-1.9.8/htmldoc/htmldoc.h:230:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char HTMLEditor[1024] VALUE("notepad.exe \"%s\""); data/htmldoc-1.9.8/htmldoc/htmldoc.h:232:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char HTMLEditor[1024] VALUE("bbedit %s"); data/htmldoc-1.9.8/htmldoc/htmldoc.h:234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char HTMLEditor[1024] VALUE("gedit %s"); data/htmldoc-1.9.8/htmldoc/htmldoc.h:236:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. VAR char HTMLEditor[1024] VALUE("nedit %s"); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:141:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _htmlCharSet[256] = "iso-8859-1"; data/htmldoc-1.9.8/htmldoc/htmllib.cxx:161:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *_htmlGlyphsAll[65536]; /* Character glyphs for Unicode */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:162:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *_htmlGlyphs[256]; /* Character glyphs for charset */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:164:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *_htmlSorted[256]; /* Sorted character glyphs for charset */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:166:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *_htmlFonts[TYPE_MAX][STYLE_MAX] = data/htmldoc-1.9.8/htmldoc/htmllib.cxx:290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newbase[1024]; // New base directory for EMBED data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1092:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((embed = fopen((char *)filename, "r")) != NULL) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1163:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[255], // Font name data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1288:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char font[255], // Font name data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1365:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sizeval = atoi((char *)size); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1367:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sizeval = t->size + atoi((char *)size); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2097:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)s + slen, (char *)tdata, tlen); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2244:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Filenames */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char glyph[64]; /* Glyph name */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2249:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; /* Line from AFM file */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2266:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Filenames */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2438:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char glyph[64]; /* Glyph name */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2439:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; /* Line from charset file */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2454:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(line, "r")) != NULL) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2497:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2584:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (atoi((char *)*m0 + 1) - atoi((char *)*m1 + 1)); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2584:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (atoi((char *)*m0 + 1) - atoi((char *)*m1 + 1)); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[255]; /* Width or height value */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3209:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->width = (float)(atoi((char *)width_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3210:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->height = (float)(atoi((char *)height_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3220:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->width = (float)(atoi((char *)width_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3223:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). snprintf(number, sizeof(number), "%d", atoi((char *)width_ptr) * img->height / img->width); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3230:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->height = (float)(atoi((char *)height_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3233:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). snprintf(number, sizeof(number), "%d", atoi((char *)height_ptr) * img->width / img->height); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3260:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->width = (float)(atoi((char *)width_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3262:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->width = (float)(atoi((char *)size_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3267:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->height = (float)(atoi((char *)height_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3269:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->height = (float)(atoi((char *)size_ptr) / _htmlPPI * 72.0f); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3421:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024], /* Temporary filename */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3423:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newfilename[1024]; /* New filename */ data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3634:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_href[1024]; // Full HREF value data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:219:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char realname[1024]; /* Real filename */ data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:238:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *out = fopen(realname, "wb"); data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:426:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(title_file, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:935:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (strcmp((char *)headings[i], (char *)ptr) == 0) data/htmldoc-1.9.8/htmldoc/http-addr.c:646:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *ip_ptrs[2]; /* Pointer to packed address */ data/htmldoc-1.9.8/htmldoc/http-addr.c:799:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localStr[1024]; /* Local host name C string */ data/htmldoc-1.9.8/htmldoc/http-addr.c:879:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024]; /* Temporary string */ data/htmldoc-1.9.8/htmldoc/http-addrlist.c:404:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current, src, sizeof(http_addrlist_t)); data/htmldoc-1.9.8/htmldoc/http-addrlist.c:504:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv6[64], /* IPv6 address */ data/htmldoc-1.9.8/htmldoc/http-addrlist.c:582:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(temp->addr.ipv6), current->ai_addr, data/htmldoc-1.9.8/htmldoc/http-addrlist.c:585:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(temp->addr.ipv4), current->ai_addr, data/htmldoc-1.9.8/htmldoc/http-addrlist.c:630:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). portnum = atoi(service); data/htmldoc-1.9.8/htmldoc/http-addrlist.c:703:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(temp->addr.ipv6.sin6_addr), host->h_addr_list[i], data/htmldoc-1.9.8/htmldoc/http-addrlist.c:711:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(temp->addr.ipv4.sin_addr), host->h_addr_list[i], data/htmldoc-1.9.8/htmldoc/http-addrlist.c:757:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). portnum = atoi(service); data/htmldoc-1.9.8/htmldoc/http-private.h:264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[256]; /* Most recent error message */ data/htmldoc-1.9.8/htmldoc/http-private.h:305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[HTTP_MAX_HOST], data/htmldoc-1.9.8/htmldoc/http-private.h:313:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[HTTP_MAX_BUFFER]; data/htmldoc-1.9.8/htmldoc/http-private.h:317:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nonce[HTTP_MAX_VALUE]; data/htmldoc-1.9.8/htmldoc/http-private.h:329:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _authstring[HTTP_MAX_VALUE], data/htmldoc-1.9.8/htmldoc/http-private.h:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wbuffer[HTTP_MAX_BUFFER]; data/htmldoc-1.9.8/htmldoc/http-private.h:364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gsshost[256]; /* Hostname for Kerberos */ data/htmldoc-1.9.8/htmldoc/http-support.c:55:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const http_days[7] =/* Days of the week */ data/htmldoc-1.9.8/htmldoc/http-support.c:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const http_months[12] = data/htmldoc-1.9.8/htmldoc/http-support.c:446:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resource[1024]; /* Formatted resource string */ data/htmldoc-1.9.8/htmldoc/http-support.c:501:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1024]; /* Source string for MD5 */ data/htmldoc-1.9.8/htmldoc/http-support.c:503:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5sum[16]; /* MD5 digest/sum */ data/htmldoc-1.9.8/htmldoc/http-support.c:784:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char http_date[256]; /* Static buffer */ data/htmldoc-1.9.8/htmldoc/http-support.c:821:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mon[16]; /* Abbreviated month name */ data/htmldoc-1.9.8/htmldoc/http-support.c:1542:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scheme[32], /* URI components... */ data/htmldoc-1.9.8/htmldoc/http-support.c:2111:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resource[257], /* Remote path */ data/htmldoc-1.9.8/htmldoc/http-support.c:2131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[256]; /* UUID value */ data/htmldoc-1.9.8/htmldoc/http-support.c:2133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, value, valueLen); data/htmldoc-1.9.8/htmldoc/http-support.c:2187:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (((char *)value)[0] == '/') data/htmldoc-1.9.8/htmldoc/http-support.c:2193:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resource, value, valueLen); data/htmldoc-1.9.8/htmldoc/http-support.c:2203:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resource + 1, value, valueLen); data/htmldoc-1.9.8/htmldoc/http-support.c:2326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char resource[257], /* Remote path */ data/htmldoc-1.9.8/htmldoc/http-support.c:2353:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[256]; /* UUID value */ data/htmldoc-1.9.8/htmldoc/http-support.c:2357:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, value, valueLen); data/htmldoc-1.9.8/htmldoc/http-support.c:2431:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resource, value, valueLen); data/htmldoc-1.9.8/htmldoc/http-support.c:2441:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resource + 1, value, valueLen); data/htmldoc-1.9.8/htmldoc/http.c:231:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(credential->data, data, datalen); data/htmldoc-1.9.8/htmldoc/http.c:627:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; /* Junk buffer */ data/htmldoc-1.9.8/htmldoc/http.c:832:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[HTTP_MAX_VALUE], /* Copy of Accepts-Encoding value */ data/htmldoc-1.9.8/htmldoc/http.c:1388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[HTTP_MAX_VALUE], /* Temporary buffer for name */ data/htmldoc-1.9.8/htmldoc/http.c:1645:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len[32]; /* Length string */ data/htmldoc-1.9.8/htmldoc/http.c:1799:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(http->sbuffer + http->stream.avail_in, http->buffer, buflen); data/htmldoc-1.9.8/htmldoc/http.c:1855:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, http->buffer, length); data/htmldoc-1.9.8/htmldoc/http.c:1908:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16384]; /* Buffer for formatted string */ data/htmldoc-1.9.8/htmldoc/http.c:2085:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len[32]; /* Length string */ data/htmldoc-1.9.8/htmldoc/http.c:2112:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len[32]; /* Length string */ data/htmldoc-1.9.8/htmldoc/http.c:2145:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len[32]; /* Length string */ data/htmldoc-1.9.8/htmldoc/http.c:2193:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[4096], /* HTTP request line */ data/htmldoc-1.9.8/htmldoc/http.c:2913:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[32768], /* Line from connection... */ data/htmldoc-1.9.8/htmldoc/http.c:3050:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). http->expect = (http_status_t)atoi(value); data/htmldoc-1.9.8/htmldoc/http.c:3408:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(http->wbuffer + http->wused, buffer, length); data/htmldoc-1.9.8/htmldoc/http.c:3934:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char service[255]; /* Service name */ data/htmldoc-1.9.8/htmldoc/http.c:4022:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[255], /* Line buffer */ data/htmldoc-1.9.8/htmldoc/http.c:4042:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, " ", 3); data/htmldoc-1.9.8/htmldoc/http.c:4047:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, " ", 3); data/htmldoc-1.9.8/htmldoc/http.c:4210:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, http->buffer, (size_t)bytes); data/htmldoc-1.9.8/htmldoc/http.c:4240:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len[32]; /* Length string */ data/htmldoc-1.9.8/htmldoc/http.c:4302:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; /* Encoded URI buffer */ data/htmldoc-1.9.8/htmldoc/http.c:4821:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[16]; /* Chunk header */ data/htmldoc-1.9.8/htmldoc/http.h:417:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[256]; /* Padding to ensure binary compatibility */ data/htmldoc-1.9.8/htmldoc/http.h:489:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:489:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:489:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:489:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:491:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5Final(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:491:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5Final(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:491:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5Final(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:491:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5Final(const char *, const char *, const char *, data/htmldoc-1.9.8/htmldoc/http.h:493:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5String(const unsigned char *, char [33]); data/htmldoc-1.9.8/htmldoc/http.h:493:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *httpMD5String(const unsigned char *, char [33]); data/htmldoc-1.9.8/htmldoc/image.cxx:526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[255]; /* Destination file */ data/htmldoc-1.9.8/htmldoc/image.cxx:551:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((in = fopen(realsrc, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/image.cxx:558:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(dest, "wb")) == NULL) data/htmldoc-1.9.8/htmldoc/image.cxx:739:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(realname, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/image.h:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Name of image file (for caching of images */ data/htmldoc-1.9.8/htmldoc/iso8859.cxx:336:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uniglyph[32]; data/htmldoc-1.9.8/htmldoc/iso8859.cxx:418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uniglyph[32]; data/htmldoc-1.9.8/htmldoc/md5-private.h:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; /* accumulate block */ data/htmldoc-1.9.8/htmldoc/md5-private.h:68:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16]); data/htmldoc-1.9.8/htmldoc/md5.c:150:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xbuf, data, 64); data/htmldoc-1.9.8/htmldoc/md5.c:301:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pms->buf + offset, p, copy); data/htmldoc-1.9.8/htmldoc/md5.c:315:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pms->buf, p, left); data/htmldoc-1.9.8/htmldoc/md5.c:319:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16]) data/htmldoc-1.9.8/htmldoc/md5.c:321:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char pad[64] = { data/htmldoc-1.9.8/htmldoc/md5.c:327:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[8]; data/htmldoc-1.9.8/htmldoc/mmd.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[65536], /* Buffer */ data/htmldoc-1.9.8/htmldoc/mmd.c:213:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(allptr, current->text, textlen); data/htmldoc-1.9.8/htmldoc/mmd.c:340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[256]; /* Prefix string */ data/htmldoc-1.9.8/htmldoc/mmd.c:481:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/htmldoc-1.9.8/htmldoc/mmd.c:505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[8192], /* Read line */ data/htmldoc-1.9.8/htmldoc/mmd.c:1164:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[8192]; /* Reference text */ data/htmldoc-1.9.8/htmldoc/mmd.c:2290:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char unknown[64]; /* Unknown type buffer */ data/htmldoc-1.9.8/htmldoc/progress.cxx:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[2048]; /* Formatted text string */ data/htmldoc-1.9.8/htmldoc/progress.cxx:78:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmppath[1024]; // Buffer for temp dir data/htmldoc-1.9.8/htmldoc/progress.cxx:79:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; // htmldoc.log filename data/htmldoc-1.9.8/htmldoc/progress.cxx:85:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). error_log = fopen(filename, "a"); data/htmldoc-1.9.8/htmldoc/progress.cxx:159:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char text[2048]; /* Formatted text string */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char media_color[64], // Media color data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char page_text[64]; // Page number for TOC data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:197:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char stdout_filename[256]; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:584:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(title_file, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:674:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:688:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:706:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:721:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:726:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy((char *)pages[page].page_text, (page & 1) ? "eltit" : "title", sizeof(pages[page].page_text)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char page_text[64]; /* Page number text */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1505:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024], // String buffer data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1692:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy(bufptr, (char *)(pages[page].chapter), sizeof(buffer) - (size_t)(bufptr - buffer)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1701:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy(bufptr, (char *)(pages[page].heading), sizeof(buffer) - (size_t)(bufptr - buffer)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; // Copy buffer data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2390:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(stdout_filename, "rb"); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3436:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char url[1024], *urlptr; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3767:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3807:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy((char *)nptr, pages[hpage].page_text, sizeof(number) - (size_t)(nptr - number)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3813:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4396:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = atoi((char *)name) * (*right - *left) / 100; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4398:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = (float)(atoi((char *)name) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4404:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). height = (float)(atoi((char *)name) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4769:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *y -= atoi((char *)vspace); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4827:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *y -= atoi((char *)vspace); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4837:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). image_left += atoi((char *)hspace); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4850:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *y -= atoi((char *)vspace); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4910:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *y -= atoi((char *)vspace); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4918:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). image_right -= atoi((char *)hspace); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5203:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5371:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5573:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lineptr, " ", num_cols); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5590:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->data.text.rgb, rgb, sizeof(rgb)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5655:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char col_fixed[MAX_COLUMNS], data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5730:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table.row_spans[col] = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5801:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_text[255]; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6375:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table_width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6385:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table.height = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6393:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table.cellpadding = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6398:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cellspacing = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6552:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). colspan = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6558:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). table.row_spans[col] = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6676:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6974:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char table_text[255]; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7244:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). list_values[t->indent] = atoi((char *)value); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7258:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. strlcpy((char *)number, format_number(list_values[t->indent], (char)list_types[t->indent]), sizeof(number)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7323:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). list_values[t->indent] = atoi((char *)value); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7683:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pages[*page].media_position = atoi(comment); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8721:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)r->data.text.buffer, (char *)data, datalen); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8742:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)r->data.link, (char *)data, datalen); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8833:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, temp - 1, sizeof(page_t)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9008:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = (right - left) * atoi((char *)var) * 0.01f; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9010:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9026:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minh = PagePrintLength * atoi((char *)var) * 0.01f; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9028:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minh = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9339:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = (right - left) * atoi((char *)var) * 0.01f; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9341:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9354:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minh = PagePrintLength * atoi((char *)var) * 0.01f; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9356:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minh = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9432:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cellpadding = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9437:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cellspacing = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9520:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, t, sizeof(tree_t)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9537:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, t, sizeof(tree_t)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9640:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->width = (float)(atoi((char *)width) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9645:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->height = (float)(atoi((char *)height) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9660:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->width = (float)(atoi((char *)width) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9669:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). t->height = (float)(atoi((char *)height) * PagePrintWidth / _htmlBrowserWidth); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9743:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[255]; /* Filename */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9755:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (fopen(filename, "wb+")); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9761:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (fopen(filename, "wb+")); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9764:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (fopen(OutputPath, "wb+")); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9820:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sizes[255], /* Formatted string for size... */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9870:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xs[255], /* Formatted string for X... */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:10031:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(leftdata + leftcount, data, (size_t)(length - leftcount)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11260:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1024]; /* Temporary string */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11270:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char pad[32] = data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11617:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((prolog = fopen(temp, "rb")) != NULL) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11680:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(user_pad + i, pad, (size_t)(32 - i)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11691:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(owner_pad + i, pad, (size_t)(32 - i)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11736:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(owner_key, user_pad, 32); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11798:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(encrypt_key, digest, (size_t)encrypt_len); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[64], /* Prefix string */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* PFA filename */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12351:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char glyph[64], /* Glyph name */ data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12399:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12521:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12554:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). italic_angle = atoi(line + 12); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12558:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cap_height = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12560:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). x_height = atoi(line + 8); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12562:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ascent = atoi(line + 9); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12564:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). descent = atoi(line + 10); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12892:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10240]; /* Output buffer */ data/htmldoc-1.9.8/htmldoc/rc4.h:39:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sbox[256]; /* S boxes for encryption */ data/htmldoc-1.9.8/htmldoc/snprintf.c:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tformat[100], /* Temporary format string for sprintf() */ data/htmldoc-1.9.8/htmldoc/snprintf.c:206:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufptr, va_arg(ap, char *), width); data/htmldoc-1.9.8/htmldoc/string.c:155:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + dstlen, src, srclen); data/htmldoc-1.9.8/htmldoc/string.c:191:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, srclen); data/htmldoc-1.9.8/htmldoc/testhtml.cxx:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char base[1024]; /* Base directory */ data/htmldoc-1.9.8/htmldoc/testhtml.cxx:143:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen(file_find("", argv[i]), "r")) != NULL) data/htmldoc-1.9.8/htmldoc/tls-darwin.c:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/htmldoc-1.9.8/htmldoc/tls-darwin.c:187:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cert_name[256]; /* Certificate's common name (C string) */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:278:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char credentials_str[1024], /* String for incoming credentials */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; /* Common name associated with cert */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:465:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5_digest[16]; /* MD5 result */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:521:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Filename for keychain */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:639:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; /* Filename for keychain */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:809:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256], /* Hostname */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1157:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)credential->data, CFDataGetBytePtr(data), data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:140:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cserial[1024], /* Certificate serial number */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char credentials_str[1024], /* String for incoming credentials */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; /* Common name associated with cert */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:410:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5_digest[16]; /* MD5 result */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:448:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024], /* filename.crt */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:470:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) == NULL) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:583:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024], /* filename.crt */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:603:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(nfilename, "w")) == NULL) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:721:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024], /* site.crl */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:733:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(filename, "r")) != NULL) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1006:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256], /* Hostname */ data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1011:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char priority_string[1024]; data/htmldoc-1.9.8/htmldoc/tls-sspi.c:126:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cert_name[1024]; /* Name from certificate */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cert_name[256]; /* Common name */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:293:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5_digest[16]; /* MD5 result */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:369:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[1024]; /* Error message buffer */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:495:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[1024]; /* Error message buffer */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:668:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, sspi->readBuffer, bytesToCopy); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:790:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, pDataBuffer->pvBuffer, bytesToCopy); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:814:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((BYTE *)sspi->readBuffer) + sspi->readBufferUsed, ((BYTE *)pDataBuffer->pvBuffer) + bytesToCopy, bytesToSave); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:865:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256], /* Hostname */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1099:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sspi->writeBuffer + sspi->streamSizes.cbHeader, bufptr, chunk); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[256], /* Hostname */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1166:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR username[256]; /* Username returned from GetUserName() */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1167:3: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR commonName[256];/* Common name for certificate */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char username[1024], /* Current username */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2009:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char common_name[512]; /* Common name for cert */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2173:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2194:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2282:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[1024]; /* Error message string */ data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2296:23: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). count = MultiByteToWideChar(CP_ACP, 0, common_name, -1, NULL, 0); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2301:8: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (!MultiByteToWideChar(CP_ACP, 0, common_name, -1, commonNameUnicode, count)) data/htmldoc-1.9.8/htmldoc/toc.cxx:125:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *ones[10] = data/htmldoc-1.9.8/htmldoc/toc.cxx:189:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). heading_numbers[level] = atoi((char *)var); data/htmldoc-1.9.8/htmldoc/util.cxx:28:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *ones[10] = /* Roman numerals, 0-9 */ data/htmldoc-1.9.8/htmldoc/util.cxx:43:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *ONES[10] = /* Roman numerals, 0-9 */ data/htmldoc-1.9.8/htmldoc/util.cxx:58:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; /* String buffer */ data/htmldoc-1.9.8/htmldoc/util.cxx:337:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fmt[4]; // Old format string data/htmldoc-1.9.8/htmldoc/util.cxx:424:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char units[255]; /* Units string */ data/htmldoc-1.9.8/htmldoc/zipc.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_msg[256]; /* Formatted error message */ data/htmldoc-1.9.8/htmldoc/zipc.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16384]; /* Deflate buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[256]; /* File/directory name */ data/htmldoc-1.9.8/htmldoc/zipc.c:227:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[65536]; /* Copy buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:237:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((srcfile = fopen(srcname, text ? "r" : "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/zipc.c:544:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; /* Format buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:630:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, zc->readptr, rbytes); data/htmldoc-1.9.8/htmldoc/zipc.c:833:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[65536], /* Buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:1022:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cfile[256]; /* Container filename from header */ data/htmldoc-1.9.8/htmldoc/zipc.c:1030:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((zc->fp = fopen(filename, "rb")) == NULL) data/htmldoc-1.9.8/htmldoc/zipc.c:1142:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((zc->fp = fopen(filename, "w+b")) == NULL) data/htmldoc-1.9.8/htmldoc/zipc.c:1538:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; /* Buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:1555:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; /* Buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:1690:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2]; /* Buffer */ data/htmldoc-1.9.8/htmldoc/zipc.c:1708:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; /* Buffer */ data/htmldoc-1.9.8/jpeg/jcarith.c:41:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * dc_stats[NUM_ARITH_TBLS]; data/htmldoc-1.9.8/jpeg/jcarith.c:42:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * ac_stats[NUM_ARITH_TBLS]; data/htmldoc-1.9.8/jpeg/jcarith.c:45:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fixed_bin[4]; data/htmldoc-1.9.8/jpeg/jchuff.c:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ehufsi[256]; /* length of code for each symbol */ data/htmldoc-1.9.8/jpeg/jchuff.c:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char huffsize[257]; data/htmldoc-1.9.8/jpeg/jcmarker.c:231:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dc_in_use[NUM_ARITH_TBLS]; data/htmldoc-1.9.8/jpeg/jcmarker.c:232:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ac_in_use[NUM_ARITH_TBLS]; data/htmldoc-1.9.8/jpeg/jdarith.c:38:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * dc_stats[NUM_ARITH_TBLS]; data/htmldoc-1.9.8/jpeg/jdarith.c:39:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char * ac_stats[NUM_ARITH_TBLS]; data/htmldoc-1.9.8/jpeg/jdarith.c:42:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fixed_bin[4]; data/htmldoc-1.9.8/jpeg/jdhuff.c:330:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char huffsize[257]; data/htmldoc-1.9.8/jpeg/jerror.c:101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[JMSG_LENGTH_MAX]; data/htmldoc-1.9.8/jpeg/jinclude.h:62:32: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define MEMCOPY(dest,src,size) bcopy((const void *)(src), (void *)(dest), (size_t)(size)) data/htmldoc-1.9.8/jpeg/jinclude.h:68:32: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define MEMCOPY(dest,src,size) memcpy((void *)(dest), (const void *)(src), (size_t)(size)) data/htmldoc-1.9.8/jpeg/jmemsys.h:156:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_name[TEMP_NAME_LENGTH]; /* name if it's a file */ data/htmldoc-1.9.8/jpeg/jmemsys.h:162:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_name[TEMP_NAME_LENGTH]; /* name if it's a file */ data/htmldoc-1.9.8/jpeg/jmemsys.h:166:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_name[TEMP_NAME_LENGTH]; /* name of temp file */ data/htmldoc-1.9.8/jpeg/jpeglib.h:722:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[JMSG_STR_PARM_MAX]; data/htmldoc-1.9.8/png/png.c:223:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m[128]; data/htmldoc-1.9.8/png/png.c:737:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. png_convert_to_rfc1123_buffer(char out[29], png_const_timep ptime) data/htmldoc-1.9.8/png/png.c:739:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static PNG_CONST char short_months[12][4] = data/htmldoc-1.9.8/png/png.c:755:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number_buf[5]; /* enough for a four-digit year */ data/htmldoc-1.9.8/png/png.c:1833:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[196]; /* see below for calculation */ data/htmldoc-1.9.8/png/png.c:1852:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/ data/htmldoc-1.9.8/png/png.c:2990:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exponent[10]; data/htmldoc-1.9.8/png/png.c:3260:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digits[10]; data/htmldoc-1.9.8/png/png.h:1067:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. PNG_EXPORT(241, int, png_convert_to_rfc1123_buffer, (char out[29], data/htmldoc-1.9.8/png/png.h:2738:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[64]; data/htmldoc-1.9.8/png/pngdebug.h:109:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[256]; \ data/htmldoc-1.9.8/png/pngdebug.h:120:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[256]; \ data/htmldoc-1.9.8/png/pngdebug.h:131:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char format[256]; \ data/htmldoc-1.9.8/png/pngerror.c:43:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[16]; data/htmldoc-1.9.8/png/pngerror.c:258:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PNG_NUMBER_BUFFER_SIZE]; data/htmldoc-1.9.8/png/pngerror.c:268:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PNG_NUMBER_BUFFER_SIZE]; data/htmldoc-1.9.8/png/pngerror.c:293:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[192]; data/htmldoc-1.9.8/png/pngerror.c:428:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static PNG_CONST char png_digit[16] = { data/htmldoc-1.9.8/png/pngerror.c:483:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[18+PNG_MAX_ERROR_TEXT]; data/htmldoc-1.9.8/png/pngerror.c:499:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[18+PNG_MAX_ERROR_TEXT]; data/htmldoc-1.9.8/png/pngerror.c:577:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[fixed_message_ln+PNG_MAX_ERROR_TEXT]; data/htmldoc-1.9.8/png/pngerror.c:578:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, fixed_message, fixed_message_ln); data/htmldoc-1.9.8/png/pngerror.c:721:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_number[16]; data/htmldoc-1.9.8/png/pngerror.c:792:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char warning_number[16]; data/htmldoc-1.9.8/png/pngmem.c:154:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_array, old_array, element_size*(unsigned)old_elements); data/htmldoc-1.9.8/png/pngpread.c:439:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, png_ptr->save_buffer_ptr, save_size); data/htmldoc-1.9.8/png/pngpread.c:456:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, png_ptr->current_buffer_ptr, save_size); data/htmldoc-1.9.8/png/pngpread.c:506:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); data/htmldoc-1.9.8/png/pngpread.c:514:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size, data/htmldoc-1.9.8/png/pngpread.c:765:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1); data/htmldoc-1.9.8/png/pngpriv.h:1765:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char png_warning_parameters[PNG_WARNING_PARAMETER_COUNT][ data/htmldoc-1.9.8/png/pngread.c:559:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1); data/htmldoc-1.9.8/png/pngread.c:1502:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file_name, "rb"); data/htmldoc-1.9.8/png/pngread.c:1550:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, memory, need); data/htmldoc-1.9.8/png/pngrutil.c:346:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[64]; data/htmldoc-1.9.8/png/pngrutil.c:691:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(text, png_ptr->read_buffer, prefix_size); data/htmldoc-1.9.8/png/pngrutil.c:1410:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyword[81]; data/htmldoc-1.9.8/png/pngrutil.c:1489:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(profile, profile_header, data/htmldoc-1.9.8/png/pngrutil.c:1555:43: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->iccp_name, keyword, data/htmldoc-1.9.8/png/pngrutil.c:3630:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, sp, bytes_to_copy); data/htmldoc-1.9.8/png/pngrutil.c:3655:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, sp, PNG_ROWBYTES(pixel_depth, row_width)); data/htmldoc-1.9.8/png/pngrutil.c:3887:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, sp, pixel_bytes); data/htmldoc-1.9.8/png/pngrutil.c:3891:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, v, pixel_bytes); data/htmldoc-1.9.8/png/pngset.c:368:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->pcal_purpose, purpose, length); data/htmldoc-1.9.8/png/pngset.c:390:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->pcal_units, units, length); data/htmldoc-1.9.8/png/pngset.c:420:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->pcal_params[i], params[i], length); data/htmldoc-1.9.8/png/pngset.c:470:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->scal_s_width, swidth, lengthw); data/htmldoc-1.9.8/png/pngset.c:489:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->scal_s_height, sheight, lengthh); data/htmldoc-1.9.8/png/pngset.c:512:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char swidth[PNG_sCAL_MAX_DIGITS+1]; data/htmldoc-1.9.8/png/pngset.c:513:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sheight[PNG_sCAL_MAX_DIGITS+1]; data/htmldoc-1.9.8/png/pngset.c:542:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char swidth[PNG_sCAL_MAX_DIGITS+1]; data/htmldoc-1.9.8/png/pngset.c:543:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sheight[PNG_sCAL_MAX_DIGITS+1]; data/htmldoc-1.9.8/png/pngset.c:626:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(png_ptr->palette, palette, (unsigned int)num_palette * data/htmldoc-1.9.8/png/pngset.c:735:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_iccp_name, name, length); data/htmldoc-1.9.8/png/pngset.c:748:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_iccp_profile, profile, proflen); data/htmldoc-1.9.8/png/pngset.c:918:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(textp->key, text_ptr[i].key, key_len); data/htmldoc-1.9.8/png/pngset.c:924:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(textp->lang, text_ptr[i].lang, lang_len); data/htmldoc-1.9.8/png/pngset.c:927:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(textp->lang_key, text_ptr[i].lang_key, lang_key_len); data/htmldoc-1.9.8/png/pngset.c:940:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(textp->text, text_ptr[i].text, text_length); data/htmldoc-1.9.8/png/pngset.c:1021:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans); data/htmldoc-1.9.8/png/pngset.c:1123:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np->name, entries->name, length); data/htmldoc-1.9.8/png/pngset.c:1143:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np->entries, entries->entries, data/htmldoc-1.9.8/png/pngset.c:1262:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np->name, unknowns->name, (sizeof np->name)); data/htmldoc-1.9.8/png/pngset.c:1285:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(np->data, unknowns->data, unknowns->size); data/htmldoc-1.9.8/png/pngset.c:1364:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(list, add, 4); data/htmldoc-1.9.8/png/pngset.c:1465:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_list, png_ptr->chunk_list, 5*old_num_chunks); data/htmldoc-1.9.8/png/pngset.c:1498:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outlist, inlist, 5); data/htmldoc-1.9.8/png/pngstruct.h:362:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_buffer[29]; /* String to hold RFC 1123 time text */ data/htmldoc-1.9.8/png/pngwrite.c:842:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(png_ptr->row_buf + 1, row, row_info.rowbytes); data/htmldoc-1.9.8/png/pngwrite.c:2179:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(display->memory+ob, data, size); data/htmldoc-1.9.8/png/pngwrite.c:2338:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file_name, "wb"); data/htmldoc-1.9.8/png/pngwutil.c:299:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[64]; data/htmldoc-1.9.8/png/pngwutil.c:1830:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 1, width, wlen + 1); /* Append the '\0' here */ data/htmldoc-1.9.8/png/pngwutil.c:1831:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + wlen + 2, height, hlen); /* Do NOT append the '\0' here */ data/htmldoc-1.9.8/png/pngwutil.c:2250:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, sp, pixel_bytes); data/htmldoc-1.9.8/vcnet/config.h:38:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define open _open data/htmldoc-1.9.8/zlib/crc32.c:145:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen("crc32.h", "w"); data/htmldoc-1.9.8/zlib/gzguts.h:39:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open _open data/htmldoc-1.9.8/zlib/gzlib.c:36:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/htmldoc-1.9.8/zlib/gzlib.c:65:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown win32 error (%ld)", error); data/htmldoc-1.9.8/zlib/gzlib.c:245:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open((const char *)path, oflag, 0666)); data/htmldoc-1.9.8/zlib/gzlib.c:296:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(path, "<fd:%d>", fd); /* for debugging */ data/htmldoc-1.9.8/zlib/gzlib.c:611:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(state->msg, ": "); data/htmldoc-1.9.8/zlib/gzread.c:158:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->x.next, strm->next_in, strm->avail_in); data/htmldoc-1.9.8/zlib/gzread.c:332:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, state->x.next, n); data/htmldoc-1.9.8/zlib/gzread.c:391:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/htmldoc-1.9.8/zlib/gzread.c:531:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, state->x.next, n); data/htmldoc-1.9.8/zlib/gzwrite.c:218:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->in + have, buf, copy); data/htmldoc-1.9.8/zlib/gzwrite.c:250:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/htmldoc-1.9.8/zlib/inflate.c:623:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hbuf[4]; /* buffer for gzip header crc calculation */ data/htmldoc-1.9.8/zlib/inflate.c:1382:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; /* to restore bit buffer to byte string */ data/htmldoc-1.9.8/zlib/trees.c:330:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *header = fopen("trees.h", "w"); data/htmldoc-1.9.8/zlib/zutil.c:17:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. z_const char * const z_errmsg[10] = { data/htmldoc-1.9.8/zlib/zutil.h:47:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ data/htmldoc-1.9.8/zlib/zutil.h:107:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") data/htmldoc-1.9.8/zlib/zutil.h:184:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define F_OPEN(name, mode) fopen((name), (mode)) data/htmldoc-1.9.8/zlib/zutil.h:208:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define zmemcpy memcpy data/htmldoc-1.9.8/htmldoc/array.c:184:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen(start); data/htmldoc-1.9.8/htmldoc/file.c:526:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(username)); data/htmldoc-1.9.8/htmldoc/file.c:774:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ch = getc(fp)) == EOF) data/htmldoc-1.9.8/htmldoc/file.c:782:20: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int nextch = getc(fp); data/htmldoc-1.9.8/htmldoc/file.c:803:20: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int nextch = getc(fp); data/htmldoc-1.9.8/htmldoc/file.c:809:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nextch = getc(fp); data/htmldoc-1.9.8/htmldoc/gui.cxx:1797:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(temp) > 7) data/htmldoc-1.9.8/htmldoc/gui.cxx:1868:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(temp) > 14) data/htmldoc-1.9.8/htmldoc/gui.cxx:2851:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = '\0'; // strip newline data/htmldoc-1.9.8/htmldoc/html.cxx:588:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (t->data[strlen((char *)t->data) - 1] == '\n') data/htmldoc-1.9.8/htmldoc/html.cxx:591:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)t->data); data/htmldoc-1.9.8/htmldoc/html.cxx:595:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) data/htmldoc-1.9.8/htmldoc/html.cxx:604:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)t->data); data/htmldoc-1.9.8/htmldoc/html.cxx:725:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)entity); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:340:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > 14 && PDFVersion >= 12) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:732:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > 9) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:752:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[i]) > 7) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1160:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(argv[i]) > 5 && data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1161:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcmp(argv[i] + strlen(argv[i]) - 5, ".book") == 0) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1380:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (line[strlen(line) - 1] == '\n') data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1381:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = '\0'; data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1671:77: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). RegSetValueEx(key, "Path", 0, REG_EXPAND_SZ, (unsigned char *)path, strlen(path) + 1); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1755:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1927:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(temp) > 7) data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1987:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(temp) > 14) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:323:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:337:27: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:400:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:638:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). indent[strlen((char *)indent) - 4] = '\0'; data/htmldoc-1.9.8/htmldoc/htmllib.cxx:641:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). indent[strlen((char *)indent) - 4] = '\0'; data/htmldoc-1.9.8/htmldoc/htmllib.cxx:728:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:749:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:760:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:786:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:819:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:841:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:852:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:874:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1458:28: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (isspace(ch = getc(fp))) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1604:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (t->data[strlen((char *)t->data) - 1] == '\n') data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1607:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)t->data); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1611:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1620:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)t->data); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2085:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen((char *)tdata); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2190:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (namelen = strlen((char *)name), ptrlen = strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2190:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (namelen = strlen((char *)name), ptrlen = strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2285:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%63s", &width, glyph) != 2) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2456:14: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. while (fscanf(fp, "%x%63s", &unicode, glyph) == 2) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2696:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF && mptr < (markup + sizeof(markup) - 1)) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2702:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2723:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2747:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr = comment + strlen((char *)comment); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2775:20: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ch2 = getc(fp)) == '>') data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2798:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2819:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr += strlen((char *)cptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2830:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cptr += strlen((char *)cptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2850:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2870:12: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2875:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2907:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2931:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2946:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2949:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2956:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2965:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2987:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2998:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3030:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3039:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3060:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3071:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3104:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3113:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (ch = getc(fp)) != EOF) data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3134:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3145:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen((char *)ptr); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3528:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (filename[0] != '/' && *base && base[strlen(base) - 1] != '/') data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3562:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += (strlen((char *)t->vars[i].name) + 8) & (size_t)~7; data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3565:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += (strlen((char *)t->vars[i].value) + 8) & (size_t)~7; data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3569:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += (strlen((char *)t->data) + 8) & (size_t)~7; data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3734:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch2 = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3748:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch2 = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3755:11: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch3 = getc(fp); data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3771:25: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ch = utf8_getc(getc(fp), fp)) == 0) data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:594:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (t->data[strlen((char *)t->data) - 1] == '\n') data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:597:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)t->data); data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:601:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((col + (int)strlen((char *)t->data)) > 72 && col > 0) data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:610:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)t->data); data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:731:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). col += strlen((char *)entity); data/htmldoc-1.9.8/htmldoc/http-addr.c:136:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return ((int)(offsetof(struct sockaddr_un, sun_path) + strlen(addr->un.sun_path) + 1)); data/htmldoc-1.9.8/htmldoc/http-addr.c:208:12: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). mask = umask(0); data/htmldoc-1.9.8/htmldoc/http-addr.c:220:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(mask); data/htmldoc-1.9.8/htmldoc/http-addr.c:543:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(sptr); data/htmldoc-1.9.8/htmldoc/http-addr.c:550:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(sptr); data/htmldoc-1.9.8/htmldoc/http-addr.c:563:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(sptr); data/htmldoc-1.9.8/htmldoc/http-addr.c:573:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(sptr); data/htmldoc-1.9.8/htmldoc/http-addr.c:577:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr += strlen(sptr); data/htmldoc-1.9.8/htmldoc/http-addr.c:683:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hostent.h_length = (int)strlen(name) + 1; data/htmldoc-1.9.8/htmldoc/http-addr.c:838:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local")) data/htmldoc-1.9.8/htmldoc/http-addr.c:838:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local")) data/htmldoc-1.9.8/htmldoc/http-addrlist.c:532:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']') data/htmldoc-1.9.8/htmldoc/http-addrlist.c:552:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']') data/htmldoc-1.9.8/htmldoc/http-support.c:357:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(ptr); data/htmldoc-1.9.8/htmldoc/http-support.c:518:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _cupsMD5Append(&md5state, (unsigned char *)data, (int)strlen(data)); data/htmldoc-1.9.8/htmldoc/http-support.c:678:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (httpEncode64_2(out, 512, in, (int)strlen(in))); data/htmldoc-1.9.8/htmldoc/http-support.c:837:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(s, "%*s%d%15s%d%d:%d:%d", &day, mon, &year, &hour, &min, &sec) < 6) data/htmldoc-1.9.8/htmldoc/http-support.c:1277:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *resptr = resource + strlen(resource); data/htmldoc-1.9.8/htmldoc/http-support.c:2221:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (hostptr = hostTarget + strlen(hostTarget) - 7) > hostTarget && data/htmldoc-1.9.8/htmldoc/http-support.c:2245:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn || data/htmldoc-1.9.8/htmldoc/http-support.c:2459:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (hostptr = hostTarget + strlen(hostTarget) - 6) > hostTarget && data/htmldoc-1.9.8/htmldoc/http-support.c:2483:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn || data/htmldoc-1.9.8/htmldoc/http.c:2522:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1; data/htmldoc-1.9.8/htmldoc/http.c:2522:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1; data/htmldoc-1.9.8/htmldoc/http.c:2769:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(ptr) - 1; data/htmldoc-1.9.8/htmldoc/http.c:4033:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start = line + strlen(line); data/htmldoc-1.9.8/htmldoc/http.c:4833:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (http_write(http, header, strlen(header)) < 0) data/htmldoc-1.9.8/htmldoc/image.cxx:148:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((count = getc(fp)) == EOF) data/htmldoc-1.9.8/htmldoc/image.cxx:295:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). code_size = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:883:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); /* Skip "BM" sync chars */ data/htmldoc-1.9.8/htmldoc/image.cxx:884:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:905:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:955:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). byte = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:989:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1010:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1013:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((count = getc(fp)) == 0) data/htmldoc-1.9.8/htmldoc/image.cxx:1015:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((count = getc(fp)) == 0) data/htmldoc-1.9.8/htmldoc/image.cxx:1038:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = getc(fp) * getc(fp) * img->width; data/htmldoc-1.9.8/htmldoc/image.cxx:1038:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = getc(fp) * getc(fp) * img->width; data/htmldoc-1.9.8/htmldoc/image.cxx:1052:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). color = getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1064:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). temp = getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1117:3: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1120:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((count = getc(fp)) == 0) data/htmldoc-1.9.8/htmldoc/image.cxx:1122:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((count = getc(fp)) == 0) data/htmldoc-1.9.8/htmldoc/image.cxx:1145:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = getc(fp) * getc(fp) * img->width; data/htmldoc-1.9.8/htmldoc/image.cxx:1145:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count = getc(fp) * getc(fp) * img->width; data/htmldoc-1.9.8/htmldoc/image.cxx:1159:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). color = getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1167:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). temp = getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1192:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). temp = getc(fp) * 8; data/htmldoc-1.9.8/htmldoc/image.cxx:1193:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). temp += getc(fp) * 61; data/htmldoc-1.9.8/htmldoc/image.cxx:1194:16: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). temp += getc(fp) * 31; data/htmldoc-1.9.8/htmldoc/image.cxx:1202:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ptr[2] = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1203:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ptr[1] = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1204:24: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ptr[0] = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1213:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1261:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (getc(fp)) data/htmldoc-1.9.8/htmldoc/image.cxx:1267:27: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buf[0] = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1807:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b0 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1808:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b1 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1823:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b0 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1824:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b1 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1825:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b2 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1826:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b3 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1841:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b0 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1842:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b1 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1843:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b2 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/image.cxx:1844:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b3 = (uchar)getc(fp); data/htmldoc-1.9.8/htmldoc/iso8859.cxx:305:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((char *)name) == 1) data/htmldoc-1.9.8/htmldoc/mmd.c:184:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). textlen = strlen(current->text); data/htmldoc-1.9.8/htmldoc/mmd.c:349:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix_len = strlen(prefix); data/htmldoc-1.9.8/htmldoc/mmd.c:705:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineend = lineptr + strlen(lineptr) - 1; data/htmldoc-1.9.8/htmldoc/mmd.c:907:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = lineptr + strlen(lineptr) - 1; data/htmldoc-1.9.8/htmldoc/mmd.c:1019:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((end = lineptr + strlen(lineptr) - 1) > lineptr) data/htmldoc-1.9.8/htmldoc/mmd.c:1060:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (end = start + strlen(start) - 1; end > start && isspace(*end & 255); end --); data/htmldoc-1.9.8/htmldoc/mmd.c:1138:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *ptr = line + strlen(line); data/htmldoc-1.9.8/htmldoc/mmd.c:1143:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(ptr, ptr + 1, strlen(ptr)); data/htmldoc-1.9.8/htmldoc/mmd.c:1616:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end = text + strlen(text) - 1; data/htmldoc-1.9.8/htmldoc/mmd.c:1685:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). delimlen = strlen(delim); data/htmldoc-1.9.8/htmldoc/mmd.c:1864:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(lineptr, lineptr + 1, strlen(lineptr)); data/htmldoc-1.9.8/htmldoc/mmd.c:1968:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(lineptr, lineptr + 1, strlen(lineptr)); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1044:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen((char *)r->data.text.buffer); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1618:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1636:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1657:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1676:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1684:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1693:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1702:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1709:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1715:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1723:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1730:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5011:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ch = prev->data[strlen((char *)prev->data) - 1]; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5055:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). num_chars += strlen((char *)temp->data); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5262:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp_width = temp->width + char_spacing * strlen((char *)lineptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5272:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lineptr += strlen((char *)lineptr); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5488:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flat->data[strlen((char *)flat->data) - 1] == '\n')) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5931:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (height_var[strlen((char *)height_var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6372:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6382:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6571:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6673:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7020:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (height_var[strlen((char *)height_var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7304:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((char *)type) == 1) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8694:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datalen = strlen((char *)data); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9004:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (var[strlen((char *)var) - 1] != '%' || (right - left) > 0.0f)) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9007:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9025:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9112:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp->data[strlen((char *)temp->data) - 1] == '\n') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9143:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp->data[strlen((char *)temp->data) - 1] == '\n') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9159:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (temp->data[0] && isspace(temp->data[strlen((char *)temp->data) - 1])))) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9335:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (var[strlen((char *)var) - 1] != '%' || (right - left) > 0.0f)) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9338:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9353:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (var[strlen((char *)var) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9637:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (width[strlen((char *)width) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9642:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (height[strlen((char *)height) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9657:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (width[strlen((char *)width) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9666:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (height[strlen((char *)height) - 1] == '%') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9835:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = sizes + strlen(sizes) - 1; s > sizes && *s == '0'; s --) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9897:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = xs + strlen(xs) - 1; s > xs && *s == '0'; s --) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9903:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (s = ys + strlen(ys) - 1; s > ys && *s == '0'; s --) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11576:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j += strlen(_htmlGlyphs[i]) + 1; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11583:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(_htmlGlyphs[i]) + 1; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11679:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen(UserPassword)) < 32) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11690:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((i = strlen(OwnerPassword)) < 32) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12004:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (len = strlen((char *)s); len > 0; len -= bytes, s += bytes) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12425:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (line[strlen(line) - 1] != '\n') data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12444:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length1 += strlen(line); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12455:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length2 += (strlen(line) - 1) / 2; data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12458:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length3 = strlen(line); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12460:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length3 += strlen(line); data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12574:8: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%63s", &width, glyph) != 2) data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12878:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flate_write(out, (uchar *)s, strlen(s)); data/htmldoc-1.9.8/htmldoc/snprintf.c:108:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tformat, bufformat, format - bufformat); data/htmldoc-1.9.8/htmldoc/snprintf.c:113:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:117:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/htmldoc-1.9.8/htmldoc/snprintf.c:119:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, bufend - bufptr); data/htmldoc-1.9.8/htmldoc/snprintf.c:126:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:143:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tformat, bufformat, format - bufformat); data/htmldoc-1.9.8/htmldoc/snprintf.c:148:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:152:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/htmldoc-1.9.8/htmldoc/snprintf.c:154:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, bufend - bufptr); data/htmldoc-1.9.8/htmldoc/snprintf.c:161:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:171:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tformat, bufformat, format - bufformat); data/htmldoc-1.9.8/htmldoc/snprintf.c:176:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:180:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/htmldoc-1.9.8/htmldoc/snprintf.c:182:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, bufend - bufptr); data/htmldoc-1.9.8/htmldoc/snprintf.c:189:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:216:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/htmldoc-1.9.8/htmldoc/snprintf.c:232:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, s, slen); data/htmldoc-1.9.8/htmldoc/snprintf.c:238:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr + width - slen, s, slen); data/htmldoc-1.9.8/htmldoc/snprintf.c:250:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tformat, bufformat, format - bufformat); data/htmldoc-1.9.8/htmldoc/snprintf.c:255:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes += strlen(temp); data/htmldoc-1.9.8/htmldoc/snprintf.c:259:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((bufptr + strlen(temp)) > bufend) data/htmldoc-1.9.8/htmldoc/snprintf.c:261:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bufptr, temp, bufend - bufptr); data/htmldoc-1.9.8/htmldoc/snprintf.c:268:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(temp); data/htmldoc-1.9.8/htmldoc/string.c:47:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((t = malloc(strlen(s) + 1)) == NULL) data/htmldoc-1.9.8/htmldoc/string.c:136:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dstlen = strlen(dst); data/htmldoc-1.9.8/htmldoc/string.c:146:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srclen = strlen(src); data/htmldoc-1.9.8/htmldoc/string.c:182:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srclen = strlen(src); data/htmldoc-1.9.8/htmldoc/tls-darwin.c:488:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strlen(buffer)); data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1086:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((hostptr = hostname + strlen(hostname) - 1) >= hostname && data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1091:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname)); data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1114:6: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); /* in 1 millisecond */ data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1262:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:431:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strlen(buffer)); data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:475:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((lineptr = line + strlen(line) - 1) >= line && *lineptr == '\n') data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:529:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((num_data + strlen(line)) >= alloc_data) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:737:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((lineptr = line + strlen(line) - 1) >= line && *lineptr == '\n') data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:779:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((num_data + strlen(line)) >= alloc_data) data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:824:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr = buffer + strlen(buffer); data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1086:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((hostptr = hostname + strlen(hostname) - 1) >= hostname && data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1091:75: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, hostname, strlen(hostname)); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:330:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strlen(buffer)); data/htmldoc-1.9.8/htmldoc/tls-sspi.c:899:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((hostptr = hostname + strlen(hostname) - 1) >= hostname && data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1188:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((hostptr = hostname + strlen(hostname) - 1) >= hostname && data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2242:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (ptr = buffer + strlen(buffer) - 1; ptr >= buffer; ptr --) data/htmldoc-1.9.8/htmldoc/toc.cxx:207:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uchar *baseptr = baselink + strlen((char *)baselink); data/htmldoc-1.9.8/htmldoc/toc.cxx:208:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uchar *headptr = heading + strlen((char *)heading); data/htmldoc-1.9.8/htmldoc/toc.cxx:272:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen((char *)existing) >= 124) /* Max size of link name */ data/htmldoc-1.9.8/htmldoc/util.cxx:150:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((char *)color) == 6) data/htmldoc-1.9.8/htmldoc/util.cxx:187:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = (int)strlen((char *)color + 1); data/htmldoc-1.9.8/htmldoc/util.cxx:487:12: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. else if (sscanf(size, "%fx%f%254s", &width, &length, units) >= 2) data/htmldoc-1.9.8/htmldoc/zipc.c:312:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *end = zf->filename + strlen(zf->filename); data/htmldoc-1.9.8/htmldoc/zipc.c:385:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(contents); /* Length of contents */ data/htmldoc-1.9.8/htmldoc/zipc.c:565:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (zipcFileWrite(zf, buffer, strlen(buffer))); data/htmldoc-1.9.8/htmldoc/zipc.c:591:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (zipcFileWrite(zf, s, strlen(s))); data/htmldoc-1.9.8/htmldoc/zipc.c:869:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/zipc.c:877:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bufptr += strlen(bufptr); data/htmldoc-1.9.8/htmldoc/zipc.c:925:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format += strlen(format); data/htmldoc-1.9.8/htmldoc/zipc.c:932:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format += strlen(format); data/htmldoc-1.9.8/htmldoc/zipc.c:1097:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(zf->filename, cfile, sizeof(zf->filename) - 1); data/htmldoc-1.9.8/htmldoc/zipc.c:1268:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attrlen = strlen(attrname); data/htmldoc-1.9.8/htmldoc/zipc.c:1381:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(temp->filename, filename, sizeof(temp->filename) - 1); data/htmldoc-1.9.8/htmldoc/zipc.c:1595:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filenamelen = strlen(zf->filename); data/htmldoc-1.9.8/htmldoc/zipc.c:1630:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filenamelen = strlen(zf->filename); data/htmldoc-1.9.8/jpeg/jerror.h:245:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((cinfo)->err->msg_parm.s, (str), JMSG_STR_PARM_MAX), \ data/htmldoc-1.9.8/jpeg/jerror.h:301:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((cinfo)->err->msg_parm.s, (str), JMSG_STR_PARM_MAX), \ data/htmldoc-1.9.8/png/pngrutil.c:2569:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_info.text_length = strlen(text); data/htmldoc-1.9.8/png/pngset.c:325:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(purpose) + 1; data/htmldoc-1.9.8/png/pngset.c:350:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !png_check_fp_string(params[i], strlen(params[i]))) data/htmldoc-1.9.8/png/pngset.c:376:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(units) + 1; data/htmldoc-1.9.8/png/pngset.c:407:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(params[i]) + 1; data/htmldoc-1.9.8/png/pngset.c:446:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (swidth == NULL || (lengthw = strlen(swidth)) == 0 || data/htmldoc-1.9.8/png/pngset.c:450:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sheight == NULL || (lengthh = strlen(sheight)) == 0 || data/htmldoc-1.9.8/png/pngset.c:725:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name)+1; data/htmldoc-1.9.8/png/pngset.c:851:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key_len = strlen(text_ptr[i].key); data/htmldoc-1.9.8/png/pngset.c:865:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lang_len = strlen(text_ptr[i].lang); data/htmldoc-1.9.8/png/pngset.c:871:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lang_key_len = strlen(text_ptr[i].lang_key); data/htmldoc-1.9.8/png/pngset.c:898:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_length = strlen(text_ptr[i].text); data/htmldoc-1.9.8/png/pngset.c:1117:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(entries->name) + 1; data/htmldoc-1.9.8/png/pngwutil.c:1549:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_len = strlen(text); data/htmldoc-1.9.8/png/pngwutil.c:1604:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text == NULL ? 0 : strlen(text)); data/htmldoc-1.9.8/png/pngwutil.c:1672:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lang_len = strlen(lang)+1; data/htmldoc-1.9.8/png/pngwutil.c:1674:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lang_key_len = strlen(lang_key)+1; data/htmldoc-1.9.8/png/pngwutil.c:1688:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). png_text_compress_init(&comp, (png_const_bytep)text, strlen(text)); data/htmldoc-1.9.8/png/pngwutil.c:1770:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). units_len = strlen(units) + (nparams == 0 ? 0 : 1); data/htmldoc-1.9.8/png/pngwutil.c:1782:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). params_len[i] = strlen(params[i]) + (i == nparams - 1 ? 0 : 1); data/htmldoc-1.9.8/png/pngwutil.c:1819:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen(width); data/htmldoc-1.9.8/png/pngwutil.c:1820:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hlen = strlen(height); data/htmldoc-1.9.8/vcnet/config.h:39:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read _read data/htmldoc-1.9.8/vcnet/config.h:61:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. #define usleep(X) Sleep((X)/1000) data/htmldoc-1.9.8/zlib/gzguts.h:40:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define read _read data/htmldoc-1.9.8/zlib/gzlib.c:199:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((const char *)path); data/htmldoc-1.9.8/zlib/gzlib.c:601:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) == data/htmldoc-1.9.8/zlib/gzlib.c:601:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) == data/htmldoc-1.9.8/zlib/gzlib.c:607:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(state->msg, strlen(state->path) + strlen(msg) + 3, data/htmldoc-1.9.8/zlib/gzlib.c:607:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snprintf(state->msg, strlen(state->path) + strlen(msg) + 3, data/htmldoc-1.9.8/zlib/gzread.c:30:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(state->fd, buf + *have, len - *have); data/htmldoc-1.9.8/zlib/gzwrite.c:301:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (unsigned)strlen(str); data/htmldoc-1.9.8/zlib/gzwrite.c:355:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char *)(state->in)); data/htmldoc-1.9.8/zlib/gzwrite.c:443:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char *)(state->in)); ANALYSIS SUMMARY: Hits = 1013 Lines analyzed = 145045 in approximately 3.85 seconds (37722 lines/second) Physical Source Lines of Code (SLOC) = 94461 Hits@level = [0] 700 [1] 320 [2] 558 [3] 48 [4] 86 [5] 1 Hits@level+ = [0+] 1713 [1+] 1013 [2+] 693 [3+] 135 [4+] 87 [5+] 1 Hits/KSLOC@level+ = [0+] 18.1345 [1+] 10.724 [2+] 7.33636 [3+] 1.42916 [4+] 0.921015 [5+] 0.0105864 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.