Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/htmldoc-1.9.8/cgi-bin/topdf.c
Examining data/htmldoc-1.9.8/htmldoc/array-private.h
Examining data/htmldoc-1.9.8/htmldoc/array.c
Examining data/htmldoc-1.9.8/htmldoc/array.h
Examining data/htmldoc-1.9.8/htmldoc/debug.h
Examining data/htmldoc-1.9.8/htmldoc/epub.cxx
Examining data/htmldoc-1.9.8/htmldoc/file.c
Examining data/htmldoc-1.9.8/htmldoc/file.h
Examining data/htmldoc-1.9.8/htmldoc/gui.cxx
Examining data/htmldoc-1.9.8/htmldoc/gui.h
Examining data/htmldoc-1.9.8/htmldoc/hdstring.h
Examining data/htmldoc-1.9.8/htmldoc/html.cxx
Examining data/htmldoc-1.9.8/htmldoc/html.h
Examining data/htmldoc-1.9.8/htmldoc/htmldoc.cxx
Examining data/htmldoc-1.9.8/htmldoc/htmldoc.h
Examining data/htmldoc-1.9.8/htmldoc/htmllib.cxx
Examining data/htmldoc-1.9.8/htmldoc/htmlsep.cxx
Examining data/htmldoc-1.9.8/htmldoc/http-addr.c
Examining data/htmldoc-1.9.8/htmldoc/http-addrlist.c
Examining data/htmldoc-1.9.8/htmldoc/http-private.h
Examining data/htmldoc-1.9.8/htmldoc/http-support.c
Examining data/htmldoc-1.9.8/htmldoc/http.c
Examining data/htmldoc-1.9.8/htmldoc/http.h
Examining data/htmldoc-1.9.8/htmldoc/image.cxx
Examining data/htmldoc-1.9.8/htmldoc/image.h
Examining data/htmldoc-1.9.8/htmldoc/iso8859.cxx
Examining data/htmldoc-1.9.8/htmldoc/iso8859.h
Examining data/htmldoc-1.9.8/htmldoc/license.cxx
Examining data/htmldoc-1.9.8/htmldoc/markdown.cxx
Examining data/htmldoc-1.9.8/htmldoc/markdown.h
Examining data/htmldoc-1.9.8/htmldoc/md5-private.h
Examining data/htmldoc-1.9.8/htmldoc/md5.c
Examining data/htmldoc-1.9.8/htmldoc/mmd.c
Examining data/htmldoc-1.9.8/htmldoc/mmd.h
Examining data/htmldoc-1.9.8/htmldoc/progress.cxx
Examining data/htmldoc-1.9.8/htmldoc/progress.h
Examining data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx
Examining data/htmldoc-1.9.8/htmldoc/rc4.c
Examining data/htmldoc-1.9.8/htmldoc/rc4.h
Examining data/htmldoc-1.9.8/htmldoc/snprintf.c
Examining data/htmldoc-1.9.8/htmldoc/string.c
Examining data/htmldoc-1.9.8/htmldoc/testhtml.cxx
Examining data/htmldoc-1.9.8/htmldoc/tls-darwin.c
Examining data/htmldoc-1.9.8/htmldoc/tls-gnutls.c
Examining data/htmldoc-1.9.8/htmldoc/tls-sspi.c
Examining data/htmldoc-1.9.8/htmldoc/tls.c
Examining data/htmldoc-1.9.8/htmldoc/toc.cxx
Examining data/htmldoc-1.9.8/htmldoc/types.h
Examining data/htmldoc-1.9.8/htmldoc/util.cxx
Examining data/htmldoc-1.9.8/htmldoc/zipc.c
Examining data/htmldoc-1.9.8/htmldoc/zipc.h
Examining data/htmldoc-1.9.8/jpeg/jaricom.c
Examining data/htmldoc-1.9.8/jpeg/jcapimin.c
Examining data/htmldoc-1.9.8/jpeg/jcapistd.c
Examining data/htmldoc-1.9.8/jpeg/jcarith.c
Examining data/htmldoc-1.9.8/jpeg/jccoefct.c
Examining data/htmldoc-1.9.8/jpeg/jccolor.c
Examining data/htmldoc-1.9.8/jpeg/jcdctmgr.c
Examining data/htmldoc-1.9.8/jpeg/jchuff.c
Examining data/htmldoc-1.9.8/jpeg/jcinit.c
Examining data/htmldoc-1.9.8/jpeg/jcmainct.c
Examining data/htmldoc-1.9.8/jpeg/jcmarker.c
Examining data/htmldoc-1.9.8/jpeg/jcmaster.c
Examining data/htmldoc-1.9.8/jpeg/jcomapi.c
Examining data/htmldoc-1.9.8/jpeg/jconfig.h
Examining data/htmldoc-1.9.8/jpeg/jcparam.c
Examining data/htmldoc-1.9.8/jpeg/jcprepct.c
Examining data/htmldoc-1.9.8/jpeg/jcsample.c
Examining data/htmldoc-1.9.8/jpeg/jctrans.c
Examining data/htmldoc-1.9.8/jpeg/jdapimin.c
Examining data/htmldoc-1.9.8/jpeg/jdapistd.c
Examining data/htmldoc-1.9.8/jpeg/jdarith.c
Examining data/htmldoc-1.9.8/jpeg/jdatadst.c
Examining data/htmldoc-1.9.8/jpeg/jdatasrc.c
Examining data/htmldoc-1.9.8/jpeg/jdcoefct.c
Examining data/htmldoc-1.9.8/jpeg/jdcolor.c
Examining data/htmldoc-1.9.8/jpeg/jdct.h
Examining data/htmldoc-1.9.8/jpeg/jddctmgr.c
Examining data/htmldoc-1.9.8/jpeg/jdhuff.c
Examining data/htmldoc-1.9.8/jpeg/jdinput.c
Examining data/htmldoc-1.9.8/jpeg/jdmainct.c
Examining data/htmldoc-1.9.8/jpeg/jdmarker.c
Examining data/htmldoc-1.9.8/jpeg/jdmaster.c
Examining data/htmldoc-1.9.8/jpeg/jdmerge.c
Examining data/htmldoc-1.9.8/jpeg/jdpostct.c
Examining data/htmldoc-1.9.8/jpeg/jdsample.c
Examining data/htmldoc-1.9.8/jpeg/jdtrans.c
Examining data/htmldoc-1.9.8/jpeg/jerror.c
Examining data/htmldoc-1.9.8/jpeg/jerror.h
Examining data/htmldoc-1.9.8/jpeg/jfdctflt.c
Examining data/htmldoc-1.9.8/jpeg/jfdctfst.c
Examining data/htmldoc-1.9.8/jpeg/jfdctint.c
Examining data/htmldoc-1.9.8/jpeg/jidctflt.c
Examining data/htmldoc-1.9.8/jpeg/jidctfst.c
Examining data/htmldoc-1.9.8/jpeg/jidctint.c
Examining data/htmldoc-1.9.8/jpeg/jinclude.h
Examining data/htmldoc-1.9.8/jpeg/jmemmgr.c
Examining data/htmldoc-1.9.8/jpeg/jmemnobs.c
Examining data/htmldoc-1.9.8/jpeg/jmemsys.h
Examining data/htmldoc-1.9.8/jpeg/jmorecfg.h
Examining data/htmldoc-1.9.8/jpeg/jpegint.h
Examining data/htmldoc-1.9.8/jpeg/jpeglib.h
Examining data/htmldoc-1.9.8/jpeg/jquant1.c
Examining data/htmldoc-1.9.8/jpeg/jquant2.c
Examining data/htmldoc-1.9.8/jpeg/jutils.c
Examining data/htmldoc-1.9.8/jpeg/jversion.h
Examining data/htmldoc-1.9.8/png/png.c
Examining data/htmldoc-1.9.8/png/png.h
Examining data/htmldoc-1.9.8/png/pngconf.h
Examining data/htmldoc-1.9.8/png/pngdebug.h
Examining data/htmldoc-1.9.8/png/pngerror.c
Examining data/htmldoc-1.9.8/png/pngget.c
Examining data/htmldoc-1.9.8/png/pnginfo.h
Examining data/htmldoc-1.9.8/png/pnglibconf.h
Examining data/htmldoc-1.9.8/png/pngmem.c
Examining data/htmldoc-1.9.8/png/pngpread.c
Examining data/htmldoc-1.9.8/png/pngpriv.h
Examining data/htmldoc-1.9.8/png/pngread.c
Examining data/htmldoc-1.9.8/png/pngrio.c
Examining data/htmldoc-1.9.8/png/pngrtran.c
Examining data/htmldoc-1.9.8/png/pngrutil.c
Examining data/htmldoc-1.9.8/png/pngset.c
Examining data/htmldoc-1.9.8/png/pngstruct.h
Examining data/htmldoc-1.9.8/png/pngtrans.c
Examining data/htmldoc-1.9.8/png/pngwio.c
Examining data/htmldoc-1.9.8/png/pngwrite.c
Examining data/htmldoc-1.9.8/png/pngwtran.c
Examining data/htmldoc-1.9.8/png/pngwutil.c
Examining data/htmldoc-1.9.8/vcnet/config.h
Examining data/htmldoc-1.9.8/vcnet/icons.h
Examining data/htmldoc-1.9.8/xcode/config.h
Examining data/htmldoc-1.9.8/zlib/adler32.c
Examining data/htmldoc-1.9.8/zlib/compress.c
Examining data/htmldoc-1.9.8/zlib/crc32.c
Examining data/htmldoc-1.9.8/zlib/crc32.h
Examining data/htmldoc-1.9.8/zlib/deflate.c
Examining data/htmldoc-1.9.8/zlib/deflate.h
Examining data/htmldoc-1.9.8/zlib/gzclose.c
Examining data/htmldoc-1.9.8/zlib/gzguts.h
Examining data/htmldoc-1.9.8/zlib/gzlib.c
Examining data/htmldoc-1.9.8/zlib/gzread.c
Examining data/htmldoc-1.9.8/zlib/gzwrite.c
Examining data/htmldoc-1.9.8/zlib/infback.c
Examining data/htmldoc-1.9.8/zlib/inffast.c
Examining data/htmldoc-1.9.8/zlib/inffast.h
Examining data/htmldoc-1.9.8/zlib/inffixed.h
Examining data/htmldoc-1.9.8/zlib/inflate.c
Examining data/htmldoc-1.9.8/zlib/inflate.h
Examining data/htmldoc-1.9.8/zlib/inftrees.c
Examining data/htmldoc-1.9.8/zlib/inftrees.h
Examining data/htmldoc-1.9.8/zlib/trees.c
Examining data/htmldoc-1.9.8/zlib/trees.h
Examining data/htmldoc-1.9.8/zlib/uncompr.c
Examining data/htmldoc-1.9.8/zlib/zconf.h
Examining data/htmldoc-1.9.8/zlib/zlib.h
Examining data/htmldoc-1.9.8/zlib/zutil.c
Examining data/htmldoc-1.9.8/zlib/zutil.h

FINAL RESULTS:

data/htmldoc-1.9.8/htmldoc/http-addr.c:221:5:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    chmod(addr->un.sun_path, 0140777);
data/htmldoc-1.9.8/cgi-bin/topdf.c:13:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(command, "htmldoc -t pdf --webpage %s", filename);
data/htmldoc-1.9.8/cgi-bin/topdf.c:15:11:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  return (popen(command, "w"));
data/htmldoc-1.9.8/cgi-bin/topdf.c:23:11:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  return (popen("htmldoc -t pdf --webpage -", "w"));
data/htmldoc-1.9.8/htmldoc/debug.h:21:29:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#    define DEBUG_printf(x) printf x
data/htmldoc-1.9.8/htmldoc/file.c:158:2:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	snprintf(filename, sizeof(filename), TEMPLATE, tmpdir, (long)getpid(), (int)(i + 1));
data/htmldoc-1.9.8/htmldoc/file.c:185:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(filename, sizeof(filename), TEMPLATE, tmpdir, (long)getpid(), (int)(i + 1));
data/htmldoc-1.9.8/htmldoc/file.c:196:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename), TEMPLATE, tmpdir, (long)getpid(), (int)web_files);
data/htmldoc-1.9.8/htmldoc/file.c:392:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(filename, 0))
data/htmldoc-1.9.8/htmldoc/file.c:1112:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(name, (size_t)len, TEMPLATE, tmpdir, (long)getpid(), (int)web_files);
data/htmldoc-1.9.8/htmldoc/gui.cxx:2912:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(command, sizeof(command), gui->htmlEditor->value(),
data/htmldoc-1.9.8/htmldoc/gui.cxx:2924:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      if (system(command))
data/htmldoc-1.9.8/htmldoc/gui.cxx:3925:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(filename, 0) == 0)
data/htmldoc-1.9.8/htmldoc/hdstring.h:42:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf		_snprintf
data/htmldoc-1.9.8/htmldoc/hdstring.h:42:23:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf		_snprintf
data/htmldoc-1.9.8/htmldoc/hdstring.h:43:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define vsnprintf		_vsnprintf
data/htmldoc-1.9.8/htmldoc/hdstring.h:88:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define snprintf hd_snprintf
data/htmldoc-1.9.8/htmldoc/hdstring.h:93:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    define vsnprintf hd_vsnprintf
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:198:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      if (access(bookfile, 0))
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:203:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(bookfile, 0))
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:210:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(bookfile, 0))
data/htmldoc-1.9.8/htmldoc/http-support.c:467:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(resource, sizeof(resource), resourcef, ap);
data/htmldoc-1.9.8/htmldoc/http.c:1915:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(buf, sizeof(buf), format, ap);
data/htmldoc-1.9.8/htmldoc/http.c:2828:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(http->fields[HTTP_FIELD_CONTENT_LENGTH], HTTP_MAX_VALUE,
data/htmldoc-1.9.8/htmldoc/mmd.c:18:29:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUG_printf(...)	fprintf(stderr, __VA_ARGS__)
data/htmldoc-1.9.8/htmldoc/mmd.c:25:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUG2_printf(...)	fprintf(stderr, __VA_ARGS__)
data/htmldoc-1.9.8/htmldoc/mmd.c:69:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf 	_snprintf
data/htmldoc-1.9.8/htmldoc/mmd.c:69:21:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf 	_snprintf
data/htmldoc-1.9.8/htmldoc/progress.cxx:57:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(text, sizeof(text), format, ap);
data/htmldoc-1.9.8/htmldoc/progress.cxx:163:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(text, sizeof(text), format, ap);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4675:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUG_printf(x) printf x
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5638:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUG_printf(x) printf x
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7343:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUG_printf(x) printf x
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8968:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define DEBUG_printf(x) printf x
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12897:12:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  length = vsnprintf(buf, sizeof(buf), format, ap);
data/htmldoc-1.9.8/htmldoc/snprintf.c:111:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(temp, tformat, va_arg(ap, double));
data/htmldoc-1.9.8/htmldoc/snprintf.c:125:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bufptr, temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:146:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(temp, tformat, va_arg(ap, int));
data/htmldoc-1.9.8/htmldoc/snprintf.c:160:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bufptr, temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:174:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(temp, tformat, va_arg(ap, void *));
data/htmldoc-1.9.8/htmldoc/snprintf.c:188:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bufptr, temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:253:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(temp, tformat, va_arg(ap, int));
data/htmldoc-1.9.8/htmldoc/snprintf.c:267:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(bufptr, temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:310:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  bytes = vsnprintf(buffer, bufsize, format, ap);
data/htmldoc-1.9.8/htmldoc/string.c:50:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  return (strcpy(t, s));
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1524:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(path, R_OK) && tls_cups_keychain)
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:680:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(buffer, 0))
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:691:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(buffer, 0))
data/htmldoc-1.9.8/htmldoc/zipc.c:555:7:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  if (vsnprintf(buffer, sizeof(buffer), format, ap) < 0)
data/htmldoc-1.9.8/jpeg/jerror.c:194:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buffer, msgtext, err->msg_parm.s);
data/htmldoc-1.9.8/jpeg/jerror.c:196:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(buffer, msgtext,
data/htmldoc-1.9.8/png/pngdebug.h:84:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? "   " : \
data/htmldoc-1.9.8/png/pngdebug.h:92:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? "   " : \
data/htmldoc-1.9.8/png/pngdebug.h:100:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,"%s" m PNG_STRING_NEWLINE,(num_tabs==1 ? "   " : \
data/htmldoc-1.9.8/png/pngdebug.h:113:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,format); \
data/htmldoc-1.9.8/png/pngdebug.h:124:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,format,p1); \
data/htmldoc-1.9.8/png/pngdebug.h:135:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(PNG_DEBUG_FILE,format,p1,p2); \
data/htmldoc-1.9.8/png/pngerror.c:734:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
         fprintf(stderr, PNG_STRING_NEWLINE);
data/htmldoc-1.9.8/png/pngerror.c:741:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
         fprintf(stderr, PNG_STRING_NEWLINE);
data/htmldoc-1.9.8/png/pngerror.c:749:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, PNG_STRING_NEWLINE);
data/htmldoc-1.9.8/png/pngerror.c:805:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
         fprintf(stderr, PNG_STRING_NEWLINE);
data/htmldoc-1.9.8/png/pngerror.c:812:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
         fprintf(stderr, PNG_STRING_NEWLINE);
data/htmldoc-1.9.8/png/pngerror.c:820:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, PNG_STRING_NEWLINE);
data/htmldoc-1.9.8/vcnet/config.h:33:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#define access		_access
data/htmldoc-1.9.8/vcnet/config.h:41:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf 	_snprintf
data/htmldoc-1.9.8/vcnet/config.h:41:19:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf 	_snprintf
data/htmldoc-1.9.8/vcnet/config.h:44:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf 	_vsnprintf
data/htmldoc-1.9.8/zlib/gzguts.h:78:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#    if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/htmldoc-1.9.8/zlib/gzguts.h:80:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#         define vsnprintf _vsnprintf
data/htmldoc-1.9.8/zlib/gzguts.h:103:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/htmldoc-1.9.8/zlib/gzguts.h:103:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/htmldoc-1.9.8/zlib/gzlib.c:216:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(state->path, path);
data/htmldoc-1.9.8/zlib/gzlib.c:610:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(state->msg, state->path);
data/htmldoc-1.9.8/zlib/gzlib.c:612:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(state->msg, msg);
data/htmldoc-1.9.8/zlib/gzwrite.c:346:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    (void)vsprintf((char *)(state->in), format, va);
data/htmldoc-1.9.8/zlib/gzwrite.c:350:11:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = vsprintf((char *)(state->in), format, va);
data/htmldoc-1.9.8/zlib/gzwrite.c:354:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    (void)vsnprintf((char *)(state->in), size, format, va);
data/htmldoc-1.9.8/zlib/gzwrite.c:357:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = vsnprintf((char *)(state->in), size, format, va);
data/htmldoc-1.9.8/zlib/gzwrite.c:431:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf((char *)(state->in), format, a1, a2, a3, a4, a5, a6, a7, a8,
data/htmldoc-1.9.8/zlib/gzwrite.c:436:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf((char *)(state->in), format, a1, a2, a3, a4, a5, a6, a7, a8,
data/htmldoc-1.9.8/zlib/gzwrite.c:441:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf((char *)(state->in), size, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/htmldoc-1.9.8/zlib/gzwrite.c:445:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    len = snprintf((char *)(state->in), size, format, a1, a2, a3, a4, a5, a6,
data/htmldoc-1.9.8/zlib/zutil.h:224:39:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/htmldoc-1.9.8/zlib/zutil.h:225:39:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/htmldoc-1.9.8/zlib/zutil.h:226:40:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/htmldoc-1.9.8/zlib/zutil.h:227:48:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/htmldoc-1.9.8/zlib/zutil.h:228:49:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/htmldoc-1.9.8/htmldoc/file.c:136:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TEMP")) == NULL)
data/htmldoc-1.9.8/htmldoc/file.c:142:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TMPDIR")) == NULL)
data/htmldoc-1.9.8/htmldoc/file.c:150:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  debug = getenv("HTMLDOC_DEBUG");
data/htmldoc-1.9.8/htmldoc/file.c:1102:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TEMP")) == NULL)
data/htmldoc-1.9.8/htmldoc/file.c:1108:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((tmpdir = getenv("TMPDIR")) == NULL)
data/htmldoc-1.9.8/htmldoc/gui.cxx:2919:12:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
      if (!CreateProcess(NULL, command, NULL, NULL, FALSE,
data/htmldoc-1.9.8/htmldoc/gui.cxx:2919:12:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
      if (!CreateProcess(NULL, command, NULL, NULL, FALSE,
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:145:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HTMLDOC_NOCGI") && getenv("GATEWAY_INTERFACE") &&
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:145:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (!getenv("HTMLDOC_NOCGI") && getenv("GATEWAY_INTERFACE") &&
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:146:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      getenv("SERVER_NAME") && getenv("SERVER_SOFTWARE"))
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:146:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      getenv("SERVER_NAME") && getenv("SERVER_SOFTWARE"))
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:175:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    file_cookies(getenv("HTTP_COOKIE"));
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:176:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    file_referer(getenv("HTTP_REFERER"));
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:180:59:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    progress_error(HD_ERROR_NONE, "INFO: TEMP is \"%s\"", getenv("TEMP"));
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:182:61:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    progress_error(HD_ERROR_NONE, "INFO: TMPDIR is \"%s\"", getenv("TMPDIR"));
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:194:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((path_translated = getenv("PATH_TRANSLATED")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1191:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    https       = getenv("HTTPS");
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1192:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    path_info   = getenv("PATH_INFO");
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1193:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    query       = getenv("QUERY_STRING");
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1194:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    server_name = getenv("SERVER_NAME");
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1195:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    server_port = getenv("SERVER_PORT");
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1292:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((debug = getenv("HTMLDOC_DEBUG")) != NULL &&
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1349:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((home = getenv("HOME")) == NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1712:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((snap = getenv("SNAP")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1733:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HTMLDOC_DATA") != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1734:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    _htmlData = getenv("HTMLDOC_DATA");
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1737:7:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if (getenv("HTMLDOC_HELP") != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1738:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    GUI::help_dir = getenv("HTMLDOC_HELP");
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3591:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((debug = getenv("HTMLDOC_DEBUG")) == NULL ||
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3641:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((debug = getenv("HTMLDOC_DEBUG")) == NULL ||
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:536:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *source_date_epoch = getenv("SOURCE_DATE_EPOCH");
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1030:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((debug = getenv("HTMLDOC_DEBUG")) == NULL ||
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2182:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((debug = getenv("HTMLDOC_DEBUG")) != NULL && strstr(debug, "margin"))
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2750:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((debug = getenv("HTMLDOC_DEBUG")) != NULL && strstr(debug, "margin"))
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6358:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  if ((htmldoc_debug = getenv("HTMLDOC_DEBUG")) != NULL &&
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11699:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1466:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *home = getenv("HOME");	/* HOME environment variable */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:674:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *home = getenv("HOME");	/* HOME environment variable */
data/htmldoc-1.9.8/jpeg/jmemmgr.c:36:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
extern char * getenv JPP((const char * name));
data/htmldoc-1.9.8/jpeg/jmemmgr.c:1107:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((memenv = getenv("JPEGMEM")) != NULL) {
data/htmldoc-1.9.8/vcnet/config.h:258:26:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_RAND() random()
data/htmldoc-1.9.8/vcnet/config.h:259:28:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_SRAND(v) srandom(v)
data/htmldoc-1.9.8/vcnet/config.h:261:26:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_RAND() lrand48()
data/htmldoc-1.9.8/vcnet/config.h:265:28:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_SRAND(v) srand(v)
data/htmldoc-1.9.8/xcode/config.h:180:26:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_RAND() random()
data/htmldoc-1.9.8/xcode/config.h:181:28:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_SRAND(v) srandom(v)
data/htmldoc-1.9.8/xcode/config.h:183:26:  [3] (random) lrand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_RAND() lrand48()
data/htmldoc-1.9.8/xcode/config.h:187:28:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#  define HTMLDOC_SRAND(v) srand(v)
data/htmldoc-1.9.8/cgi-bin/topdf.c:8:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	command[1024];			/* Command to execute */
data/htmldoc-1.9.8/htmldoc/array.c:383:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(da->saved, a->saved, sizeof(a->saved));
data/htmldoc-1.9.8/htmldoc/array.c:419:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(da->elements, a->elements, (size_t)a->num_elements * sizeof(void *));
data/htmldoc-1.9.8/htmldoc/epub.cxx:187:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fp = fopen(title_file, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/epub.cxx:946:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	buffer[100];		/* String buffer */
data/htmldoc-1.9.8/htmldoc/epub.cxx:1214:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char        epubname[1024];         /* Name in ZIP container */
data/htmldoc-1.9.8/htmldoc/epub.cxx:1381:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          temp[32];               /* Temporary string buffer */
data/htmldoc-1.9.8/htmldoc/file.c:65:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	proxy_host[HTTP_MAX_URI] = "";	/* Proxy hostname */
data/htmldoc-1.9.8/htmldoc/file.c:72:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	cookies[1024] = "";		/* HTTP cookies, if any */
data/htmldoc-1.9.8/htmldoc/file.c:73:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	referer_url[HTTP_MAX_VALUE] = "";
data/htmldoc-1.9.8/htmldoc/file.c:85:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	buf[1024];	/* Buffer for files with targets */
data/htmldoc-1.9.8/htmldoc/file.c:119:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Temporary file */
data/htmldoc-1.9.8/htmldoc/file.c:124:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tmppath[1024];		/* Temporary directory */
data/htmldoc-1.9.8/htmldoc/file.c:243:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	buf[1024];	/* Buffer for files with targets */
data/htmldoc-1.9.8/htmldoc/file.c:255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	scheme[HTTP_MAX_URI],
data/htmldoc-1.9.8/htmldoc/file.c:306:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	buf[1024];	/* Buffer for files with targets */
data/htmldoc-1.9.8/htmldoc/file.c:351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		scheme[HTTP_MAX_URI],	/* Method/scheme */
data/htmldoc-1.9.8/htmldoc/file.c:358:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		connpath[HTTP_MAX_URI],	/* Path for GET */
data/htmldoc-1.9.8/htmldoc/file.c:365:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tempname[HTTP_MAX_URI];	/* Temporary filename */
data/htmldoc-1.9.8/htmldoc/file.c:406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	buffer[8192];		/* Data buffer */
data/htmldoc-1.9.8/htmldoc/file.c:618:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		basename[HTTP_MAX_URI];	/* Base (unquoted) filename */
data/htmldoc-1.9.8/htmldoc/file.c:620:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	filename[HTTP_MAX_URI];	/* Current filename */
data/htmldoc-1.9.8/htmldoc/file.c:842:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cwd[1024];		/* Current directory */
data/htmldoc-1.9.8/htmldoc/file.c:843:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary pathname */
data/htmldoc-1.9.8/htmldoc/file.c:844:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	newfilename[1024];	/* New filename */
data/htmldoc-1.9.8/htmldoc/file.c:962:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char	scheme[HTTP_MAX_URI],	/* Method name (must be HTTP) */
data/htmldoc-1.9.8/htmldoc/file.c:1063:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tmppath[1024];		/* Buffer for temp dir */
data/htmldoc-1.9.8/htmldoc/file.c:1114:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fd = open(name, OPENMODE, OPENPERM)) >= 0)
data/htmldoc-1.9.8/htmldoc/gui.cxx:1140:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	*htmldoc[1] = { (char *)"htmldoc" };	// argv[] array
data/htmldoc-1.9.8/htmldoc/gui.cxx:1210:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[4];		// Format string
data/htmldoc-1.9.8/htmldoc/gui.cxx:1268:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  NumberUp = atoi(numberUp->text(numberUp->value()));
data/htmldoc-1.9.8/htmldoc/gui.cxx:1348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		size[255];	// Page size string
data/htmldoc-1.9.8/htmldoc/gui.cxx:1349:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		formats[256];	// Format characters
data/htmldoc-1.9.8/htmldoc/gui.cxx:1618:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[10240];		// Line from file
data/htmldoc-1.9.8/htmldoc/gui.cxx:1620:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		basename[1024];		// Base filename
data/htmldoc-1.9.8/htmldoc/gui.cxx:1639:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(filename, "r");
data/htmldoc-1.9.8/htmldoc/gui.cxx:1706:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		// Option name
data/htmldoc-1.9.8/htmldoc/gui.cxx:2108:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      i = atoi(temp2);
data/htmldoc-1.9.8/htmldoc/gui.cxx:2139:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      tocLevels->value(atoi(temp2));
data/htmldoc-1.9.8/htmldoc/gui.cxx:2358:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fp = fopen(filename, "w");
data/htmldoc-1.9.8/htmldoc/gui.cxx:2798:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	line[1024];
data/htmldoc-1.9.8/htmldoc/gui.cxx:2799:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	directory[1024];
data/htmldoc-1.9.8/htmldoc/gui.cxx:2806:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(gui->fc->value(i), "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/gui.cxx:2838:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        count = atoi(line);
data/htmldoc-1.9.8/htmldoc/gui.cxx:2898:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			command[1024];	// Editor command
data/htmldoc-1.9.8/htmldoc/gui.cxx:3158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		// Name of the output file
data/htmldoc-1.9.8/htmldoc/gui.cxx:3239:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024],		// Output filename
data/htmldoc-1.9.8/htmldoc/gui.cxx:3533:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		command[1024];		// Command string
data/htmldoc-1.9.8/htmldoc/gui.cxx:3682:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	newcolor[255];		// New color string
data/htmldoc-1.9.8/htmldoc/gui.cxx:3750:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	newcolor[255];		// New color string
data/htmldoc-1.9.8/htmldoc/gui.cxx:3790:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	newcolor[255];		// New color string
data/htmldoc-1.9.8/htmldoc/gui.cxx:3828:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	link[1024];	// filename#link
data/htmldoc-1.9.8/htmldoc/gui.cxx:3906:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		realname[1024];	// Real filename
data/htmldoc-1.9.8/htmldoc/gui.cxx:4012:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	  	temp[1024];	// Temporary string
data/htmldoc-1.9.8/htmldoc/gui.cxx:4019:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		base[1024],	// Base directory of HTML file
data/htmldoc-1.9.8/htmldoc/gui.cxx:4093:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        (docfile = fopen(filename, "rb")) != NULL)
data/htmldoc-1.9.8/htmldoc/gui.h:198:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			book_filename[1024];
data/htmldoc-1.9.8/htmldoc/gui.h:201:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			title_string[1024];
data/htmldoc-1.9.8/htmldoc/html.cxx:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		realname[1024];	/* Real filename */
data/htmldoc-1.9.8/htmldoc/html.cxx:235:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    *out = fopen(realname, "wb");
data/htmldoc-1.9.8/htmldoc/html.cxx:241:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      *out    = fopen(OutputPath, "wb");
data/htmldoc-1.9.8/htmldoc/html.cxx:463:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(title_file, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/html.h:290:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char	*_htmlFonts[TYPE_MAX][STYLE_MAX];
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	bookfile[1024];		// Book filename
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:261:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        strlcpy((char *)BodyColor, argv[i], sizeof(BodyColor));
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:293:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        strlcpy((char *)BodyImage, argv[i], sizeof(BodyImage));
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:341:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Compression = atoi(argv[i] + 14);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:753:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        OutputJPEG = atoi(argv[i] + 7);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:849:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      NumberUp = atoi(argv[i]);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1065:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        TocLevels = atoi(argv[i]);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	url[1024];		// URL
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1202:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	                NULL, server_name, atoi(server_port), path_info);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1205:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	                NULL, server_name, atoi(server_port), path_info);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1322:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		home[1024];	// Home (profile) directory
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1326:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	htmldocrc[1024];// HTMLDOC RC file
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1368:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[2048];		// Line from RC file
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1376:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(prefs_getrc(), "r")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1392:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	LinkStyle = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1396:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageWidth = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1398:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageLength = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1400:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageLeft = atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1402:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageRight = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1404:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageTop = atoi(line + 8);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1406:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageBottom = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1408:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PageDuplex = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1410:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	Landscape = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1412:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	Compression = atoi(line + 12);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1415:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	OutputColor    = atoi(line + 12);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1419:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	TocNumbers = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1421:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	TocLevels = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1423:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	OutputJPEG = atoi(line + 1);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1429:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        NumberUp = atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1437:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	_htmlBodyFont = (typeface_t)atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1439:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	_htmlHeadingFont = (typeface_t)atoi(line + 12);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1446:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	HeadFootType = (typeface_t)atoi(line + 13);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1448:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        HeadFootStyle = (style_t)atoi(line + 14);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1456:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  PDFVersion = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1459:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PSLevel = atoi(line + 8);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1461:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PSCommands = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1463:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	XRXComments = atoi(line + 12);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1467:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PDFPageMode = atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1469:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PDFPageLayout = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1471:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PDFFirstPage = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1473:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	PDFEffect = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1479:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	Encryption = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1481:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	Permissions = atoi(line + 12);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1487:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Links = atoi(line + 6);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1489:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        EmbedFonts = atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1491:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        EmbedFonts = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1497:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        StrictHTML = atoi(line + 11);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1503:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Tooltips = atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1551:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(prefs_getrc(), "w")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1633:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	data[1024];	// Data directory
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1634:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	doc[1024];	// Documentation directory
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1635:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	path[4096];	// PATH environment variable
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1683:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          path[PROC_PIDPATHINFO_MAXSIZE + 1];
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1686:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	resources[1024];	// Resources directory
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1714:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char datadir[1024];          // Data directory
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1720:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char docdir[1024];           // Documentation directory
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1793:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[10240];		// Line from file
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1796:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		path[2048];		// Current path
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1816:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(local, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1888:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		// Option name
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1928:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        OutputJPEG = atoi(temp + 7);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1988:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        Compression = atoi(temp + 14);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2156:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      NumberUp = atoi(temp2);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2189:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      TocLevels = atoi(temp2);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2453:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		base[1024];		// Base directory name of file
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:2460:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((docfile = fopen(realname, "rb")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmldoc.h:139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	OutputPath[1024] VALUE("");	/* Output directory/name */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	OwnerPassword[33] VALUE(""),	/* Owner password */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	*Header[3]	NULL3,		/* Header for regular pages */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	TitleImage[1024] VALUE(""),	/* Title page image */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:194:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	HFImage[MAX_HF_IMAGES][1024]	/* Header/footer images */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	Path[2048]	VALUE(""),	/* Search path */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:205:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR const char	*PDFModes[3]			/* Mode strings */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:210:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR const char	*PDFLayouts[4]			/* Layout strings */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:215:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR const char	*PDFPages[3]			/* First page strings */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:220:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR const char	*PDFEffects[17]			/* Effect strings */
data/htmldoc-1.9.8/htmldoc/htmldoc.h:230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	HTMLEditor[1024] VALUE("notepad.exe \"%s\"");
data/htmldoc-1.9.8/htmldoc/htmldoc.h:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	HTMLEditor[1024] VALUE("bbedit %s");
data/htmldoc-1.9.8/htmldoc/htmldoc.h:234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	HTMLEditor[1024] VALUE("gedit %s");
data/htmldoc-1.9.8/htmldoc/htmldoc.h:236:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
VAR char	HTMLEditor[1024] VALUE("nedit %s");
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:141:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char		_htmlCharSet[256] = "iso-8859-1";
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:161:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char	*_htmlGlyphsAll[65536];	/* Character glyphs for Unicode */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:162:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char	*_htmlGlyphs[256];	/* Character glyphs for charset */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:164:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char	*_htmlSorted[256];	/* Sorted character glyphs for charset */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:166:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char	*_htmlFonts[TYPE_MAX][STYLE_MAX] =
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:290:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		newbase[1024];		// New base directory for EMBED
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1092:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((embed = fopen((char *)filename, "r")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1163:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	font[255],	// Font name
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1288:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	font[255],	// Font name
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1365:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      sizeval = atoi((char *)size);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1367:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
              sizeval = t->size + atoi((char *)size);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2097:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((char *)s + slen, (char *)tdata, tlen);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2244:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Filenames */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2248:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		glyph[64];		/* Glyph name */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* Line from AFM file */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2266:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2435:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* Filenames */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2438:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		glyph[64];		/* Glyph name */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2439:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[1024];		/* Line from charset file */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2454:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(line, "r")) != NULL)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2497:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2584:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return (atoi((char *)*m0 + 1) - atoi((char *)*m1 + 1));
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2584:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return (atoi((char *)*m0 + 1) - atoi((char *)*m1 + 1));
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3193:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		number[255];	/* Width or height value */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3209:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->width  = (float)(atoi((char *)width_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3210:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->height = (float)(atoi((char *)height_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3220:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->width  = (float)(atoi((char *)width_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3223:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      snprintf(number, sizeof(number), "%d", atoi((char *)width_ptr) * img->height / img->width);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3230:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->height = (float)(atoi((char *)height_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3233:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      snprintf(number, sizeof(number), "%d", atoi((char *)height_ptr) * img->width / img->height);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3260:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->width = (float)(atoi((char *)width_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3262:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->width = (float)(atoi((char *)size_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3267:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->height = (float)(atoi((char *)height_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3269:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->height = (float)(atoi((char *)size_ptr) / _htmlPPI * 72.0f);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3421:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024],		/* Temporary filename */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3423:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	newfilename[1024];	/* New filename */
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3634:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		full_href[1024];	// Full HREF value
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:219:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		realname[1024];	/* Real filename */
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:238:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  *out = fopen(realname, "wb");
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:426:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(title_file, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:935:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strcmp((char *)headings[i], (char *)ptr) == 0)
data/htmldoc-1.9.8/htmldoc/http-addr.c:646:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char		*ip_ptrs[2];	/* Pointer to packed address */
data/htmldoc-1.9.8/htmldoc/http-addr.c:799:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char		localStr[1024];	/* Local host name C string */
data/htmldoc-1.9.8/htmldoc/http-addr.c:879:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	temp[1024];		/* Temporary string */
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:404:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(current, src, sizeof(http_addrlist_t));
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		ipv6[64],	/* IPv6 address */
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:582:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv6), current->ai_addr,
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:585:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv4), current->ai_addr,
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:630:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	portnum = atoi(service);
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:703:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv6.sin6_addr), host->h_addr_list[i],
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:711:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&(temp->addr.ipv4.sin_addr), host->h_addr_list[i],
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:757:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      portnum = atoi(service);
data/htmldoc-1.9.8/htmldoc/http-private.h:264:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		error[256];		/* Most recent error message */
data/htmldoc-1.9.8/htmldoc/http-private.h:305:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[HTTP_MAX_HOST],
data/htmldoc-1.9.8/htmldoc/http-private.h:313:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			buffer[HTTP_MAX_BUFFER];
data/htmldoc-1.9.8/htmldoc/http-private.h:317:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			nonce[HTTP_MAX_VALUE];
data/htmldoc-1.9.8/htmldoc/http-private.h:329:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			_authstring[HTTP_MAX_VALUE],
data/htmldoc-1.9.8/htmldoc/http-private.h:339:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			wbuffer[HTTP_MAX_BUFFER];
data/htmldoc-1.9.8/htmldoc/http-private.h:364:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			gsshost[256];	/* Hostname for Kerberos */
data/htmldoc-1.9.8/htmldoc/http-support.c:55:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const http_days[7] =/* Days of the week */
data/htmldoc-1.9.8/htmldoc/http-support.c:65:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const http_months[12] =
data/htmldoc-1.9.8/htmldoc/http-support.c:446:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		resource[1024];		/* Formatted resource string */
data/htmldoc-1.9.8/htmldoc/http-support.c:501:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			data[1024];	/* Source string for MD5 */
data/htmldoc-1.9.8/htmldoc/http-support.c:503:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char		md5sum[16];	/* MD5 digest/sum */
data/htmldoc-1.9.8/htmldoc/http-support.c:784:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	http_date[256];		/* Static buffer */
data/htmldoc-1.9.8/htmldoc/http-support.c:821:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		mon[16];		/* Abbreviated month name */
data/htmldoc-1.9.8/htmldoc/http-support.c:1542:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			scheme[32],	/* URI components... */
data/htmldoc-1.9.8/htmldoc/http-support.c:2111:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			resource[257],	/* Remote path */
data/htmldoc-1.9.8/htmldoc/http-support.c:2131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uuid[256];		/* UUID value */
data/htmldoc-1.9.8/htmldoc/http-support.c:2133:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(uuid, value, valueLen);
data/htmldoc-1.9.8/htmldoc/http-support.c:2187:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (((char *)value)[0] == '/')
data/htmldoc-1.9.8/htmldoc/http-support.c:2193:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource, value, valueLen);
data/htmldoc-1.9.8/htmldoc/http-support.c:2203:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource + 1, value, valueLen);
data/htmldoc-1.9.8/htmldoc/http-support.c:2326:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			resource[257],	/* Remote path */
data/htmldoc-1.9.8/htmldoc/http-support.c:2353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	uuid[256];		/* UUID value */
data/htmldoc-1.9.8/htmldoc/http-support.c:2357:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(uuid, value, valueLen);
data/htmldoc-1.9.8/htmldoc/http-support.c:2431:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource, value, valueLen);
data/htmldoc-1.9.8/htmldoc/http-support.c:2441:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(resource + 1, value, valueLen);
data/htmldoc-1.9.8/htmldoc/http.c:231:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(credential->data, data, datalen);
data/htmldoc-1.9.8/htmldoc/http.c:627:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Junk buffer */
data/htmldoc-1.9.8/htmldoc/http.c:832:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	temp[HTTP_MAX_VALUE],	/* Copy of Accepts-Encoding value */
data/htmldoc-1.9.8/htmldoc/http.c:1388:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[HTTP_MAX_VALUE],	/* Temporary buffer for name */
data/htmldoc-1.9.8/htmldoc/http.c:1645:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		len[32];		/* Length string */
data/htmldoc-1.9.8/htmldoc/http.c:1799:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(http->sbuffer + http->stream.avail_in, http->buffer, buflen);
data/htmldoc-1.9.8/htmldoc/http.c:1855:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, http->buffer, length);
data/htmldoc-1.9.8/htmldoc/http.c:1908:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[16384];		/* Buffer for formatted string */
data/htmldoc-1.9.8/htmldoc/http.c:2085:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char	len[32];		/* Length string */
data/htmldoc-1.9.8/htmldoc/http.c:2112:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	len[32];		/* Length string */
data/htmldoc-1.9.8/htmldoc/http.c:2145:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char	len[32];		/* Length string */
data/htmldoc-1.9.8/htmldoc/http.c:2193:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[4096],			/* HTTP request line */
data/htmldoc-1.9.8/htmldoc/http.c:2913:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[32768],		/* Line from connection... */
data/htmldoc-1.9.8/htmldoc/http.c:3050:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      http->expect = (http_status_t)atoi(value);
data/htmldoc-1.9.8/htmldoc/http.c:3408:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(http->wbuffer + http->wused, buffer, length);
data/htmldoc-1.9.8/htmldoc/http.c:3934:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		service[255];		/* Service name */
data/htmldoc-1.9.8/htmldoc/http.c:4022:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	line[255],			/* Line buffer */
data/htmldoc-1.9.8/htmldoc/http.c:4042:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, "  ", 3);
data/htmldoc-1.9.8/htmldoc/http.c:4047:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, "  ", 3);
data/htmldoc-1.9.8/htmldoc/http.c:4210:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, http->buffer, (size_t)bytes);
data/htmldoc-1.9.8/htmldoc/http.c:4240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	len[32];		/* Length string */
data/htmldoc-1.9.8/htmldoc/http.c:4302:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[1024];		/* Encoded URI buffer */
data/htmldoc-1.9.8/htmldoc/http.c:4821:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		header[16];		/* Chunk header */
data/htmldoc-1.9.8/htmldoc/http.h:417:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			pad[256];	/* Padding to ensure binary compatibility */
data/htmldoc-1.9.8/htmldoc/http.h:489:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:489:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:489:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:489:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:491:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:491:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:491:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:491:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5Final(const char *, const char *, const char *,
data/htmldoc-1.9.8/htmldoc/http.h:493:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5String(const unsigned char *, char [33]);
data/htmldoc-1.9.8/htmldoc/http.h:493:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char		*httpMD5String(const unsigned char *, char [33]);
data/htmldoc-1.9.8/htmldoc/image.cxx:526:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		dest[255];		/* Destination file */
data/htmldoc-1.9.8/htmldoc/image.cxx:551:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((in = fopen(realsrc, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/image.cxx:558:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((out = fopen(dest, "wb")) == NULL)
data/htmldoc-1.9.8/htmldoc/image.cxx:739:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(realname, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/image.h:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];	/* Name of image file (for caching of images */
data/htmldoc-1.9.8/htmldoc/iso8859.cxx:336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char uniglyph[32];
data/htmldoc-1.9.8/htmldoc/iso8859.cxx:418:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char uniglyph[32];
data/htmldoc-1.9.8/htmldoc/md5-private.h:54:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[64];		/* accumulate block */
data/htmldoc-1.9.8/htmldoc/md5-private.h:68:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void _cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16]);
data/htmldoc-1.9.8/htmldoc/md5.c:150:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(xbuf, data, 64);
data/htmldoc-1.9.8/htmldoc/md5.c:301:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf + offset, p, copy);
data/htmldoc-1.9.8/htmldoc/md5.c:315:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pms->buf, p, left);
data/htmldoc-1.9.8/htmldoc/md5.c:319:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
_cupsMD5Finish(_cups_md5_state_t *pms, unsigned char digest[16])
data/htmldoc-1.9.8/htmldoc/md5.c:321:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char pad[64] = {
data/htmldoc-1.9.8/htmldoc/md5.c:327:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[8];
data/htmldoc-1.9.8/htmldoc/mmd.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[65536],		/* Buffer */
data/htmldoc-1.9.8/htmldoc/mmd.c:213:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(allptr, current->text, textlen);
data/htmldoc-1.9.8/htmldoc/mmd.c:340:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          prefix[256];            /* Prefix string */
data/htmldoc-1.9.8/htmldoc/mmd.c:481:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/htmldoc-1.9.8/htmldoc/mmd.c:505:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		line[8192],		/* Read line */
data/htmldoc-1.9.8/htmldoc/mmd.c:1164:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	text[8192];		/* Reference text */
data/htmldoc-1.9.8/htmldoc/mmd.c:2290:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	unknown[64];		/* Unknown type buffer */
data/htmldoc-1.9.8/htmldoc/progress.cxx:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		text[2048];		/* Formatted text string */
data/htmldoc-1.9.8/htmldoc/progress.cxx:78:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	tmppath[1024];		// Buffer for temp dir
data/htmldoc-1.9.8/htmldoc/progress.cxx:79:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char	filename[1024];		// htmldoc.log filename
data/htmldoc-1.9.8/htmldoc/progress.cxx:85:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      error_log = fopen(filename, "a");
data/htmldoc-1.9.8/htmldoc/progress.cxx:159:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	text[2048];		/* Formatted text string */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		media_color[64],	// Media color
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		page_text[64];		// Page number for TOC
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:197:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	stdout_filename[256];
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:584:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((fp = fopen(title_file, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:674:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:688:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:706:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:721:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:726:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      strlcpy((char *)pages[page].page_text, (page & 1) ? "eltit" : "title", sizeof(pages[page].page_text));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1402:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	page_text[64];			/* Page number text */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1505:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[1024],		// String buffer
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1692:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              strlcpy(bufptr, (char *)(pages[page].chapter), sizeof(buffer) - (size_t)(bufptr - buffer));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1701:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
              strlcpy(bufptr, (char *)(pages[page].heading), sizeof(buffer) - (size_t)(bufptr - buffer));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2245:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		// Copy buffer
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:2390:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(stdout_filename, "rb");
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3436:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        	  char	url[1024], *urlptr;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3767:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3807:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    strlcpy((char *)nptr, pages[hpage].page_text, sizeof(number) - (size_t)(nptr - number));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:3813:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4396:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	        width = atoi((char *)name) * (*right - *left) / 100;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4398:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                width = (float)(atoi((char *)name) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4404:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	      height = (float)(atoi((char *)name) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4769:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  *y -= atoi((char *)vspace);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4827:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  *y -= atoi((char *)vspace);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4837:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  image_left += atoi((char *)hspace);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4850:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  *y -= atoi((char *)vspace);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4910:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  *y -= atoi((char *)vspace);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:4918:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	  image_right -= atoi((char *)hspace);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5203:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5371:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5573:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(lineptr, "        ", num_cols);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5590:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(r->data.text.rgb, rgb, sizeof(rgb));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5655:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		col_fixed[MAX_COLUMNS],
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5730:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        table.row_spans[col] = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5801:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char table_text[255];
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6375:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      table_width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6385:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      table.height = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6393:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    table.cellpadding = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6398:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    cellspacing = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6552:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            colspan = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6558:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            table.row_spans[col] = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6676:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6974:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char table_text[255];
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7244:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      list_values[t->indent] = atoi((char *)value);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7258:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        strlcpy((char *)number, format_number(list_values[t->indent], (char)list_types[t->indent]), sizeof(number));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7323:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      list_values[t->indent] = atoi((char *)value);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7683:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      pages[*page].media_position = atoi(comment);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8721:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char *)r->data.text.buffer, (char *)data, datalen);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8742:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char *)r->data.link, (char *)data, datalen);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8833:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp, temp - 1, sizeof(page_t));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9008:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      width = (right - left) * atoi((char *)var) * 0.01f;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9010:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9026:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      minh = PagePrintLength * atoi((char *)var) * 0.01f;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9028:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      minh = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9339:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      width = (right - left) * atoi((char *)var) * 0.01f;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9341:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      width = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9354:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      minh = PagePrintLength * atoi((char *)var) * 0.01f;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9356:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      minh = (float)(atoi((char *)var) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9432:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    cellpadding = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9437:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    cellspacing = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9520:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(temp, t, sizeof(tree_t));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9537:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(temp, t, sizeof(tree_t));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9640:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->width = (float)(atoi((char *)width) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9645:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->height = (float)(atoi((char *)height) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9660:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->width = (float)(atoi((char *)width) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9669:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      t->height = (float)(atoi((char *)height) * PagePrintWidth / _htmlBrowserWidth);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9743:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	filename[255];	/* Filename */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9755:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return (fopen(filename, "wb+"));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9761:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return (fopen(filename, "wb+"));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9764:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return (fopen(OutputPath, "wb+"));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9820:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	sizes[255],	/* Formatted string for size... */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9870:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	xs[255],			/* Formatted string for X... */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:10031:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(leftdata + leftcount, data, (size_t)(length - leftcount));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11260:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		temp[1024];		/* Temporary string */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11270:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static unsigned char pad[32] =
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11617:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      if ((prolog = fopen(temp, "rb")) != NULL)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11680:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(user_pad + i, pad, (size_t)(32 - i));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11691:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	  memcpy(owner_pad + i, pad, (size_t)(32 - i));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11736:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(owner_key, user_pad, 32);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11798:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(encrypt_key, digest, (size_t)encrypt_len);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12136:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		prefix[64],		/* Prefix string */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12347:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[1024];		/* PFA filename */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12351:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		glyph[64],		/* Glyph name */
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12399:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12521:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename, "r")) == NULL)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12554:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	italic_angle = atoi(line + 12);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12558:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	cap_height = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12560:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	x_height = atoi(line + 8);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12562:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	ascent = atoi(line + 9);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12564:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	descent = atoi(line + 10);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12892:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buf[10240];		/* Output buffer */
data/htmldoc-1.9.8/htmldoc/rc4.h:39:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	sbox[256];	/* S boxes for encryption */
data/htmldoc-1.9.8/htmldoc/snprintf.c:37:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		tformat[100],		/* Temporary format string for sprintf() */
data/htmldoc-1.9.8/htmldoc/snprintf.c:206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(bufptr, va_arg(ap, char *), width);
data/htmldoc-1.9.8/htmldoc/string.c:155:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst + dstlen, src, srclen);
data/htmldoc-1.9.8/htmldoc/string.c:191:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, srclen);
data/htmldoc-1.9.8/htmldoc/testhtml.cxx:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		base[1024];	/* Base directory */
data/htmldoc-1.9.8/htmldoc/testhtml.cxx:143:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    else if ((fp = fopen(file_find("", argv[i]), "r")) != NULL)
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[1024];
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:187:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			cert_name[256];	/* Certificate's common name (C string) */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	credentials_str[1024],	/* String for incoming credentials */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[256];	/* Common name associated with cert */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:465:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	md5_digest[16];	/* MD5 result */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:521:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Filename for keychain */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:639:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024];	/* Filename for keychain */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:809:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Hostname */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1157:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy((void *)credential->data, CFDataGetBytePtr(data),
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:140:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      unsigned char	cserial[1024],	/* Certificate serial number */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char	credentials_str[1024],	/* String for incoming credentials */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		name[256];	/* Common name associated with cert */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:410:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	md5_digest[16];	/* MD5 result */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:448:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* filename.crt */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:470:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "r")) == NULL)
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:583:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			filename[1024],	/* filename.crt */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:603:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(nfilename, "w")) == NULL)
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:721:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		filename[1024],	/* site.crl */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:733:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename, "r")) != NULL)
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1006:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Hostname */
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1011:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			priority_string[1024];
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:126:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		cert_name[1024];	/* Name from certificate */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char		cert_name[256];	/* Common name */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:293:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char	md5_digest[16];	/* MD5 result */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:369:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		error[1024];		/* Error message buffer */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:495:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		error[1024];		/* Error message buffer */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:668:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, sspi->readBuffer, bytesToCopy);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:790:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf, pDataBuffer->pvBuffer, bytesToCopy);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:814:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(((BYTE *)sspi->readBuffer) + sspi->readBufferUsed, ((BYTE *)pDataBuffer->pvBuffer) + bytesToCopy, bytesToSave);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:865:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	hostname[256],			/* Hostname */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1099:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sspi->writeBuffer + sspi->streamSizes.cbHeader, bufptr, chunk);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			hostname[256],	/* Hostname */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1166:3:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  TCHAR			username[256];	/* Username returned from GetUserName() */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1167:3:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  TCHAR			commonName[256];/* Common name for certificate */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1274:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		username[1024],		/* Current username */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2009:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		common_name[512];	/* Common name for cert */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2173:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2194:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sspi->decryptBuffer, (LPBYTE)(sspi->decryptBuffer + sspi->decryptBufferUsed - inBuffers[1].cbBuffer), inBuffers[1].cbBuffer);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2282:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char			error[1024];	/* Error message string */
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2296:23:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  count             = MultiByteToWideChar(CP_ACP, 0, common_name, -1, NULL, 0);
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2301:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (!MultiByteToWideChar(CP_ACP, 0, common_name, -1, commonNameUnicode, count))
data/htmldoc-1.9.8/htmldoc/toc.cxx:125:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char *ones[10] =
data/htmldoc-1.9.8/htmldoc/toc.cxx:189:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            heading_numbers[level] = atoi((char *)var);
data/htmldoc-1.9.8/htmldoc/util.cxx:28:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char *ones[10] =	/* Roman numerals, 0-9 */
data/htmldoc-1.9.8/htmldoc/util.cxx:43:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char *ONES[10] =	/* Roman numerals, 0-9 */
data/htmldoc-1.9.8/htmldoc/util.cxx:58:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	buffer[1024];	/* String buffer */
data/htmldoc-1.9.8/htmldoc/util.cxx:337:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char	fmt[4];			// Old format string
data/htmldoc-1.9.8/htmldoc/util.cxx:424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char	units[255];		/* Units string */
data/htmldoc-1.9.8/htmldoc/zipc.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          error_msg[256];         /* Formatted error message */
data/htmldoc-1.9.8/htmldoc/zipc.c:96:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[16384];		/* Deflate buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		filename[256];		/* File/directory name */
data/htmldoc-1.9.8/htmldoc/zipc.c:227:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char          buffer[65536];          /* Copy buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:237:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((srcfile = fopen(srcname, text ? "r" : "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/zipc.c:544:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[8192];		/* Format buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:630:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, zc->readptr, rbytes);
data/htmldoc-1.9.8/htmldoc/zipc.c:833:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char		buffer[65536],		/* Buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:1022:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        cfile[256];             /* Container filename from header */
data/htmldoc-1.9.8/htmldoc/zipc.c:1030:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((zc->fp = fopen(filename, "rb")) == NULL)
data/htmldoc-1.9.8/htmldoc/zipc.c:1142:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((zc->fp = fopen(filename, "w+b")) == NULL)
data/htmldoc-1.9.8/htmldoc/zipc.c:1538:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[2];		/* Buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:1555:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[4];		/* Buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:1690:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[2];		/* Buffer */
data/htmldoc-1.9.8/htmldoc/zipc.c:1708:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char	buffer[4];		/* Buffer */
data/htmldoc-1.9.8/jpeg/jcarith.c:41:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char * dc_stats[NUM_ARITH_TBLS];
data/htmldoc-1.9.8/jpeg/jcarith.c:42:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char * ac_stats[NUM_ARITH_TBLS];
data/htmldoc-1.9.8/jpeg/jcarith.c:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char fixed_bin[4];
data/htmldoc-1.9.8/jpeg/jchuff.c:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ehufsi[256];		/* length of code for each symbol */
data/htmldoc-1.9.8/jpeg/jchuff.c:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char huffsize[257];
data/htmldoc-1.9.8/jpeg/jcmarker.c:231:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dc_in_use[NUM_ARITH_TBLS];
data/htmldoc-1.9.8/jpeg/jcmarker.c:232:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ac_in_use[NUM_ARITH_TBLS];
data/htmldoc-1.9.8/jpeg/jdarith.c:38:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char * dc_stats[NUM_ARITH_TBLS];
data/htmldoc-1.9.8/jpeg/jdarith.c:39:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char * ac_stats[NUM_ARITH_TBLS];
data/htmldoc-1.9.8/jpeg/jdarith.c:42:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char fixed_bin[4];
data/htmldoc-1.9.8/jpeg/jdhuff.c:330:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char huffsize[257];
data/htmldoc-1.9.8/jpeg/jerror.c:101:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[JMSG_LENGTH_MAX];
data/htmldoc-1.9.8/jpeg/jinclude.h:62:32:  [2] (buffer) bcopy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size)	bcopy((const void *)(src), (void *)(dest), (size_t)(size))
data/htmldoc-1.9.8/jpeg/jinclude.h:68:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define MEMCOPY(dest,src,size)	memcpy((void *)(dest), (const void *)(src), (size_t)(size))
data/htmldoc-1.9.8/jpeg/jmemsys.h:156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_name[TEMP_NAME_LENGTH]; /* name if it's a file */
data/htmldoc-1.9.8/jpeg/jmemsys.h:162:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_name[TEMP_NAME_LENGTH]; /* name if it's a file */
data/htmldoc-1.9.8/jpeg/jmemsys.h:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char temp_name[TEMP_NAME_LENGTH]; /* name of temp file */
data/htmldoc-1.9.8/jpeg/jpeglib.h:722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[JMSG_STR_PARM_MAX];
data/htmldoc-1.9.8/png/png.c:223:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char m[128];
data/htmldoc-1.9.8/png/png.c:737:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
png_convert_to_rfc1123_buffer(char out[29], png_const_timep ptime)
data/htmldoc-1.9.8/png/png.c:739:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static PNG_CONST char short_months[12][4] =
data/htmldoc-1.9.8/png/png.c:755:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char number_buf[5]; /* enough for a four-digit year */
data/htmldoc-1.9.8/png/png.c:1833:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char message[196]; /* see below for calculation */
data/htmldoc-1.9.8/png/png.c:1852:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/
data/htmldoc-1.9.8/png/png.c:2990:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char exponent[10];
data/htmldoc-1.9.8/png/png.c:3260:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char digits[10];
data/htmldoc-1.9.8/png/png.h:1067:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
PNG_EXPORT(241, int, png_convert_to_rfc1123_buffer, (char out[29],
data/htmldoc-1.9.8/png/png.h:2738:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char         message[64];
data/htmldoc-1.9.8/png/pngdebug.h:109:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char format[256]; \
data/htmldoc-1.9.8/png/pngdebug.h:120:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char format[256]; \
data/htmldoc-1.9.8/png/pngdebug.h:131:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
       char format[256]; \
data/htmldoc-1.9.8/png/pngerror.c:43:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[16];
data/htmldoc-1.9.8/png/pngerror.c:258:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[PNG_NUMBER_BUFFER_SIZE];
data/htmldoc-1.9.8/png/pngerror.c:268:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[PNG_NUMBER_BUFFER_SIZE];
data/htmldoc-1.9.8/png/pngerror.c:293:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[192];
data/htmldoc-1.9.8/png/pngerror.c:428:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static PNG_CONST char png_digit[16] = {
data/htmldoc-1.9.8/png/pngerror.c:483:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[18+PNG_MAX_ERROR_TEXT];
data/htmldoc-1.9.8/png/pngerror.c:499:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[18+PNG_MAX_ERROR_TEXT];
data/htmldoc-1.9.8/png/pngerror.c:577:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char msg[fixed_message_ln+PNG_MAX_ERROR_TEXT];
data/htmldoc-1.9.8/png/pngerror.c:578:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(msg, fixed_message, fixed_message_ln);
data/htmldoc-1.9.8/png/pngerror.c:721:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char error_number[16];
data/htmldoc-1.9.8/png/pngerror.c:792:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char warning_number[16];
data/htmldoc-1.9.8/png/pngmem.c:154:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_array, old_array, element_size*(unsigned)old_elements);
data/htmldoc-1.9.8/png/pngpread.c:439:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
data/htmldoc-1.9.8/png/pngpread.c:456:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
data/htmldoc-1.9.8/png/pngpread.c:506:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
data/htmldoc-1.9.8/png/pngpread.c:514:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
data/htmldoc-1.9.8/png/pngpread.c:765:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
data/htmldoc-1.9.8/png/pngpriv.h:1765:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef char png_warning_parameters[PNG_WARNING_PARAMETER_COUNT][
data/htmldoc-1.9.8/png/pngread.c:559:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
data/htmldoc-1.9.8/png/pngread.c:1502:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
         FILE *fp = fopen(file_name, "rb");
data/htmldoc-1.9.8/png/pngread.c:1550:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(out, memory, need);
data/htmldoc-1.9.8/png/pngrutil.c:346:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msg[64];
data/htmldoc-1.9.8/png/pngrutil.c:691:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                           memcpy(text, png_ptr->read_buffer, prefix_size);
data/htmldoc-1.9.8/png/pngrutil.c:1410:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char keyword[81];
data/htmldoc-1.9.8/png/pngrutil.c:1489:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                           memcpy(profile, profile_header,
data/htmldoc-1.9.8/png/pngrutil.c:1555:43:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                          memcpy(info_ptr->iccp_name, keyword,
data/htmldoc-1.9.8/png/pngrutil.c:3630:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(dp, sp, bytes_to_copy);
data/htmldoc-1.9.8/png/pngrutil.c:3655:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(dp, sp, PNG_ROWBYTES(pixel_depth, row_width));
data/htmldoc-1.9.8/png/pngrutil.c:3887:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(v, sp, pixel_bytes);
data/htmldoc-1.9.8/png/pngrutil.c:3891:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(dp, v, pixel_bytes);
data/htmldoc-1.9.8/png/pngset.c:368:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(info_ptr->pcal_purpose, purpose, length);
data/htmldoc-1.9.8/png/pngset.c:390:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(info_ptr->pcal_units, units, length);
data/htmldoc-1.9.8/png/pngset.c:420:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(info_ptr->pcal_params[i], params[i], length);
data/htmldoc-1.9.8/png/pngset.c:470:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(info_ptr->scal_s_width, swidth, lengthw);
data/htmldoc-1.9.8/png/pngset.c:489:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(info_ptr->scal_s_height, sheight, lengthh);
data/htmldoc-1.9.8/png/pngset.c:512:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char swidth[PNG_sCAL_MAX_DIGITS+1];
data/htmldoc-1.9.8/png/pngset.c:513:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char sheight[PNG_sCAL_MAX_DIGITS+1];
data/htmldoc-1.9.8/png/pngset.c:542:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char swidth[PNG_sCAL_MAX_DIGITS+1];
data/htmldoc-1.9.8/png/pngset.c:543:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char sheight[PNG_sCAL_MAX_DIGITS+1];
data/htmldoc-1.9.8/png/pngset.c:626:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(png_ptr->palette, palette, (unsigned int)num_palette *
data/htmldoc-1.9.8/png/pngset.c:735:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(new_iccp_name, name, length);
data/htmldoc-1.9.8/png/pngset.c:748:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(new_iccp_profile, profile, proflen);
data/htmldoc-1.9.8/png/pngset.c:918:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(textp->key, text_ptr[i].key, key_len);
data/htmldoc-1.9.8/png/pngset.c:924:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(textp->lang, text_ptr[i].lang, lang_len);
data/htmldoc-1.9.8/png/pngset.c:927:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(textp->lang_key, text_ptr[i].lang_key, lang_key_len);
data/htmldoc-1.9.8/png/pngset.c:940:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(textp->text, text_ptr[i].text, text_length);
data/htmldoc-1.9.8/png/pngset.c:1021:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
data/htmldoc-1.9.8/png/pngset.c:1123:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(np->name, entries->name, length);
data/htmldoc-1.9.8/png/pngset.c:1143:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(np->entries, entries->entries,
data/htmldoc-1.9.8/png/pngset.c:1262:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(np->name, unknowns->name, (sizeof np->name));
data/htmldoc-1.9.8/png/pngset.c:1285:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(np->data, unknowns->data, unknowns->size);
data/htmldoc-1.9.8/png/pngset.c:1364:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(list, add, 4);
data/htmldoc-1.9.8/png/pngset.c:1465:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(new_list, png_ptr->chunk_list, 5*old_num_chunks);
data/htmldoc-1.9.8/png/pngset.c:1498:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(outlist, inlist, 5);
data/htmldoc-1.9.8/png/pngstruct.h:362:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char time_buffer[29]; /* String to hold RFC 1123 time text */
data/htmldoc-1.9.8/png/pngwrite.c:842:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(png_ptr->row_buf + 1, row, row_info.rowbytes);
data/htmldoc-1.9.8/png/pngwrite.c:2179:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(display->memory+ob, data, size);
data/htmldoc-1.9.8/png/pngwrite.c:2338:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
         FILE *fp = fopen(file_name, "wb");
data/htmldoc-1.9.8/png/pngwutil.c:299:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msg[64];
data/htmldoc-1.9.8/png/pngwutil.c:1830:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(buf + 1, width, wlen + 1);      /* Append the '\0' here */
data/htmldoc-1.9.8/png/pngwutil.c:1831:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(buf + wlen + 2, height, hlen);  /* Do NOT append the '\0' here */
data/htmldoc-1.9.8/png/pngwutil.c:2250:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                  memcpy(dp, sp, pixel_bytes);
data/htmldoc-1.9.8/vcnet/config.h:38:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open		_open
data/htmldoc-1.9.8/zlib/crc32.c:145:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        out = fopen("crc32.h", "w");
data/htmldoc-1.9.8/zlib/gzguts.h:39:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define open _open
data/htmldoc-1.9.8/zlib/gzlib.c:36:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1024];
data/htmldoc-1.9.8/zlib/gzlib.c:65:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "unknown win32 error (%ld)", error);
data/htmldoc-1.9.8/zlib/gzlib.c:245:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open((const char *)path, oflag, 0666));
data/htmldoc-1.9.8/zlib/gzlib.c:296:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(path, "<fd:%d>", fd);   /* for debugging */
data/htmldoc-1.9.8/zlib/gzlib.c:611:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(state->msg, ": ");
data/htmldoc-1.9.8/zlib/gzread.c:158:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(state->x.next, strm->next_in, strm->avail_in);
data/htmldoc-1.9.8/zlib/gzread.c:332:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, state->x.next, n);
data/htmldoc-1.9.8/zlib/gzread.c:391:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1];
data/htmldoc-1.9.8/zlib/gzread.c:531:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf, state->x.next, n);
data/htmldoc-1.9.8/zlib/gzwrite.c:218:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(state->in + have, buf, copy);
data/htmldoc-1.9.8/zlib/gzwrite.c:250:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1];
data/htmldoc-1.9.8/zlib/inflate.c:623:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hbuf[4];      /* buffer for gzip header crc calculation */
data/htmldoc-1.9.8/zlib/inflate.c:1382:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4];       /* to restore bit buffer to byte string */
data/htmldoc-1.9.8/zlib/trees.c:330:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *header = fopen("trees.h", "w");
data/htmldoc-1.9.8/zlib/zutil.c:17:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
z_const char * const z_errmsg[10] = {
data/htmldoc-1.9.8/zlib/zutil.h:47:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/htmldoc-1.9.8/zlib/zutil.h:107:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
     fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/htmldoc-1.9.8/zlib/zutil.h:184:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#  define F_OPEN(name, mode) fopen((name), (mode))
data/htmldoc-1.9.8/zlib/zutil.h:208:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#    define zmemcpy memcpy
data/htmldoc-1.9.8/htmldoc/array.c:184:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        end = start + strlen(start);
data/htmldoc-1.9.8/htmldoc/file.c:526:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	               strlen(username));
data/htmldoc-1.9.8/htmldoc/file.c:774:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((ch = getc(fp)) == EOF)
data/htmldoc-1.9.8/htmldoc/file.c:782:20:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      int nextch = getc(fp);
data/htmldoc-1.9.8/htmldoc/file.c:803:20:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      int nextch = getc(fp);
data/htmldoc-1.9.8/htmldoc/file.c:809:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        nextch = getc(fp);
data/htmldoc-1.9.8/htmldoc/gui.cxx:1797:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(temp) > 7)
data/htmldoc-1.9.8/htmldoc/gui.cxx:1868:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(temp) > 14)
data/htmldoc-1.9.8/htmldoc/gui.cxx:2851:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          line[strlen(line) - 1] = '\0'; // strip newline
data/htmldoc-1.9.8/htmldoc/html.cxx:588:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (t->data[strlen((char *)t->data) - 1] == '\n')
data/htmldoc-1.9.8/htmldoc/html.cxx:591:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            col += strlen((char *)t->data);
data/htmldoc-1.9.8/htmldoc/html.cxx:595:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((col + (int)strlen((char *)t->data)) > 72 && col > 0)
data/htmldoc-1.9.8/htmldoc/html.cxx:604:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  col += strlen((char *)t->data);
data/htmldoc-1.9.8/htmldoc/html.cxx:725:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		col += strlen((char *)entity);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:340:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(argv[i]) > 14 && PDFVersion >= 12)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:732:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(argv[i]) > 9)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:752:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(argv[i]) > 7)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1160:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if (strlen(argv[i]) > 5 &&
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1161:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
             strcmp(argv[i] + strlen(argv[i]) - 5, ".book") == 0)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1380:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (line[strlen(line) - 1] == '\n')
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1381:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        line[strlen(line) - 1] = '\0';
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1671:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        RegSetValueEx(key, "Path", 0, REG_EXPAND_SZ, (unsigned char *)path, strlen(path) + 1);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1755:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  slen = strlen(s);
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1927:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(temp) > 7)
data/htmldoc-1.9.8/htmldoc/htmldoc.cxx:1987:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (strlen(temp) > 14)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:323:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:337:27:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ch              = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:400:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:638:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    indent[strlen((char *)indent) - 4] = '\0';
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:641:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            indent[strlen((char *)indent) - 4] = '\0';
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:728:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	         (ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:749:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:760:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:786:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:819:17:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	         (ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:841:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:852:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:874:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1458:28:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          if (isspace(ch = getc(fp)))
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1604:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (t->data[strlen((char *)t->data) - 1] == '\n')
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1607:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          col += strlen((char *)t->data);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1611:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((col + (int)strlen((char *)t->data)) > 72 && col > 0)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:1620:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	col += strlen((char *)t->data);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2085:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      tlen = strlen((char *)tdata);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2190:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (namelen = strlen((char *)name), ptrlen = strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2190:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (namelen = strlen((char *)name), ptrlen = strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2285:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      if (sscanf(line, "%*s%*s%*s%*s%f%*s%*s%63s", &width, glyph) != 2)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2456:14:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
      while (fscanf(fp, "%x%63s", &unicode, glyph) == 2)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2696:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = getc(fp)) != EOF && mptr < (markup + sizeof(markup) - 1))
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2702:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2723:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2747:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cptr = comment + strlen((char *)comment);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2775:20:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if ((ch2 = getc(fp)) == '>')
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2798:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		 (ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2819:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    cptr += strlen((char *)cptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2830:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    cptr += strlen((char *)cptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2850:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ch     = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2870:12:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2875:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2907:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2931:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2946:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ch  = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2949:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          ch = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2956:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while ((ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2965:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	             (ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2987:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:2998:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3030:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while ((ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3039:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	             (ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3060:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3071:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3104:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          while ((ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3113:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	             (ch = getc(fp)) != EOF)
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3134:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3145:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ptr += strlen((char *)ptr);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3528:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (filename[0] != '/' && *base && base[strlen(base) - 1] != '/')
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3562:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bytes += (strlen((char *)t->vars[i].name) + 8) & (size_t)~7;
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3565:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bytes += (strlen((char *)t->vars[i].value) + 8) & (size_t)~7;
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3569:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bytes += (strlen((char *)t->data) + 8) & (size_t)~7;
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3734:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch2 = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3748:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch2 = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3755:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ch3 = getc(fp);
data/htmldoc-1.9.8/htmldoc/htmllib.cxx:3771:25:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if ((ch = utf8_getc(getc(fp), fp)) == 0)
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:594:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if (t->data[strlen((char *)t->data) - 1] == '\n')
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:597:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            col += strlen((char *)t->data);
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:601:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((col + (int)strlen((char *)t->data)) > 72 && col > 0)
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:610:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  col += strlen((char *)t->data);
data/htmldoc-1.9.8/htmldoc/htmlsep.cxx:731:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		col += strlen((char *)entity);
data/htmldoc-1.9.8/htmldoc/http-addr.c:136:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return ((int)(offsetof(struct sockaddr_un, sun_path) + strlen(addr->un.sun_path) + 1));
data/htmldoc-1.9.8/htmldoc/http-addr.c:208:12:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    mask = umask(0);
data/htmldoc-1.9.8/htmldoc/http-addr.c:220:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(mask);
data/htmldoc-1.9.8/htmldoc/http-addr.c:543:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      sptr += strlen(sptr);
data/htmldoc-1.9.8/htmldoc/http-addr.c:550:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sptr += strlen(sptr);
data/htmldoc-1.9.8/htmldoc/http-addr.c:563:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sptr += strlen(sptr);
data/htmldoc-1.9.8/htmldoc/http-addr.c:573:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    sptr += strlen(sptr);
data/htmldoc-1.9.8/htmldoc/http-addr.c:577:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  sptr += strlen(sptr);
data/htmldoc-1.9.8/htmldoc/http-addr.c:683:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hostent.h_length    = (int)strlen(name) + 1;
data/htmldoc-1.9.8/htmldoc/http-addr.c:838:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local"))
data/htmldoc-1.9.8/htmldoc/http-addr.c:838:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) > 6 && !strcmp(s + strlen(s) - 6, ".local"))
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:532:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
data/htmldoc-1.9.8/htmldoc/http-addrlist.c:552:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((ipv6len = (int)strlen(ipv6) - 1) >= 0 && ipv6[ipv6len] == ']')
data/htmldoc-1.9.8/htmldoc/http-support.c:357:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ptr += strlen(ptr);
data/htmldoc-1.9.8/htmldoc/http-support.c:518:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  _cupsMD5Append(&md5state, (unsigned char *)data, (int)strlen(data));
data/htmldoc-1.9.8/htmldoc/http-support.c:678:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (httpEncode64_2(out, 512, in, (int)strlen(in)));
data/htmldoc-1.9.8/htmldoc/http-support.c:837:7:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  if (sscanf(s, "%*s%d%15s%d%d:%d:%d", &day, mon, &year, &hour, &min, &sec) < 6)
data/htmldoc-1.9.8/htmldoc/http-support.c:1277:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char *resptr = resource + strlen(resource);
data/htmldoc-1.9.8/htmldoc/http-support.c:2221:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (hostptr = hostTarget + strlen(hostTarget) - 7) > hostTarget &&
data/htmldoc-1.9.8/htmldoc/http-support.c:2245:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
data/htmldoc-1.9.8/htmldoc/http-support.c:2459:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (hostptr = hostTarget + strlen(hostTarget) - 6) > hostTarget &&
data/htmldoc-1.9.8/htmldoc/http-support.c:2483:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  if ((hostptr = fqdn + strlen(fqdn) - 6) <= fqdn ||
data/htmldoc-1.9.8/htmldoc/http.c:2522:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
data/htmldoc-1.9.8/htmldoc/http.c:2522:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1;
data/htmldoc-1.9.8/htmldoc/http.c:2769:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ptr += strlen(ptr) - 1;
data/htmldoc-1.9.8/htmldoc/http.c:4033:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  start = line + strlen(line);
data/htmldoc-1.9.8/htmldoc/http.c:4833:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (http_write(http, header, strlen(header)) < 0)
data/htmldoc-1.9.8/htmldoc/image.cxx:148:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if ((count = getc(fp)) == EOF)
data/htmldoc-1.9.8/htmldoc/image.cxx:295:22:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  code_size = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:883:3:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  getc(fp);			/* Skip "BM" sync chars */
data/htmldoc-1.9.8/htmldoc/image.cxx:884:3:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:905:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:955:22:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      byte = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:989:6:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1010:3:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1013:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      if ((count = getc(fp)) == 0)
data/htmldoc-1.9.8/htmldoc/image.cxx:1015:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((count = getc(fp)) == 0)
data/htmldoc-1.9.8/htmldoc/image.cxx:1038:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		  count = getc(fp) * getc(fp) * img->width;
data/htmldoc-1.9.8/htmldoc/image.cxx:1038:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		  count = getc(fp) * getc(fp) * img->width;
data/htmldoc-1.9.8/htmldoc/image.cxx:1052:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	        color = getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1064:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		temp = getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1117:3:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1120:21:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      if ((count = getc(fp)) == 0)
data/htmldoc-1.9.8/htmldoc/image.cxx:1122:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		if ((count = getc(fp)) == 0)
data/htmldoc-1.9.8/htmldoc/image.cxx:1145:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		  count = getc(fp) * getc(fp) * img->width;
data/htmldoc-1.9.8/htmldoc/image.cxx:1145:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		  count = getc(fp) * getc(fp) * img->width;
data/htmldoc-1.9.8/htmldoc/image.cxx:1159:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	        color = getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1167:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      temp = getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1192:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      temp = getc(fp) * 8;
data/htmldoc-1.9.8/htmldoc/image.cxx:1193:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      temp += getc(fp) * 61;
data/htmldoc-1.9.8/htmldoc/image.cxx:1194:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      temp += getc(fp) * 31;
data/htmldoc-1.9.8/htmldoc/image.cxx:1202:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      ptr[2] = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1203:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      ptr[1] = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1204:24:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	      ptr[0] = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1213:6:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1261:13:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    switch (getc(fp))
data/htmldoc-1.9.8/htmldoc/image.cxx:1267:27:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          buf[0] = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1807:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b0 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1808:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b1 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1823:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b0 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1824:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b1 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1825:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b2 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1826:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b3 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1841:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b0 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1842:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b1 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1843:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b2 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/image.cxx:1844:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  b3 = (uchar)getc(fp);
data/htmldoc-1.9.8/htmldoc/iso8859.cxx:305:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen((char *)name) == 1)
data/htmldoc-1.9.8/htmldoc/mmd.c:184:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      textlen = strlen(current->text);
data/htmldoc-1.9.8/htmldoc/mmd.c:349:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  prefix_len = strlen(prefix);
data/htmldoc-1.9.8/htmldoc/mmd.c:705:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        lineend = lineptr + strlen(lineptr) - 1;
data/htmldoc-1.9.8/htmldoc/mmd.c:907:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        temp = lineptr + strlen(lineptr) - 1;
data/htmldoc-1.9.8/htmldoc/mmd.c:1019:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((end = lineptr + strlen(lineptr) - 1) > lineptr)
data/htmldoc-1.9.8/htmldoc/mmd.c:1060:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          for (end = start + strlen(start) - 1; end > start && isspace(*end & 255); end --);
data/htmldoc-1.9.8/htmldoc/mmd.c:1138:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      char *ptr = line + strlen(line);
data/htmldoc-1.9.8/htmldoc/mmd.c:1143:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(ptr, ptr + 1, strlen(ptr));
data/htmldoc-1.9.8/htmldoc/mmd.c:1616:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *end = text + strlen(text) - 1;
data/htmldoc-1.9.8/htmldoc/mmd.c:1685:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	delimlen = strlen(delim);
data/htmldoc-1.9.8/htmldoc/mmd.c:1864:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      memmove(lineptr, lineptr + 1, strlen(lineptr));
data/htmldoc-1.9.8/htmldoc/mmd.c:1968:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(lineptr, lineptr + 1, strlen(lineptr));
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1044:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bytes += strlen((char *)r->data.text.buffer);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1618:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1636:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1657:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1676:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1684:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1693:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1702:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1709:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1715:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1723:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:1730:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5011:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  int	ch = prev->data[strlen((char *)prev->data) - 1];
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5055:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        num_chars += strlen((char *)temp->data);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5262:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            temp_width = temp->width + char_spacing * strlen((char *)lineptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5272:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lineptr    += strlen((char *)lineptr);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5488:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	   flat->data[strlen((char *)flat->data) - 1] == '\n'))
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:5931:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (height_var[strlen((char *)height_var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6372:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6382:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6571:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:6673:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7020:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (height_var[strlen((char *)height_var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:7304:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen((char *)type) == 1)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:8694:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    datalen = strlen((char *)data);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9004:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (var[strlen((char *)var) - 1] != '%' || (right - left) > 0.0f))
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9007:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9025:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9112:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              temp->data[strlen((char *)temp->data) - 1] == '\n')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9143:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              temp->data[strlen((char *)temp->data) - 1] == '\n')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9159:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 	    (temp->data[0] && isspace(temp->data[strlen((char *)temp->data) - 1]))))
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9335:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      (var[strlen((char *)var) - 1] != '%' || (right - left) > 0.0f))
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9338:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9353:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (var[strlen((char *)var) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9637:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (width[strlen((char *)width) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9642:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (height[strlen((char *)height) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9657:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (width[strlen((char *)width) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9666:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (height[strlen((char *)height) - 1] == '%')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9835:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (s = sizes + strlen(sizes) - 1; s > sizes && *s == '0'; s --)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9897:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (s = xs + strlen(xs) - 1; s > xs && *s == '0'; s --)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:9903:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (s = ys + strlen(ys) - 1; s > ys && *s == '0'; s --)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11576:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        j += strlen(_htmlGlyphs[i]) + 1;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11583:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          j = strlen(_htmlGlyphs[i]) + 1;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11679:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((i = strlen(UserPassword)) < 32)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:11690:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((i = strlen(OwnerPassword)) < 32)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12004:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (len = strlen((char *)s); len > 0; len -= bytes, s += bytes)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12425:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (line[strlen(line) - 1] != '\n')
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12444:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length1 += strlen(line);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12455:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length2 += (strlen(line) - 1) / 2;
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12458:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length3 = strlen(line);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12460:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length3 += strlen(line);
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12574:8:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	  if (sscanf(line, "%*s%*s%*s%*s%d%*s%*s%63s", &width, glyph) != 2)
data/htmldoc-1.9.8/htmldoc/ps-pdf.cxx:12878:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  flate_write(out, (uchar *)s, strlen(s));
data/htmldoc-1.9.8/htmldoc/snprintf.c:108:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(tformat, bufformat, format - bufformat);
data/htmldoc-1.9.8/htmldoc/snprintf.c:113:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:117:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((bufptr + strlen(temp)) > bufend)
data/htmldoc-1.9.8/htmldoc/snprintf.c:119:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(bufptr, temp, bufend - bufptr);
data/htmldoc-1.9.8/htmldoc/snprintf.c:126:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bufptr += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:143:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(tformat, bufformat, format - bufformat);
data/htmldoc-1.9.8/htmldoc/snprintf.c:148:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:152:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((bufptr + strlen(temp)) > bufend)
data/htmldoc-1.9.8/htmldoc/snprintf.c:154:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(bufptr, temp, bufend - bufptr);
data/htmldoc-1.9.8/htmldoc/snprintf.c:161:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bufptr += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:171:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(tformat, bufformat, format - bufformat);
data/htmldoc-1.9.8/htmldoc/snprintf.c:176:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:180:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((bufptr + strlen(temp)) > bufend)
data/htmldoc-1.9.8/htmldoc/snprintf.c:182:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(bufptr, temp, bufend - bufptr);
data/htmldoc-1.9.8/htmldoc/snprintf.c:189:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bufptr += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:216:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    slen = strlen(s);
data/htmldoc-1.9.8/htmldoc/snprintf.c:232:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(bufptr, s, slen);
data/htmldoc-1.9.8/htmldoc/snprintf.c:238:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(bufptr + width - slen, s, slen);
data/htmldoc-1.9.8/htmldoc/snprintf.c:250:6:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	    strncpy(tformat, bufformat, format - bufformat);
data/htmldoc-1.9.8/htmldoc/snprintf.c:255:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bytes += strlen(temp);
data/htmldoc-1.9.8/htmldoc/snprintf.c:259:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      if ((bufptr + strlen(temp)) > bufend)
data/htmldoc-1.9.8/htmldoc/snprintf.c:261:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(bufptr, temp, bufend - bufptr);
data/htmldoc-1.9.8/htmldoc/snprintf.c:268:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		bufptr += strlen(temp);
data/htmldoc-1.9.8/htmldoc/string.c:47:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((t = malloc(strlen(s) + 1)) == NULL)
data/htmldoc-1.9.8/htmldoc/string.c:136:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  dstlen = strlen(dst);
data/htmldoc-1.9.8/htmldoc/string.c:146:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  srclen = strlen(src);
data/htmldoc-1.9.8/htmldoc/string.c:182:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  srclen = strlen(src);
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:488:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (strlen(buffer));
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1086:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1091:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    error = SSLSetPeerDomainName(http->tls, hostname, strlen(hostname));
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1114:6:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
	    usleep(1000);		/* in 1 millisecond */
data/htmldoc-1.9.8/htmldoc/tls-darwin.c:1262:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:431:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (strlen(buffer));
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:475:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((lineptr = line + strlen(line) - 1) >= line && *lineptr == '\n')
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:529:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      else if ((num_data + strlen(line)) >= alloc_data)
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:737:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((lineptr = line + strlen(line) - 1) >= line && *lineptr == '\n')
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:779:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  else if ((num_data + strlen(line)) >= alloc_data)
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:824:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bufptr = buffer + strlen(buffer);
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1086:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/htmldoc-1.9.8/htmldoc/tls-gnutls.c:1091:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    status = gnutls_server_name_set(http->tls, GNUTLS_NAME_DNS, hostname, strlen(hostname));
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:330:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (strlen(buffer));
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:899:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:1188:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((hostptr = hostname + strlen(hostname) - 1) >= hostname &&
data/htmldoc-1.9.8/htmldoc/tls-sspi.c:2242:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (ptr = buffer + strlen(buffer) - 1; ptr >= buffer; ptr --)
data/htmldoc-1.9.8/htmldoc/toc.cxx:207:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            uchar	*baseptr = baselink + strlen((char *)baselink);
data/htmldoc-1.9.8/htmldoc/toc.cxx:208:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            uchar	*headptr = heading + strlen((char *)heading);
data/htmldoc-1.9.8/htmldoc/toc.cxx:272:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      strlen((char *)existing) >= 124)	/* Max size of link name */
data/htmldoc-1.9.8/htmldoc/util.cxx:150:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen((char *)color) == 6)
data/htmldoc-1.9.8/htmldoc/util.cxx:187:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = (int)strlen((char *)color + 1);
data/htmldoc-1.9.8/htmldoc/util.cxx:487:12:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
  else if (sscanf(size, "%fx%f%254s", &width, &length, units) >= 2)
data/htmldoc-1.9.8/htmldoc/zipc.c:312:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *end = zf->filename + strlen(zf->filename);
data/htmldoc-1.9.8/htmldoc/zipc.c:385:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t	len = strlen(contents);	/* Length of contents */
data/htmldoc-1.9.8/htmldoc/zipc.c:565:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (zipcFileWrite(zf, buffer, strlen(buffer)));
data/htmldoc-1.9.8/htmldoc/zipc.c:591:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (zipcFileWrite(zf, s, strlen(s)));
data/htmldoc-1.9.8/htmldoc/zipc.c:869:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/zipc.c:877:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bufptr += strlen(bufptr);
data/htmldoc-1.9.8/htmldoc/zipc.c:925:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      format += strlen(format);
data/htmldoc-1.9.8/htmldoc/zipc.c:932:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            format += strlen(format);
data/htmldoc-1.9.8/htmldoc/zipc.c:1097:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(zf->filename, cfile, sizeof(zf->filename) - 1);
data/htmldoc-1.9.8/htmldoc/zipc.c:1268:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  attrlen = strlen(attrname);
data/htmldoc-1.9.8/htmldoc/zipc.c:1381:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(temp->filename, filename, sizeof(temp->filename) - 1);
data/htmldoc-1.9.8/htmldoc/zipc.c:1595:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t	filenamelen = strlen(zf->filename);
data/htmldoc-1.9.8/htmldoc/zipc.c:1630:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t	filenamelen = strlen(zf->filename);
data/htmldoc-1.9.8/jpeg/jerror.h:245:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy((cinfo)->err->msg_parm.s, (str), JMSG_STR_PARM_MAX), \
data/htmldoc-1.9.8/jpeg/jerror.h:301:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy((cinfo)->err->msg_parm.s, (str), JMSG_STR_PARM_MAX), \
data/htmldoc-1.9.8/png/pngrutil.c:2569:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   text_info.text_length = strlen(text);
data/htmldoc-1.9.8/png/pngset.c:325:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   length = strlen(purpose) + 1;
data/htmldoc-1.9.8/png/pngset.c:350:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          !png_check_fp_string(params[i], strlen(params[i])))
data/htmldoc-1.9.8/png/pngset.c:376:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   length = strlen(units) + 1;
data/htmldoc-1.9.8/png/pngset.c:407:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length = strlen(params[i]) + 1;
data/htmldoc-1.9.8/png/pngset.c:446:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (swidth == NULL || (lengthw = strlen(swidth)) == 0 ||
data/htmldoc-1.9.8/png/pngset.c:450:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   if (sheight == NULL || (lengthh = strlen(sheight)) == 0 ||
data/htmldoc-1.9.8/png/pngset.c:725:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   length = strlen(name)+1;
data/htmldoc-1.9.8/png/pngset.c:851:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      key_len = strlen(text_ptr[i].key);
data/htmldoc-1.9.8/png/pngset.c:865:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lang_len = strlen(text_ptr[i].lang);
data/htmldoc-1.9.8/png/pngset.c:871:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lang_key_len = strlen(text_ptr[i].lang_key);
data/htmldoc-1.9.8/png/pngset.c:898:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         text_length = strlen(text_ptr[i].text);
data/htmldoc-1.9.8/png/pngset.c:1117:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length = strlen(entries->name) + 1;
data/htmldoc-1.9.8/png/pngwutil.c:1549:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      text_len = strlen(text);
data/htmldoc-1.9.8/png/pngwutil.c:1604:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
       text == NULL ? 0 : strlen(text));
data/htmldoc-1.9.8/png/pngwutil.c:1672:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lang_len = strlen(lang)+1;
data/htmldoc-1.9.8/png/pngwutil.c:1674:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   lang_key_len = strlen(lang_key)+1;
data/htmldoc-1.9.8/png/pngwutil.c:1688:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   png_text_compress_init(&comp, (png_const_bytep)text, strlen(text));
data/htmldoc-1.9.8/png/pngwutil.c:1770:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   units_len = strlen(units) + (nparams == 0 ? 0 : 1);
data/htmldoc-1.9.8/png/pngwutil.c:1782:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      params_len[i] = strlen(params[i]) + (i == nparams - 1 ? 0 : 1);
data/htmldoc-1.9.8/png/pngwutil.c:1819:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   wlen = strlen(width);
data/htmldoc-1.9.8/png/pngwutil.c:1820:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   hlen = strlen(height);
data/htmldoc-1.9.8/vcnet/config.h:39:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read	        _read
data/htmldoc-1.9.8/vcnet/config.h:61:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(X)	Sleep((X)/1000)
data/htmldoc-1.9.8/zlib/gzguts.h:40:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#  define read _read
data/htmldoc-1.9.8/zlib/gzlib.c:199:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen((const char *)path);
data/htmldoc-1.9.8/zlib/gzlib.c:601:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
data/htmldoc-1.9.8/zlib/gzlib.c:601:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
data/htmldoc-1.9.8/zlib/gzlib.c:607:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
data/htmldoc-1.9.8/zlib/gzlib.c:607:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
data/htmldoc-1.9.8/zlib/gzread.c:30:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ret = read(state->fd, buf + *have, len - *have);
data/htmldoc-1.9.8/zlib/gzwrite.c:301:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (unsigned)strlen(str);
data/htmldoc-1.9.8/zlib/gzwrite.c:355:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen((char *)(state->in));
data/htmldoc-1.9.8/zlib/gzwrite.c:443:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen((char *)(state->in));

ANALYSIS SUMMARY:

Hits = 1013
Lines analyzed = 145045 in approximately 3.85 seconds (37722 lines/second)
Physical Source Lines of Code (SLOC) = 94461
Hits@level = [0] 700 [1] 320 [2] 558 [3]  48 [4]  86 [5]   1
Hits@level+ = [0+] 1713 [1+] 1013 [2+] 693 [3+] 135 [4+]  87 [5+]   1
Hits/KSLOC@level+ = [0+] 18.1345 [1+] 10.724 [2+] 7.33636 [3+] 1.42916 [4+] 0.921015 [5+] 0.0105864
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.