Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/icu-68.1/as_is/os400/cxxfilt.cpp
Examining data/icu-68.1/as_is/os400/iculd.c
Examining data/icu-68.1/source/samples/strsrch/strsrch.cpp
Examining data/icu-68.1/source/samples/uciter8/uit_len8.c
Examining data/icu-68.1/source/samples/uciter8/uit_len8.h
Examining data/icu-68.1/source/samples/uciter8/uciter8.c
Examining data/icu-68.1/source/samples/dtptngsample/dtptngsample.cpp
Examining data/icu-68.1/source/samples/case/case.cpp
Examining data/icu-68.1/source/samples/case/ucase.c
Examining data/icu-68.1/source/samples/date/date.c
Examining data/icu-68.1/source/samples/date/uprint.h
Examining data/icu-68.1/source/samples/date/uprint.c
Examining data/icu-68.1/source/samples/datecal/ccal.c
Examining data/icu-68.1/source/samples/datecal/cal.cpp
Examining data/icu-68.1/source/samples/citer/citer.cpp
Examining data/icu-68.1/source/samples/numfmt/util.cpp
Examining data/icu-68.1/source/samples/numfmt/main.cpp
Examining data/icu-68.1/source/samples/numfmt/util.h
Examining data/icu-68.1/source/samples/numfmt/capi.c
Examining data/icu-68.1/source/samples/msgfmt/util.cpp
Examining data/icu-68.1/source/samples/msgfmt/main.cpp
Examining data/icu-68.1/source/samples/msgfmt/util.h
Examining data/icu-68.1/source/samples/msgfmt/answers/main_3.cpp
Examining data/icu-68.1/source/samples/msgfmt/answers/main_0.cpp
Examining data/icu-68.1/source/samples/msgfmt/answers/main_1.cpp
Examining data/icu-68.1/source/samples/msgfmt/answers/main_2.cpp
Examining data/icu-68.1/source/samples/cal/uprint.h
Examining data/icu-68.1/source/samples/cal/uprint.c
Examining data/icu-68.1/source/samples/cal/cal.c
Examining data/icu-68.1/source/samples/layout/RenderingSurface.h
Examining data/icu-68.1/source/samples/layout/GDIFontMap.cpp
Examining data/icu-68.1/source/samples/layout/GnomeFontMap.h
Examining data/icu-68.1/source/samples/layout/GUISupport.h
Examining data/icu-68.1/source/samples/layout/GDIGUISupport.cpp
Examining data/icu-68.1/source/samples/layout/Surface.h
Examining data/icu-68.1/source/samples/layout/FontMap.h
Examining data/icu-68.1/source/samples/layout/resource.h
Examining data/icu-68.1/source/samples/layout/gnomelayout.cpp
Examining data/icu-68.1/source/samples/layout/ucreader.cpp
Examining data/icu-68.1/source/samples/layout/paragraph.h
Examining data/icu-68.1/source/samples/layout/ucreader.h
Examining data/icu-68.1/source/samples/layout/arraymem.h
Examining data/icu-68.1/source/samples/layout/GnomeFontMap.cpp
Examining data/icu-68.1/source/samples/layout/cgnomelayout.c
Examining data/icu-68.1/source/samples/layout/pflow.h
Examining data/icu-68.1/source/samples/layout/FontTableCache.cpp
Examining data/icu-68.1/source/samples/layout/UnicodeReader.cpp
Examining data/icu-68.1/source/samples/layout/pflow.c
Examining data/icu-68.1/source/samples/layout/GnomeFontInstance.cpp
Examining data/icu-68.1/source/samples/layout/GDIFontInstance.h
Examining data/icu-68.1/source/samples/layout/ScriptCompositeFontInstance.cpp
Examining data/icu-68.1/source/samples/layout/cmaps.h
Examining data/icu-68.1/source/samples/layout/ScriptCompositeFontInstance.h
Examining data/icu-68.1/source/samples/layout/FontMap.cpp
Examining data/icu-68.1/source/samples/layout/gdiglue.h
Examining data/icu-68.1/source/samples/layout/gdiglue.cpp
Examining data/icu-68.1/source/samples/layout/rsurface.h
Examining data/icu-68.1/source/samples/layout/layout.cpp
Examining data/icu-68.1/source/samples/layout/gnomeglue.h
Examining data/icu-68.1/source/samples/layout/UnicodeReader.h
Examining data/icu-68.1/source/samples/layout/gsupport.h
Examining data/icu-68.1/source/samples/layout/GnomeFontInstance.h
Examining data/icu-68.1/source/samples/layout/GDIFontInstance.cpp
Examining data/icu-68.1/source/samples/layout/GDIGUISupport.h
Examining data/icu-68.1/source/samples/layout/clayout.c
Examining data/icu-68.1/source/samples/layout/FontTableCache.h
Examining data/icu-68.1/source/samples/layout/GnomeGUISupport.cpp
Examining data/icu-68.1/source/samples/layout/sfnt.h
Examining data/icu-68.1/source/samples/layout/GnomeGUISupport.h
Examining data/icu-68.1/source/samples/layout/cmaps.cpp
Examining data/icu-68.1/source/samples/layout/paragraph.cpp
Examining data/icu-68.1/source/samples/layout/rsurface.cpp
Examining data/icu-68.1/source/samples/layout/gnomeglue.cpp
Examining data/icu-68.1/source/samples/layout/GDIFontMap.h
Examining data/icu-68.1/source/samples/layout/Surface.cpp
Examining data/icu-68.1/source/samples/datefmt/util.cpp
Examining data/icu-68.1/source/samples/datefmt/main.cpp
Examining data/icu-68.1/source/samples/datefmt/util.h
Examining data/icu-68.1/source/samples/datefmt/answers/main_3.cpp
Examining data/icu-68.1/source/samples/datefmt/answers/main_0.cpp
Examining data/icu-68.1/source/samples/datefmt/answers/main_1.cpp
Examining data/icu-68.1/source/samples/datefmt/answers/main_2.cpp
Examining data/icu-68.1/source/samples/ustring/ustring.cpp
Examining data/icu-68.1/source/samples/ufortune/ufortune.c
Examining data/icu-68.1/source/samples/csdet/csdet.c
Examining data/icu-68.1/source/samples/udata/reader.c
Examining data/icu-68.1/source/samples/udata/writer.c
Examining data/icu-68.1/source/samples/dtitvfmtsample/dtitvfmtsample.cpp
Examining data/icu-68.1/source/samples/ucnv/flagcb.h
Examining data/icu-68.1/source/samples/ucnv/flagcb.c
Examining data/icu-68.1/source/samples/ucnv/convsamp.cpp
Examining data/icu-68.1/source/samples/legacy/oldcol.cpp
Examining data/icu-68.1/source/samples/legacy/newcol.cpp
Examining data/icu-68.1/source/samples/legacy/legacy.cpp
Examining data/icu-68.1/source/samples/plurfmtsample/plurfmtsample.cpp
Examining data/icu-68.1/source/samples/break/break.cpp
Examining data/icu-68.1/source/samples/break/ubreak.c
Examining data/icu-68.1/source/samples/coll/coll.cpp
Examining data/icu-68.1/source/samples/ugrep/ugrep.cpp
Examining data/icu-68.1/source/samples/translit/util.cpp
Examining data/icu-68.1/source/samples/translit/main.cpp
Examining data/icu-68.1/source/samples/translit/util.h
Examining data/icu-68.1/source/samples/translit/unaccent.h
Examining data/icu-68.1/source/samples/translit/answers/main_3.cpp
Examining data/icu-68.1/source/samples/translit/answers/unaccent.h
Examining data/icu-68.1/source/samples/translit/answers/unaccent.cpp
Examining data/icu-68.1/source/samples/translit/answers/main_4.cpp
Examining data/icu-68.1/source/samples/translit/answers/main_1.cpp
Examining data/icu-68.1/source/samples/translit/answers/main_2.cpp
Examining data/icu-68.1/source/samples/translit/unaccent.cpp
Examining data/icu-68.1/source/samples/props/props.cpp
Examining data/icu-68.1/source/samples/uresb/uresb.c
Examining data/icu-68.1/source/io/uprntf_p.cpp
Examining data/icu-68.1/source/io/sprintf.cpp
Examining data/icu-68.1/source/io/ufmt_cmn.cpp
Examining data/icu-68.1/source/io/uscanf_p.cpp
Examining data/icu-68.1/source/io/ufile.cpp
Examining data/icu-68.1/source/io/locbund.cpp
Examining data/icu-68.1/source/io/sscanf.cpp
Examining data/icu-68.1/source/io/ufmt_cmn.h
Examining data/icu-68.1/source/io/uprintf.h
Examining data/icu-68.1/source/io/ucln_io.cpp
Examining data/icu-68.1/source/io/uscanf.h
Examining data/icu-68.1/source/io/uprintf.cpp
Examining data/icu-68.1/source/io/unicode/ustdio.h
Examining data/icu-68.1/source/io/unicode/ustream.h
Examining data/icu-68.1/source/io/ustdio.cpp
Examining data/icu-68.1/source/io/ustream.cpp
Examining data/icu-68.1/source/io/ucln_io.h
Examining data/icu-68.1/source/io/uscanf.cpp
Examining data/icu-68.1/source/io/locbund.h
Examining data/icu-68.1/source/io/ufile.h
Examining data/icu-68.1/source/tools/gencolusb/verify_uset.cpp
Examining data/icu-68.1/source/tools/gencolusb/extract_unsafe_backwards.cpp
Examining data/icu-68.1/source/tools/tzcode/zdump.c
Examining data/icu-68.1/source/tools/tzcode/scheck.c
Examining data/icu-68.1/source/tools/tzcode/private.h
Examining data/icu-68.1/source/tools/tzcode/asctime.c
Examining data/icu-68.1/source/tools/tzcode/icuzdump.cpp
Examining data/icu-68.1/source/tools/tzcode/tz2icu.h
Examining data/icu-68.1/source/tools/tzcode/tzfile.h
Examining data/icu-68.1/source/tools/tzcode/ialloc.c
Examining data/icu-68.1/source/tools/tzcode/zic.c
Examining data/icu-68.1/source/tools/tzcode/tz2icu.cpp
Examining data/icu-68.1/source/tools/tzcode/localtime.c
Examining data/icu-68.1/source/tools/gencnval/gencnval.c
Examining data/icu-68.1/source/tools/gencfu/gencfu.cpp
Examining data/icu-68.1/source/tools/icuinfo/testplug.c
Examining data/icu-68.1/source/tools/icuinfo/icuinfo.cpp
Examining data/icu-68.1/source/tools/gensprep/gensprep.c
Examining data/icu-68.1/source/tools/gensprep/gensprep.h
Examining data/icu-68.1/source/tools/gensprep/store.c
Examining data/icu-68.1/source/tools/genrb/errmsg.h
Examining data/icu-68.1/source/tools/genrb/derb.cpp
Examining data/icu-68.1/source/tools/genrb/rbutil.c
Examining data/icu-68.1/source/tools/genrb/rbutil.h
Examining data/icu-68.1/source/tools/genrb/prscmnts.cpp
Examining data/icu-68.1/source/tools/genrb/read.c
Examining data/icu-68.1/source/tools/genrb/reslist.h
Examining data/icu-68.1/source/tools/genrb/filterrb.cpp
Examining data/icu-68.1/source/tools/genrb/wrtxml.cpp
Examining data/icu-68.1/source/tools/genrb/rle.c
Examining data/icu-68.1/source/tools/genrb/read.h
Examining data/icu-68.1/source/tools/genrb/ustr.c
Examining data/icu-68.1/source/tools/genrb/rle.h
Examining data/icu-68.1/source/tools/genrb/filterrb.h
Examining data/icu-68.1/source/tools/genrb/parse.cpp
Examining data/icu-68.1/source/tools/genrb/ustr.h
Examining data/icu-68.1/source/tools/genrb/prscmnts.h
Examining data/icu-68.1/source/tools/genrb/genrb.cpp
Examining data/icu-68.1/source/tools/genrb/wrtjava.cpp
Examining data/icu-68.1/source/tools/genrb/errmsg.c
Examining data/icu-68.1/source/tools/genrb/parse.h
Examining data/icu-68.1/source/tools/genrb/genrb.h
Examining data/icu-68.1/source/tools/genrb/reslist.cpp
Examining data/icu-68.1/source/tools/gendict/gendict.cpp
Examining data/icu-68.1/source/tools/pkgdata/pkgtypes.c
Examining data/icu-68.1/source/tools/pkgdata/pkgtypes.h
Examining data/icu-68.1/source/tools/pkgdata/pkgdata.cpp
Parsing failed to find end of parameter list; semicolon terminated it in (cmd, "%s%s%s %s -o %s%s %s %s%s %s %s",
                pkgDataFlags[GENLIB],
                targetDir,
                libFileNames[LIB_FILE_MINGW],
                pkgDataFlags[LDICUDTFLAGS],
    
Parsing failed to find end of parameter list; semicolon terminated it in (cmd, "%s%s%s %s -o %s%s %s %s%s %s %s",
                pkgDataFlags[GENLIB],
                targetDir,
                libFileNames[LIB_FILE_VERSION_TMP],
                pkgDataFlags[LDICUDTFLAGS]
Parsing failed to find end of parameter list; semicolon terminated it in (cmd, "%s %s%s;%s %s -o %s%s %s %s%s %s %s",
                RM_CMD,
                targetDir,
                libFileNames[LIB_FILE_VERSION_TMP],
                pkgDataFlags[GENLIB],
              
Examining data/icu-68.1/source/tools/icuswap/icuswap.cpp
Examining data/icu-68.1/source/tools/makeconv/gencnvex.c
Examining data/icu-68.1/source/tools/makeconv/ucnvstat.c
Examining data/icu-68.1/source/tools/makeconv/makeconv.h
Examining data/icu-68.1/source/tools/makeconv/genmbcs.cpp
Examining data/icu-68.1/source/tools/makeconv/genmbcs.h
Examining data/icu-68.1/source/tools/makeconv/makeconv.cpp
Examining data/icu-68.1/source/tools/toolutil/uparse.cpp
Examining data/icu-68.1/source/tools/toolutil/package.cpp
Examining data/icu-68.1/source/tools/toolutil/unewdata.cpp
Examining data/icu-68.1/source/tools/toolutil/toolutil.cpp
Examining data/icu-68.1/source/tools/toolutil/ucln_tu.cpp
Examining data/icu-68.1/source/tools/toolutil/collationinfo.h
Examining data/icu-68.1/source/tools/toolutil/ucbuf.h
Examining data/icu-68.1/source/tools/toolutil/ppucd.h
Examining data/icu-68.1/source/tools/toolutil/xmlparser.h
Examining data/icu-68.1/source/tools/toolutil/filetools.h
Examining data/icu-68.1/source/tools/toolutil/uparse.h
Examining data/icu-68.1/source/tools/toolutil/pkg_icu.h
Examining data/icu-68.1/source/tools/toolutil/filetools.cpp
Examining data/icu-68.1/source/tools/toolutil/filestrm.cpp
Examining data/icu-68.1/source/tools/toolutil/xmlparser.cpp
Examining data/icu-68.1/source/tools/toolutil/filestrm.h
Examining data/icu-68.1/source/tools/toolutil/pkg_genc.h
Examining data/icu-68.1/source/tools/toolutil/swapimpl.h
Examining data/icu-68.1/source/tools/toolutil/writesrc.h
Examining data/icu-68.1/source/tools/toolutil/flagparser.cpp
Examining data/icu-68.1/source/tools/toolutil/udbgutil.h
Examining data/icu-68.1/source/tools/toolutil/swapimpl.cpp
Examining data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp
Examining data/icu-68.1/source/tools/toolutil/dbgutil.h
Examining data/icu-68.1/source/tools/toolutil/collationinfo.cpp
Examining data/icu-68.1/source/tools/toolutil/pkg_icu.cpp
Examining data/icu-68.1/source/tools/toolutil/toolutil.h
Examining data/icu-68.1/source/tools/toolutil/package.h
Examining data/icu-68.1/source/tools/toolutil/uoptions.h
Examining data/icu-68.1/source/tools/toolutil/ucbuf.cpp
Examining data/icu-68.1/source/tools/toolutil/pkgitems.cpp
Examining data/icu-68.1/source/tools/toolutil/unewdata.h
Examining data/icu-68.1/source/tools/toolutil/ppucd.cpp
Examining data/icu-68.1/source/tools/toolutil/ucm.cpp
Examining data/icu-68.1/source/tools/toolutil/pkg_genc.cpp
Examining data/icu-68.1/source/tools/toolutil/ucm.h
Examining data/icu-68.1/source/tools/toolutil/dbgutil.cpp
Examining data/icu-68.1/source/tools/toolutil/pkg_gencmn.h
Examining data/icu-68.1/source/tools/toolutil/flagparser.h
Examining data/icu-68.1/source/tools/toolutil/udbgutil.cpp
Examining data/icu-68.1/source/tools/toolutil/uoptions.cpp
Examining data/icu-68.1/source/tools/toolutil/denseranges.cpp
Examining data/icu-68.1/source/tools/toolutil/pkg_imp.h
Examining data/icu-68.1/source/tools/toolutil/ucmstate.cpp
Examining data/icu-68.1/source/tools/toolutil/writesrc.cpp
Examining data/icu-68.1/source/tools/toolutil/denseranges.h
Examining data/icu-68.1/source/tools/gennorm2/extradata.cpp
Examining data/icu-68.1/source/tools/gennorm2/norms.cpp
Examining data/icu-68.1/source/tools/gennorm2/gennorm2.cpp
Examining data/icu-68.1/source/tools/gennorm2/n2builder.cpp
Examining data/icu-68.1/source/tools/gennorm2/n2builder.h
Examining data/icu-68.1/source/tools/gennorm2/extradata.h
Examining data/icu-68.1/source/tools/gennorm2/norms.h
Examining data/icu-68.1/source/tools/genbrk/genbrk.cpp
Examining data/icu-68.1/source/tools/gencmn/gencmn.c
Examining data/icu-68.1/source/tools/escapesrc/tblgen.cpp
Examining data/icu-68.1/source/tools/escapesrc/escapesrc.cpp
Examining data/icu-68.1/source/tools/escapesrc/test-nochange.cpp
Examining data/icu-68.1/source/tools/escapesrc/test-simple.cpp
Examining data/icu-68.1/source/tools/escapesrc/expect-simple.cpp
Examining data/icu-68.1/source/tools/escapesrc/cptbl.h
Examining data/icu-68.1/source/tools/gentest/gentest.c
Examining data/icu-68.1/source/tools/gentest/genres32.c
Examining data/icu-68.1/source/tools/gentest/gentest.h
Examining data/icu-68.1/source/tools/genccode/genccode.c
Examining data/icu-68.1/source/tools/icupkg/icupkg.cpp
Examining data/icu-68.1/source/tools/ctestfw/datamap.cpp
Examining data/icu-68.1/source/tools/ctestfw/testdata.cpp
Examining data/icu-68.1/source/tools/ctestfw/uperf.cpp
Examining data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp
Examining data/icu-68.1/source/tools/ctestfw/ucln_ct.c
Examining data/icu-68.1/source/tools/ctestfw/unicode/testlog.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/tstdtmod.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/utimer.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/testtype.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/ctest.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/uperf.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/datamap.h
Examining data/icu-68.1/source/tools/ctestfw/unicode/testdata.h
Examining data/icu-68.1/source/tools/ctestfw/ctest.c
Examining data/icu-68.1/source/i18n/collationruleparser.h
Examining data/icu-68.1/source/i18n/uspoof_conf.cpp
Examining data/icu-68.1/source/i18n/numparse_affixes.h
Examining data/icu-68.1/source/i18n/numparse_affixes.cpp
Examining data/icu-68.1/source/i18n/dayperiodrules.h
Examining data/icu-68.1/source/i18n/zonemeta.h
Examining data/icu-68.1/source/i18n/decNumber.h
Examining data/icu-68.1/source/i18n/ucsdet.cpp
Examining data/icu-68.1/source/i18n/number_patternstring.cpp
Examining data/icu-68.1/source/i18n/plurfmt.cpp
Examining data/icu-68.1/source/i18n/number_integerwidth.cpp
Examining data/icu-68.1/source/i18n/tmutfmt.cpp
Examining data/icu-68.1/source/i18n/repattrn.cpp
Examining data/icu-68.1/source/i18n/regexcst.h
Examining data/icu-68.1/source/i18n/collationdatareader.h
Examining data/icu-68.1/source/i18n/selfmtimpl.h
Examining data/icu-68.1/source/i18n/smpdtfmt.cpp
Examining data/icu-68.1/source/i18n/collation.h
Examining data/icu-68.1/source/i18n/umsg_imp.h
Examining data/icu-68.1/source/i18n/tridpars.h
Examining data/icu-68.1/source/i18n/number_patternmodifier.cpp
Examining data/icu-68.1/source/i18n/erarules.cpp
Examining data/icu-68.1/source/i18n/number_currencysymbols.h
Examining data/icu-68.1/source/i18n/number_utils.h
Examining data/icu-68.1/source/i18n/casetrn.h
Examining data/icu-68.1/source/i18n/umsg.cpp
Examining data/icu-68.1/source/i18n/utf8collationiterator.cpp
Examining data/icu-68.1/source/i18n/dtrule.cpp
Examining data/icu-68.1/source/i18n/csrutf8.h
Examining data/icu-68.1/source/i18n/collationcompare.cpp
Examining data/icu-68.1/source/i18n/double-conversion.h
Examining data/icu-68.1/source/i18n/cpdtrans.h
Examining data/icu-68.1/source/i18n/taiwncal.cpp
Examining data/icu-68.1/source/i18n/winnmfmt.cpp
Examining data/icu-68.1/source/i18n/nultrans.cpp
Examining data/icu-68.1/source/i18n/rbt_pars.cpp
Examining data/icu-68.1/source/i18n/nfsubs.h
Examining data/icu-68.1/source/i18n/sharedcalendar.h
Examining data/icu-68.1/source/i18n/nfrlist.h
Examining data/icu-68.1/source/i18n/tzgnames.cpp
Examining data/icu-68.1/source/i18n/fphdlimp.cpp
Examining data/icu-68.1/source/i18n/collation.cpp
Examining data/icu-68.1/source/i18n/dtptngen.cpp
Examining data/icu-68.1/source/i18n/regexst.h
Examining data/icu-68.1/source/i18n/double-conversion-bignum.h
Examining data/icu-68.1/source/i18n/fmtableimp.h
Examining data/icu-68.1/source/i18n/measunit_extra.cpp
Examining data/icu-68.1/source/i18n/buddhcal.h
Examining data/icu-68.1/source/i18n/numparse_validators.cpp
Examining data/icu-68.1/source/i18n/cpdtrans.cpp
Examining data/icu-68.1/source/i18n/compactdecimalformat.cpp
Examining data/icu-68.1/source/i18n/uspoof_conf.h
Examining data/icu-68.1/source/i18n/decimfmt.cpp
Examining data/icu-68.1/source/i18n/dcfmtsym.cpp
Examining data/icu-68.1/source/i18n/fpositer.cpp
Examining data/icu-68.1/source/i18n/erarules.h
Examining data/icu-68.1/source/i18n/double-conversion-diy-fp.h
Examining data/icu-68.1/source/i18n/tolowtrn.cpp
Examining data/icu-68.1/source/i18n/rbt_set.h
Examining data/icu-68.1/source/i18n/collationsettings.h
Examining data/icu-68.1/source/i18n/gregocal.cpp
Examining data/icu-68.1/source/i18n/formattedval_iterimpl.cpp
Examining data/icu-68.1/source/i18n/collationtailoring.cpp
Examining data/icu-68.1/source/i18n/dtitvfmt.cpp
Examining data/icu-68.1/source/i18n/sharedpluralrules.h
Examining data/icu-68.1/source/i18n/numparse_scientific.cpp
Examining data/icu-68.1/source/i18n/number_decimfmtprops.cpp
Examining data/icu-68.1/source/i18n/units_router.h
Examining data/icu-68.1/source/i18n/nultrans.h
Examining data/icu-68.1/source/i18n/hebrwcal.h
Examining data/icu-68.1/source/i18n/currfmt.cpp
Examining data/icu-68.1/source/i18n/standardplural.h
Examining data/icu-68.1/source/i18n/format.cpp
Examining data/icu-68.1/source/i18n/units_converter.cpp
Examining data/icu-68.1/source/i18n/bocsu.h
Examining data/icu-68.1/source/i18n/numparse_currency.h
Examining data/icu-68.1/source/i18n/sharedbreakiterator.cpp
Examining data/icu-68.1/source/i18n/msgfmt_impl.h
Examining data/icu-68.1/source/i18n/gregoimp.h
Examining data/icu-68.1/source/i18n/number_longnames.cpp
Examining data/icu-68.1/source/i18n/name2uni.cpp
Examining data/icu-68.1/source/i18n/titletrn.cpp
Examining data/icu-68.1/source/i18n/double-conversion-strtod.cpp
Examining data/icu-68.1/source/i18n/collationsets.h
Examining data/icu-68.1/source/i18n/strmatch.h
Examining data/icu-68.1/source/i18n/plurrule_impl.h
Examining data/icu-68.1/source/i18n/number_grouping.cpp
Examining data/icu-68.1/source/i18n/double-conversion-cached-powers.cpp
Examining data/icu-68.1/source/i18n/number_padding.cpp
Examining data/icu-68.1/source/i18n/collationrootelements.h
Examining data/icu-68.1/source/i18n/collationdatawriter.cpp
Examining data/icu-68.1/source/i18n/zrule.h
Examining data/icu-68.1/source/i18n/number_capi.cpp
Examining data/icu-68.1/source/i18n/number_symbolswrapper.cpp
Examining data/icu-68.1/source/i18n/inputext.cpp
Examining data/icu-68.1/source/i18n/double-conversion-string-to-double.h
Examining data/icu-68.1/source/i18n/utf8collationiterator.h
Examining data/icu-68.1/source/i18n/units_complexconverter.cpp
Examining data/icu-68.1/source/i18n/tolowtrn.h
Examining data/icu-68.1/source/i18n/number_output.cpp
Examining data/icu-68.1/source/i18n/smpdtfst.cpp
Examining data/icu-68.1/source/i18n/ucal.cpp
Examining data/icu-68.1/source/i18n/collationruleparser.cpp
Examining data/icu-68.1/source/i18n/dayperiodrules.cpp
Examining data/icu-68.1/source/i18n/coll.cpp
Examining data/icu-68.1/source/i18n/taiwncal.h
Examining data/icu-68.1/source/i18n/reldatefmt.cpp
Examining data/icu-68.1/source/i18n/collationdata.cpp
Examining data/icu-68.1/source/i18n/strrepl.h
Examining data/icu-68.1/source/i18n/timezone.cpp
Examining data/icu-68.1/source/i18n/collationdatabuilder.h
Examining data/icu-68.1/source/i18n/number_patternstring.h
Examining data/icu-68.1/source/i18n/rbt.cpp
Examining data/icu-68.1/source/i18n/hebrwcal.cpp
Examining data/icu-68.1/source/i18n/sortkey.cpp
Examining data/icu-68.1/source/i18n/number_scientific.h
Examining data/icu-68.1/source/i18n/collationbuilder.cpp
Examining data/icu-68.1/source/i18n/ucol_imp.h
Examining data/icu-68.1/source/i18n/reldtfmt.h
Examining data/icu-68.1/source/i18n/upluralrules.cpp
Examining data/icu-68.1/source/i18n/csrutf8.cpp
Examining data/icu-68.1/source/i18n/double-conversion-bignum.cpp
Examining data/icu-68.1/source/i18n/number_currencysymbols.cpp
Examining data/icu-68.1/source/i18n/number_patternmodifier.h
Examining data/icu-68.1/source/i18n/olsontz.cpp
Examining data/icu-68.1/source/i18n/number_rounding.cpp
Examining data/icu-68.1/source/i18n/number_compact.h
Examining data/icu-68.1/source/i18n/dangical.cpp
Examining data/icu-68.1/source/i18n/number_decimalquantity.cpp
Examining data/icu-68.1/source/i18n/utmscale.cpp
Examining data/icu-68.1/source/i18n/double-conversion-cached-powers.h
Examining data/icu-68.1/source/i18n/name2uni.h
Examining data/icu-68.1/source/i18n/dtitvinf.cpp
Examining data/icu-68.1/source/i18n/funcrepl.cpp
Examining data/icu-68.1/source/i18n/collationrootelements.cpp
Examining data/icu-68.1/source/i18n/uregexc.cpp
Examining data/icu-68.1/source/i18n/csrecog.h
Examining data/icu-68.1/source/i18n/collationroot.cpp
Examining data/icu-68.1/source/i18n/numparse_impl.h
Examining data/icu-68.1/source/i18n/numsys_impl.h
Examining data/icu-68.1/source/i18n/number_microprops.h
Examining data/icu-68.1/source/i18n/uitercollationiterator.h
Examining data/icu-68.1/source/i18n/unesctrn.h
Examining data/icu-68.1/source/i18n/double-conversion-fast-dtoa.cpp
Examining data/icu-68.1/source/i18n/buddhcal.cpp
Examining data/icu-68.1/source/i18n/shareddateformatsymbols.h
Examining data/icu-68.1/source/i18n/csrsbcs.h
Examining data/icu-68.1/source/i18n/tmutamt.cpp
Examining data/icu-68.1/source/i18n/currpinf.cpp
Examining data/icu-68.1/source/i18n/chnsecal.cpp
Examining data/icu-68.1/source/i18n/ulocdata.cpp
Examining data/icu-68.1/source/i18n/unum.cpp
Examining data/icu-68.1/source/i18n/collationroot.h
Examining data/icu-68.1/source/i18n/rematch.cpp
Examining data/icu-68.1/source/i18n/rulebasedcollator.cpp
Examining data/icu-68.1/source/i18n/astro.h
Examining data/icu-68.1/source/i18n/quant.h
Examining data/icu-68.1/source/i18n/search.cpp
Examining data/icu-68.1/source/i18n/number_mapper.cpp
Examining data/icu-68.1/source/i18n/csr2022.h
Examining data/icu-68.1/source/i18n/rbt_rule.cpp
Examining data/icu-68.1/source/i18n/region.cpp
Examining data/icu-68.1/source/i18n/fmtable.cpp
Examining data/icu-68.1/source/i18n/sharednumberformat.h
Examining data/icu-68.1/source/i18n/uni2name.h
Examining data/icu-68.1/source/i18n/double-conversion-strtod.h
Examining data/icu-68.1/source/i18n/number_decimfmtprops.h
Examining data/icu-68.1/source/i18n/uspoof_impl.h
Examining data/icu-68.1/source/i18n/cecal.h
Examining data/icu-68.1/source/i18n/rbtz.cpp
Examining data/icu-68.1/source/i18n/uspoof.cpp
Examining data/icu-68.1/source/i18n/tzrule.cpp
Examining data/icu-68.1/source/i18n/uspoof_impl.cpp
Examining data/icu-68.1/source/i18n/collunsafe.h
Examining data/icu-68.1/source/i18n/esctrn.cpp
Examining data/icu-68.1/source/i18n/collationweights.cpp
Examining data/icu-68.1/source/i18n/ethpccal.cpp
Examining data/icu-68.1/source/i18n/number_asformat.h
Examining data/icu-68.1/source/i18n/ucol_res.cpp
Examining data/icu-68.1/source/i18n/ucoleitr.cpp
Examining data/icu-68.1/source/i18n/uni2name.cpp
Examining data/icu-68.1/source/i18n/number_utypes.h
Examining data/icu-68.1/source/i18n/numrange_impl.h
Examining data/icu-68.1/source/i18n/measfmt.cpp
Examining data/icu-68.1/source/i18n/csdetect.h
Examining data/icu-68.1/source/i18n/ufieldpositer.cpp
Examining data/icu-68.1/source/i18n/smpdtfst.h
Examining data/icu-68.1/source/i18n/inputext.h
Examining data/icu-68.1/source/i18n/wintzimpl.cpp
Examining data/icu-68.1/source/i18n/scientificnumberformatter.cpp
Examining data/icu-68.1/source/i18n/units_complexconverter.h
Examining data/icu-68.1/source/i18n/coptccal.h
Examining data/icu-68.1/source/i18n/pluralranges.cpp
Examining data/icu-68.1/source/i18n/regextxt.cpp
Examining data/icu-68.1/source/i18n/dtitv_impl.h
Examining data/icu-68.1/source/i18n/csrecog.cpp
Examining data/icu-68.1/source/i18n/nortrans.h
Examining data/icu-68.1/source/i18n/indiancal.cpp
Examining data/icu-68.1/source/i18n/double-conversion-string-to-double.cpp
Examining data/icu-68.1/source/i18n/nfsubs.cpp
Examining data/icu-68.1/source/i18n/units_router.cpp
Examining data/icu-68.1/source/i18n/numparse_decimal.cpp
Examining data/icu-68.1/source/i18n/islamcal.h
Examining data/icu-68.1/source/i18n/collationfcd.h
Examining data/icu-68.1/source/i18n/plurrule.cpp
Examining data/icu-68.1/source/i18n/tznames.cpp
Examining data/icu-68.1/source/i18n/double-conversion-bignum-dtoa.h
Examining data/icu-68.1/source/i18n/calendar.cpp
Examining data/icu-68.1/source/i18n/wintzimpl.h
Examining data/icu-68.1/source/i18n/collationiterator.cpp
Examining data/icu-68.1/source/i18n/double-conversion-double-to-string.h
Examining data/icu-68.1/source/i18n/utf16collationiterator.cpp
Examining data/icu-68.1/source/i18n/coptccal.cpp
Examining data/icu-68.1/source/i18n/chnsecal.h
Examining data/icu-68.1/source/i18n/number_usageprefs.cpp
Examining data/icu-68.1/source/i18n/uregex.cpp
Examining data/icu-68.1/source/i18n/strmatch.cpp
Examining data/icu-68.1/source/i18n/msgfmt.cpp
Examining data/icu-68.1/source/i18n/uitercollationiterator.cpp
Examining data/icu-68.1/source/i18n/selfmt.cpp
Examining data/icu-68.1/source/i18n/ucol.cpp
Examining data/icu-68.1/source/i18n/ucln_in.cpp
Examining data/icu-68.1/source/i18n/anytrans.h
Examining data/icu-68.1/source/i18n/csrucode.cpp
Examining data/icu-68.1/source/i18n/bocsu.cpp
Examining data/icu-68.1/source/i18n/scriptset.h
Examining data/icu-68.1/source/i18n/transreg.h
Examining data/icu-68.1/source/i18n/rbt_rule.h
Examining data/icu-68.1/source/i18n/regexst.cpp
Examining data/icu-68.1/source/i18n/collationdatabuilder.cpp
Examining data/icu-68.1/source/i18n/collationkeys.cpp
Examining data/icu-68.1/source/i18n/csr2022.cpp
Examining data/icu-68.1/source/i18n/rbt.h
Examining data/icu-68.1/source/i18n/string_segment.cpp
Examining data/icu-68.1/source/i18n/unumsys.cpp
Examining data/icu-68.1/source/i18n/collationdatareader.cpp
Examining data/icu-68.1/source/i18n/units_converter.h
Examining data/icu-68.1/source/i18n/japancal.h
Examining data/icu-68.1/source/i18n/uregion.cpp
Examining data/icu-68.1/source/i18n/number_longnames.h
Examining data/icu-68.1/source/i18n/udateintervalformat.cpp
Examining data/icu-68.1/source/i18n/rbt_pars.h
Examining data/icu-68.1/source/i18n/collationsettings.cpp
Examining data/icu-68.1/source/i18n/rbt_data.cpp
Examining data/icu-68.1/source/i18n/number_notation.cpp
Examining data/icu-68.1/source/i18n/numrange_capi.cpp
Examining data/icu-68.1/source/i18n/currfmt.h
Examining data/icu-68.1/source/i18n/regexcmp.cpp
Examining data/icu-68.1/source/i18n/number_multiplier.h
Examining data/icu-68.1/source/i18n/tmunit.cpp
Examining data/icu-68.1/source/i18n/number_decimalquantity.h
Examining data/icu-68.1/source/i18n/double-conversion-bignum-dtoa.cpp
Examining data/icu-68.1/source/i18n/currunit.cpp
Examining data/icu-68.1/source/i18n/double-conversion-utils.h
Examining data/icu-68.1/source/i18n/numparse_parsednumber.cpp
Examining data/icu-68.1/source/i18n/unicode/rbnf.h
Examining data/icu-68.1/source/i18n/unicode/regex.h
Examining data/icu-68.1/source/i18n/unicode/measfmt.h
Examining data/icu-68.1/source/i18n/unicode/unumsys.h
Examining data/icu-68.1/source/i18n/unicode/selfmt.h
Examining data/icu-68.1/source/i18n/unicode/search.h
Examining data/icu-68.1/source/i18n/unicode/ucal.h
Examining data/icu-68.1/source/i18n/unicode/dtrule.h
Examining data/icu-68.1/source/i18n/unicode/coleitr.h
Examining data/icu-68.1/source/i18n/unicode/unirepl.h
Examining data/icu-68.1/source/i18n/unicode/tzrule.h
Examining data/icu-68.1/source/i18n/unicode/basictz.h
Examining data/icu-68.1/source/i18n/unicode/utrans.h
Examining data/icu-68.1/source/i18n/unicode/dtptngen.h
Examining data/icu-68.1/source/i18n/unicode/ucoleitr.h
Examining data/icu-68.1/source/i18n/unicode/calendar.h
Examining data/icu-68.1/source/i18n/unicode/coll.h
Examining data/icu-68.1/source/i18n/unicode/scientificnumberformatter.h
Examining data/icu-68.1/source/i18n/unicode/simpletz.h
Examining data/icu-68.1/source/i18n/unicode/uspoof.h
Examining data/icu-68.1/source/i18n/unicode/numsys.h
Examining data/icu-68.1/source/i18n/unicode/ucsdet.h
Examining data/icu-68.1/source/i18n/unicode/listformatter.h
Examining data/icu-68.1/source/i18n/unicode/numberrangeformatter.h
Examining data/icu-68.1/source/i18n/unicode/curramt.h
Examining data/icu-68.1/source/i18n/unicode/measure.h
Examining data/icu-68.1/source/i18n/unicode/udat.h
Examining data/icu-68.1/source/i18n/unicode/dtitvinf.h
Examining data/icu-68.1/source/i18n/unicode/utmscale.h
Examining data/icu-68.1/source/i18n/unicode/ugender.h
Examining data/icu-68.1/source/i18n/unicode/plurfmt.h
Examining data/icu-68.1/source/i18n/unicode/tmutamt.h
Examining data/icu-68.1/source/i18n/unicode/fmtable.h
Examining data/icu-68.1/source/i18n/unicode/plurrule.h
Examining data/icu-68.1/source/i18n/unicode/sortkey.h
Examining data/icu-68.1/source/i18n/unicode/region.h
Examining data/icu-68.1/source/i18n/unicode/ufieldpositer.h
Examining data/icu-68.1/source/i18n/unicode/dtitvfmt.h
Examining data/icu-68.1/source/i18n/unicode/uformattable.h
Examining data/icu-68.1/source/i18n/unicode/tblcoll.h
Examining data/icu-68.1/source/i18n/unicode/dcfmtsym.h
Examining data/icu-68.1/source/i18n/unicode/msgfmt.h
Examining data/icu-68.1/source/i18n/unicode/tmunit.h
Examining data/icu-68.1/source/i18n/unicode/numberformatter.h
Examining data/icu-68.1/source/i18n/unicode/ucol.h
Examining data/icu-68.1/source/i18n/unicode/usearch.h
Examining data/icu-68.1/source/i18n/unicode/formattedvalue.h
Examining data/icu-68.1/source/i18n/unicode/numfmt.h
Examining data/icu-68.1/source/i18n/unicode/gender.h
Examining data/icu-68.1/source/i18n/unicode/timezone.h
Examining data/icu-68.1/source/i18n/unicode/unumberrangeformatter.h
Examining data/icu-68.1/source/i18n/unicode/stsearch.h
Examining data/icu-68.1/source/i18n/unicode/measunit.h
Examining data/icu-68.1/source/i18n/unicode/tztrans.h
Examining data/icu-68.1/source/i18n/unicode/fpositer.h
Examining data/icu-68.1/source/i18n/unicode/smpdtfmt.h
Examining data/icu-68.1/source/i18n/unicode/choicfmt.h
Examining data/icu-68.1/source/i18n/unicode/ulocdata.h
Examining data/icu-68.1/source/i18n/unicode/tznames.h
Examining data/icu-68.1/source/i18n/unicode/rbtz.h
Examining data/icu-68.1/source/i18n/unicode/umsg.h
Examining data/icu-68.1/source/i18n/unicode/datefmt.h
Examining data/icu-68.1/source/i18n/unicode/unumberformatter.h
Examining data/icu-68.1/source/i18n/unicode/tmutfmt.h
Examining data/icu-68.1/source/i18n/unicode/udateintervalformat.h
Examining data/icu-68.1/source/i18n/unicode/decimfmt.h
Examining data/icu-68.1/source/i18n/unicode/reldatefmt.h
Examining data/icu-68.1/source/i18n/unicode/dtfmtsym.h
Examining data/icu-68.1/source/i18n/unicode/vtzone.h
Examining data/icu-68.1/source/i18n/unicode/tzfmt.h
Examining data/icu-68.1/source/i18n/unicode/udatpg.h
Examining data/icu-68.1/source/i18n/unicode/compactdecimalformat.h
Examining data/icu-68.1/source/i18n/unicode/nounit.h
Examining data/icu-68.1/source/i18n/unicode/gregocal.h
Examining data/icu-68.1/source/i18n/unicode/currpinf.h
Examining data/icu-68.1/source/i18n/unicode/ureldatefmt.h
Examining data/icu-68.1/source/i18n/unicode/uregex.h
Examining data/icu-68.1/source/i18n/unicode/ulistformatter.h
Examining data/icu-68.1/source/i18n/unicode/format.h
Examining data/icu-68.1/source/i18n/unicode/fieldpos.h
Examining data/icu-68.1/source/i18n/unicode/upluralrules.h
Examining data/icu-68.1/source/i18n/unicode/uregion.h
Examining data/icu-68.1/source/i18n/unicode/currunit.h
Examining data/icu-68.1/source/i18n/unicode/uformattedvalue.h
Examining data/icu-68.1/source/i18n/unicode/unum.h
Examining data/icu-68.1/source/i18n/unicode/translit.h
Examining data/icu-68.1/source/i18n/unicode/alphaindex.h
Examining data/icu-68.1/source/i18n/csrucode.h
Examining data/icu-68.1/source/i18n/numparse_compositions.cpp
Examining data/icu-68.1/source/i18n/measure.cpp
Examining data/icu-68.1/source/i18n/tznames_impl.cpp
Examining data/icu-68.1/source/i18n/nfrs.h
Examining data/icu-68.1/source/i18n/collationfastlatin.cpp
Examining data/icu-68.1/source/i18n/numparse_symbols.cpp
Examining data/icu-68.1/source/i18n/numparse_impl.cpp
Examining data/icu-68.1/source/i18n/numrange_fluent.cpp
Examining data/icu-68.1/source/i18n/gregoimp.cpp
Examining data/icu-68.1/source/i18n/collationsets.cpp
Examining data/icu-68.1/source/i18n/tzgnames.h
Examining data/icu-68.1/source/i18n/quant.cpp
Examining data/icu-68.1/source/i18n/numparse_types.h
Examining data/icu-68.1/source/i18n/number_modifiers.cpp
Examining data/icu-68.1/source/i18n/double-conversion-ieee.h
Examining data/icu-68.1/source/i18n/simpletz.cpp
Examining data/icu-68.1/source/i18n/strrepl.cpp
Examining data/icu-68.1/source/i18n/numparse_compositions.h
Examining data/icu-68.1/source/i18n/number_utils.cpp
Examining data/icu-68.1/source/i18n/choicfmt.cpp
Examining data/icu-68.1/source/i18n/number_scientific.cpp
Examining data/icu-68.1/source/i18n/titletrn.h
Examining data/icu-68.1/source/i18n/csrmbcs.h
Examining data/icu-68.1/source/i18n/collationcompare.h
Examining data/icu-68.1/source/i18n/decContext.h
Examining data/icu-68.1/source/i18n/numparse_utils.h
Examining data/icu-68.1/source/i18n/indiancal.h
Examining data/icu-68.1/source/i18n/nfrule.cpp
Examining data/icu-68.1/source/i18n/number_usageprefs.h
Examining data/icu-68.1/source/i18n/persncal.h
Examining data/icu-68.1/source/i18n/alphaindex.cpp
Examining data/icu-68.1/source/i18n/ucol_sit.cpp
Examining data/icu-68.1/source/i18n/collationfastlatinbuilder.cpp
Examining data/icu-68.1/source/i18n/dangical.h
Examining data/icu-68.1/source/i18n/nfrs.cpp
Examining data/icu-68.1/source/i18n/csmatch.h
Examining data/icu-68.1/source/i18n/ztrans.h
Examining data/icu-68.1/source/i18n/winnmfmt.h
Examining data/icu-68.1/source/i18n/brktrans.cpp
Examining data/icu-68.1/source/i18n/numfmt.cpp
Examining data/icu-68.1/source/i18n/quantityformatter.h
Examining data/icu-68.1/source/i18n/collationdatawriter.h
Examining data/icu-68.1/source/i18n/esctrn.h
Examining data/icu-68.1/source/i18n/cecal.cpp
Examining data/icu-68.1/source/i18n/reldtfmt.cpp
Examining data/icu-68.1/source/i18n/numparse_scientific.h
Examining data/icu-68.1/source/i18n/zrule.cpp
Examining data/icu-68.1/source/i18n/number_formatimpl.h
Examining data/icu-68.1/source/i18n/quantityformatter.cpp
Examining data/icu-68.1/source/i18n/regeximp.cpp
Examining data/icu-68.1/source/i18n/olsontz.h
Examining data/icu-68.1/source/i18n/udat.cpp
Examining data/icu-68.1/source/i18n/dtfmtsym.cpp
Examining data/icu-68.1/source/i18n/usrchimp.h
Examining data/icu-68.1/source/i18n/ztrans.cpp
Examining data/icu-68.1/source/i18n/number_modifiers.h
Examining data/icu-68.1/source/i18n/tridpars.cpp
Examining data/icu-68.1/source/i18n/windtfmt.h
Examining data/icu-68.1/source/i18n/numparse_validators.h
Examining data/icu-68.1/source/i18n/double-conversion-fast-dtoa.h
Examining data/icu-68.1/source/i18n/formatted_string_builder.h
Examining data/icu-68.1/source/i18n/number_multiplier.cpp
Examining data/icu-68.1/source/i18n/double-conversion-double-to-string.cpp
Examining data/icu-68.1/source/i18n/vzone.h
Examining data/icu-68.1/source/i18n/number_fluent.cpp
Examining data/icu-68.1/source/i18n/units_data.cpp
Examining data/icu-68.1/source/i18n/string_segment.h
Examining data/icu-68.1/source/i18n/ulistformatter.cpp
Examining data/icu-68.1/source/i18n/number_formatimpl.cpp
Examining data/icu-68.1/source/i18n/udatpg.cpp
Examining data/icu-68.1/source/i18n/astro.cpp
Examining data/icu-68.1/source/i18n/regexcmp.h
Examining data/icu-68.1/source/i18n/formattedval_sbimpl.cpp
Examining data/icu-68.1/source/i18n/rbt_data.h
Examining data/icu-68.1/source/i18n/collationfcd.cpp
Examining data/icu-68.1/source/i18n/number_asformat.cpp
Examining data/icu-68.1/source/i18n/standardplural.cpp
Examining data/icu-68.1/source/i18n/vzone.cpp
Examining data/icu-68.1/source/i18n/collationfastlatin.h
Examining data/icu-68.1/source/i18n/basictz.cpp
Examining data/icu-68.1/source/i18n/collationbuilder.h
Examining data/icu-68.1/source/i18n/number_affixutils.cpp
Examining data/icu-68.1/source/i18n/curramt.cpp
Examining data/icu-68.1/source/i18n/toupptrn.cpp
Examining data/icu-68.1/source/i18n/formattedvalue.cpp
Examining data/icu-68.1/source/i18n/dtptngen_impl.h
Examining data/icu-68.1/source/i18n/number_decnum.h
Examining data/icu-68.1/source/i18n/collationfastlatinbuilder.h
Examining data/icu-68.1/source/i18n/datefmt.cpp
Examining data/icu-68.1/source/i18n/stsearch.cpp
Examining data/icu-68.1/source/i18n/dt_impl.h
Examining data/icu-68.1/source/i18n/csmatch.cpp
Examining data/icu-68.1/source/i18n/number_skeletons.h
Examining data/icu-68.1/source/i18n/toupptrn.h
Examining data/icu-68.1/source/i18n/regeximp.h
Examining data/icu-68.1/source/i18n/sharedbreakiterator.h
Examining data/icu-68.1/source/i18n/nfrule.h
Examining data/icu-68.1/source/i18n/brktrans.h
Examining data/icu-68.1/source/i18n/utf16collationiterator.h
Examining data/icu-68.1/source/i18n/formatted_string_builder.cpp
Examining data/icu-68.1/source/i18n/numrange_impl.cpp
Examining data/icu-68.1/source/i18n/measunit.cpp
Examining data/icu-68.1/source/i18n/number_skeletons.cpp
Examining data/icu-68.1/source/i18n/number_types.h
Examining data/icu-68.1/source/i18n/measunit_impl.h
Examining data/icu-68.1/source/i18n/csdetect.cpp
Examining data/icu-68.1/source/i18n/unesctrn.cpp
Examining data/icu-68.1/source/i18n/persncal.cpp
Examining data/icu-68.1/source/i18n/ethpccal.h
Examining data/icu-68.1/source/i18n/remtrans.cpp
Examining data/icu-68.1/source/i18n/japancal.cpp
Examining data/icu-68.1/source/i18n/zonemeta.cpp
Examining data/icu-68.1/source/i18n/uspoof_build.cpp
Examining data/icu-68.1/source/i18n/decNumber.cpp
Examining data/icu-68.1/source/i18n/listformatter.cpp
Examining data/icu-68.1/source/i18n/casetrn.cpp
Examining data/icu-68.1/source/i18n/coleitr.cpp
Examining data/icu-68.1/source/i18n/tzfmt.cpp
Examining data/icu-68.1/source/i18n/gender.cpp
Examining data/icu-68.1/source/i18n/fmtable_cnv.cpp
Examining data/icu-68.1/source/i18n/tznames_impl.h
Examining data/icu-68.1/source/i18n/numparse_currency.cpp
Examining data/icu-68.1/source/i18n/remtrans.h
Examining data/icu-68.1/source/i18n/numsys.cpp
Examining data/icu-68.1/source/i18n/windtfmt.cpp
Examining data/icu-68.1/source/i18n/numparse_symbols.h
Examining data/icu-68.1/source/i18n/regextxt.h
Examining data/icu-68.1/source/i18n/anytrans.cpp
Examining data/icu-68.1/source/i18n/tztrans.cpp
Examining data/icu-68.1/source/i18n/usearch.cpp
Examining data/icu-68.1/source/i18n/transreg.cpp
Examining data/icu-68.1/source/i18n/rbt_set.cpp
Examining data/icu-68.1/source/i18n/rbnf.cpp
Examining data/icu-68.1/source/i18n/vtzone.cpp
Examining data/icu-68.1/source/i18n/decContext.cpp
Examining data/icu-68.1/source/i18n/collationtailoring.h
Examining data/icu-68.1/source/i18n/scriptset.cpp
Examining data/icu-68.1/source/i18n/islamcal.cpp
Examining data/icu-68.1/source/i18n/collationiterator.h
Examining data/icu-68.1/source/i18n/decNumberLocal.h
Examining data/icu-68.1/source/i18n/number_affixutils.h
Examining data/icu-68.1/source/i18n/number_mapper.h
Examining data/icu-68.1/source/i18n/formattedval_impl.h
Examining data/icu-68.1/source/i18n/collationdata.h
Examining data/icu-68.1/source/i18n/numparse_decimal.h
Examining data/icu-68.1/source/i18n/csrmbcs.cpp
Examining data/icu-68.1/source/i18n/nortrans.cpp
Examining data/icu-68.1/source/i18n/funcrepl.h
Examining data/icu-68.1/source/i18n/number_roundingutils.h
Examining data/icu-68.1/source/i18n/number_compact.cpp
Examining data/icu-68.1/source/i18n/collationkeys.h
Examining data/icu-68.1/source/i18n/translit.cpp
Examining data/icu-68.1/source/i18n/units_data.h
Examining data/icu-68.1/source/i18n/collationweights.h
Examining data/icu-68.1/source/i18n/region_impl.h
Examining data/icu-68.1/source/i18n/pluralranges.h
Examining data/icu-68.1/source/i18n/fphdlimp.h
Examining data/icu-68.1/source/i18n/ucln_in.h
Examining data/icu-68.1/source/i18n/csrsbcs.cpp
Examining data/icu-68.1/source/i18n/utrans.cpp
Examining data/icu-68.1/source/extra/scrptrun/scrptrun.cpp
Examining data/icu-68.1/source/extra/scrptrun/srtest.cpp
Examining data/icu-68.1/source/extra/scrptrun/scrptrun.h
Examining data/icu-68.1/source/extra/uconv/uconv.cpp
Examining data/icu-68.1/source/extra/uconv/unicode/uwmsg.h
Examining data/icu-68.1/source/extra/uconv/uwmsg.c
Examining data/icu-68.1/source/test/letest/testdata.cpp
Examining data/icu-68.1/source/test/letest/cfonts.h
Examining data/icu-68.1/source/test/letest/xmlreader.h
Examining data/icu-68.1/source/test/letest/letest.cpp
Examining data/icu-68.1/source/test/letest/FontTableCache.cpp
Examining data/icu-68.1/source/test/letest/cmaps.h
Examining data/icu-68.1/source/test/letest/SimpleFontInstance.h
Examining data/icu-68.1/source/test/letest/letsutil.cpp
Examining data/icu-68.1/source/test/letest/PortableFontInstance.cpp
Examining data/icu-68.1/source/test/letest/FontObject.cpp
Examining data/icu-68.1/source/test/letest/cletest.c
Examining data/icu-68.1/source/test/letest/PortableFontInstance.h
Examining data/icu-68.1/source/test/letest/xmlreader.cpp
Examining data/icu-68.1/source/test/letest/letest.h
Examining data/icu-68.1/source/test/letest/FontObject.h
Examining data/icu-68.1/source/test/letest/FontTableCache.h
Examining data/icu-68.1/source/test/letest/sfnt.h
Examining data/icu-68.1/source/test/letest/gendata.cpp
Examining data/icu-68.1/source/test/letest/cmaps.cpp
Examining data/icu-68.1/source/test/letest/cfonts.cpp
Examining data/icu-68.1/source/test/letest/SimpleFontInstance.cpp
Examining data/icu-68.1/source/test/letest/letsutil.h
Examining data/icu-68.1/source/test/thaitest/thaitest.cpp
Examining data/icu-68.1/source/test/fuzzer/uloc_canonicalize_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/locale_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/ucasemap_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/uregex_open_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/unicode_string_codepage_create_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/uloc_for_language_tag_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/collator_compare_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/uloc_is_right_to_left_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/locale_util.cpp
Examining data/icu-68.1/source/test/fuzzer/converter_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/break_iterator_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/uloc_get_name_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/collator_rulebased_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/number_format_fuzzer.cpp
Examining data/icu-68.1/source/test/fuzzer/fuzzer_driver.cpp
Examining data/icu-68.1/source/test/fuzzer/fuzzer_utils.h
Examining data/icu-68.1/source/test/fuzzer/locale_util.h
Examining data/icu-68.1/source/test/fuzzer/uloc_open_keywords_fuzzer.cpp
Examining data/icu-68.1/source/test/perf/convperf/data.h
Examining data/icu-68.1/source/test/perf/convperf/convperf.cpp
Examining data/icu-68.1/source/test/perf/convperf/convperf.h
Examining data/icu-68.1/source/test/perf/ucnvavailperf/ucnvavailperf.cpp
Examining data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp
Examining data/icu-68.1/source/test/perf/howExpensiveIs/sieve.cpp
Examining data/icu-68.1/source/test/perf/howExpensiveIs/sieve.h
Examining data/icu-68.1/source/test/perf/strsrchperf/strsrchperf.h
Examining data/icu-68.1/source/test/perf/strsrchperf/strsrchperf.cpp
Examining data/icu-68.1/source/test/perf/normperf/simplenormperf.cpp
Examining data/icu-68.1/source/test/perf/normperf/normperf.cpp
Examining data/icu-68.1/source/test/perf/normperf/normperf.h
Examining data/icu-68.1/source/test/perf/normperf/dtfmtrtperf.cpp
Examining data/icu-68.1/source/test/perf/normperf/dtfmtrtperf.h
Examining data/icu-68.1/source/test/perf/leperf/leperf.cpp
Examining data/icu-68.1/source/test/perf/leperf/cfonts.h
Examining data/icu-68.1/source/test/perf/leperf/xmlreader.h
Examining data/icu-68.1/source/test/perf/leperf/letrperf.cpp
Examining data/icu-68.1/source/test/perf/leperf/FontTableCache.cpp
Examining data/icu-68.1/source/test/perf/leperf/cmaps.h
Examining data/icu-68.1/source/test/perf/leperf/SimpleFontInstance.h
Examining data/icu-68.1/source/test/perf/leperf/PortableFontInstance.cpp
Examining data/icu-68.1/source/test/perf/leperf/FontObject.cpp
Examining data/icu-68.1/source/test/perf/leperf/PortableFontInstance.h
Examining data/icu-68.1/source/test/perf/leperf/xmlreader.cpp
Examining data/icu-68.1/source/test/perf/leperf/FontObject.h
Examining data/icu-68.1/source/test/perf/leperf/FontTableCache.h
Examining data/icu-68.1/source/test/perf/leperf/sfnt.h
Examining data/icu-68.1/source/test/perf/leperf/cmaps.cpp
Examining data/icu-68.1/source/test/perf/leperf/cfonts.cpp
Examining data/icu-68.1/source/test/perf/leperf/SimpleFontInstance.cpp
Examining data/icu-68.1/source/test/perf/collationperf/collperf.cpp
Examining data/icu-68.1/source/test/perf/collperf/collperf.cpp
Examining data/icu-68.1/source/test/perf/utfperf/utfperf.cpp
Examining data/icu-68.1/source/test/perf/ustrperf/stringperf.cpp
Examining data/icu-68.1/source/test/perf/ustrperf/stringperf.h
Examining data/icu-68.1/source/test/perf/usetperf/bitset.h
Examining data/icu-68.1/source/test/perf/usetperf/bitset.cpp
Examining data/icu-68.1/source/test/perf/usetperf/usetperf.cpp
Examining data/icu-68.1/source/test/perf/localecanperf/localecanperf.cpp
Examining data/icu-68.1/source/test/perf/unisetperf/unisetperf.cpp
Examining data/icu-68.1/source/test/perf/unisetperf/draft/unicont.h
Examining data/icu-68.1/source/test/perf/unisetperf/draft/trieset.cpp
Examining data/icu-68.1/source/test/perf/unisetperf/draft/bitset.cpp
Examining data/icu-68.1/source/test/perf/utrie2perf/utrie2perf.cpp
Examining data/icu-68.1/source/test/perf/collperf2/collperf2.cpp
Examining data/icu-68.1/source/test/perf/dicttrieperf/dicttrieperf.cpp
Examining data/icu-68.1/source/test/perf/ubrkperf/ubrkperf.h
Examining data/icu-68.1/source/test/perf/ubrkperf/ubrkperf.cpp
Examining data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp
Examining data/icu-68.1/source/test/perf/charperf/charperf.h
Examining data/icu-68.1/source/test/perf/charperf/charperf.cpp
Examining data/icu-68.1/source/test/perf/DateFmtPerf/breakdata.h
Examining data/icu-68.1/source/test/perf/DateFmtPerf/datedata.h
Examining data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.cpp
Examining data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h
Examining data/icu-68.1/source/test/perf/DateFmtPerf/collationdata.h
Examining data/icu-68.1/source/test/testmap/testmap.c
Examining data/icu-68.1/source/test/intltest/itrbnfp.h
Examining data/icu-68.1/source/test/intltest/caltest.cpp
Examining data/icu-68.1/source/test/intltest/intltest.cpp
Examining data/icu-68.1/source/test/intltest/calcasts.h
Examining data/icu-68.1/source/test/intltest/regiontst.h
Examining data/icu-68.1/source/test/intltest/dcfmtest.h
Examining data/icu-68.1/source/test/intltest/dcfmapts.h
Examining data/icu-68.1/source/test/intltest/pptest.h
Examining data/icu-68.1/source/test/intltest/itrbnfrt.cpp
Examining data/icu-68.1/source/test/intltest/transtst.h
Examining data/icu-68.1/source/test/intltest/v32test.cpp
Examining data/icu-68.1/source/test/intltest/sfwdchit.cpp
Examining data/icu-68.1/source/test/intltest/tsputil.cpp
Examining data/icu-68.1/source/test/intltest/uobjtest.cpp
Examining data/icu-68.1/source/test/intltest/testutil.h
Examining data/icu-68.1/source/test/intltest/rbbitst.h
Examining data/icu-68.1/source/test/intltest/dtfmttst.h
Examining data/icu-68.1/source/test/intltest/ittrans.h
Examining data/icu-68.1/source/test/intltest/miscdtfm.cpp
Examining data/icu-68.1/source/test/intltest/localebuildertest.h
Examining data/icu-68.1/source/test/intltest/idnaconf.cpp
Examining data/icu-68.1/source/test/intltest/tsdtfmsy.cpp
Examining data/icu-68.1/source/test/intltest/dtfmapts.h
Examining data/icu-68.1/source/test/intltest/regcoll.h
Examining data/icu-68.1/source/test/intltest/testidna.h
Examining data/icu-68.1/source/test/intltest/quantityformattertest.cpp
Examining data/icu-68.1/source/test/intltest/winnmtst.cpp
Examining data/icu-68.1/source/test/intltest/usettest.cpp
Examining data/icu-68.1/source/test/intltest/testidn.cpp
Examining data/icu-68.1/source/test/intltest/windttst.h
Examining data/icu-68.1/source/test/intltest/usettest.h
Examining data/icu-68.1/source/test/intltest/icusvtst.h
Examining data/icu-68.1/source/test/intltest/itercoll.h
Examining data/icu-68.1/source/test/intltest/nmfmapts.cpp
Examining data/icu-68.1/source/test/intltest/ucdtest.cpp
Examining data/icu-68.1/source/test/intltest/measfmttest.cpp
Examining data/icu-68.1/source/test/intltest/plurfmts.h
Examining data/icu-68.1/source/test/intltest/tsnmfmt.h
Examining data/icu-68.1/source/test/intltest/ustrtest.cpp
Examining data/icu-68.1/source/test/intltest/apicoll.h
Examining data/icu-68.1/source/test/intltest/citrtest.cpp
Examining data/icu-68.1/source/test/intltest/caltestdata.h
Examining data/icu-68.1/source/test/intltest/tsmthred.cpp
Examining data/icu-68.1/source/test/intltest/transrt.h
Examining data/icu-68.1/source/test/intltest/testutil.cpp
Examining data/icu-68.1/source/test/intltest/tztest.h
Examining data/icu-68.1/source/test/intltest/uts46test.cpp
Examining data/icu-68.1/source/test/intltest/rbbiapts.h
Examining data/icu-68.1/source/test/intltest/tufmtts.cpp
Examining data/icu-68.1/source/test/intltest/restest.h
Examining data/icu-68.1/source/test/intltest/dtptngts.cpp
Examining data/icu-68.1/source/test/intltest/strcase.cpp
Examining data/icu-68.1/source/test/intltest/ucaconf.cpp
Examining data/icu-68.1/source/test/intltest/units_test.cpp
Examining data/icu-68.1/source/test/intltest/scientificnumberformattertest.cpp
Examining data/icu-68.1/source/test/intltest/ssearch.h
Examining data/icu-68.1/source/test/intltest/erarulestest.cpp
Examining data/icu-68.1/source/test/intltest/winutil.h
Examining data/icu-68.1/source/test/intltest/units_router_test.cpp
Examining data/icu-68.1/source/test/intltest/listformattertest.h
Examining data/icu-68.1/source/test/intltest/ucaconf.h
Examining data/icu-68.1/source/test/intltest/tsdtfmsy.h
Examining data/icu-68.1/source/test/intltest/lcukocol.h
Examining data/icu-68.1/source/test/intltest/callimts.cpp
Examining data/icu-68.1/source/test/intltest/jacoll.h
Examining data/icu-68.1/source/test/intltest/reptest.h
Examining data/icu-68.1/source/test/intltest/caltztst.h
Examining data/icu-68.1/source/test/intltest/tsmthred.h
Examining data/icu-68.1/source/test/intltest/itutil.cpp
Examining data/icu-68.1/source/test/intltest/formatted_string_builder_test.cpp
Examining data/icu-68.1/source/test/intltest/msfmrgts.h
Examining data/icu-68.1/source/test/intltest/sdtfmtts.h
Examining data/icu-68.1/source/test/intltest/tzfmttst.cpp
Examining data/icu-68.1/source/test/intltest/tsdcfmsy.cpp
Examining data/icu-68.1/source/test/intltest/ficoll.cpp
Examining data/icu-68.1/source/test/intltest/caltztst.cpp
Examining data/icu-68.1/source/test/intltest/transapi.cpp
Examining data/icu-68.1/source/test/intltest/itformat.h
Examining data/icu-68.1/source/test/intltest/apicoll.cpp
Examining data/icu-68.1/source/test/intltest/uobjtest.h
Examining data/icu-68.1/source/test/intltest/restsnew.cpp
Examining data/icu-68.1/source/test/intltest/tzfmttst.h
Examining data/icu-68.1/source/test/intltest/tstnorm.h
Examining data/icu-68.1/source/test/intltest/sdtfmtts.cpp
Examining data/icu-68.1/source/test/intltest/calcasts.cpp
Examining data/icu-68.1/source/test/intltest/tmsgfmt.h
Examining data/icu-68.1/source/test/intltest/winutil.cpp
Examining data/icu-68.1/source/test/intltest/nptrans.cpp
Examining data/icu-68.1/source/test/intltest/incaltst.cpp
Examining data/icu-68.1/source/test/intltest/localematchertest.cpp
Examining data/icu-68.1/source/test/intltest/utxttest.h
Examining data/icu-68.1/source/test/intltest/ustrtest.h
Examining data/icu-68.1/source/test/intltest/decoll.cpp
Examining data/icu-68.1/source/test/intltest/regiontst.cpp
Examining data/icu-68.1/source/test/intltest/itmajor.h
Examining data/icu-68.1/source/test/intltest/incaltst.h
Examining data/icu-68.1/source/test/intltest/numfmtdatadriventest.cpp
Examining data/icu-68.1/source/test/intltest/calregts.h
Examining data/icu-68.1/source/test/intltest/jamotest.h
Examining data/icu-68.1/source/test/intltest/callimts.h
Examining data/icu-68.1/source/test/intltest/formattedvaluetest.cpp
Examining data/icu-68.1/source/test/intltest/dtfmtrtts.h
Examining data/icu-68.1/source/test/intltest/tstnrapi.cpp
Examining data/icu-68.1/source/test/intltest/strtest.h
Examining data/icu-68.1/source/test/intltest/unifiedcachetest.cpp
Examining data/icu-68.1/source/test/intltest/dcfmtest.cpp
Examining data/icu-68.1/source/test/intltest/transrt.cpp
Examining data/icu-68.1/source/test/intltest/numfmtst.h
Examining data/icu-68.1/source/test/intltest/miscdtfm.h
Examining data/icu-68.1/source/test/intltest/dadrfmt.cpp
Examining data/icu-68.1/source/test/intltest/canittst.h
Examining data/icu-68.1/source/test/intltest/itrbnf.h
Examining data/icu-68.1/source/test/intltest/frcoll.h
Examining data/icu-68.1/source/test/intltest/bidiconf.cpp
Examining data/icu-68.1/source/test/intltest/itrbnfrt.h
Examining data/icu-68.1/source/test/intltest/tscoll.h
Examining data/icu-68.1/source/test/intltest/windttst.cpp
Examining data/icu-68.1/source/test/intltest/currcoll.cpp
Examining data/icu-68.1/source/test/intltest/tsnmfmt.cpp
Examining data/icu-68.1/source/test/intltest/tfsmalls.h
Examining data/icu-68.1/source/test/intltest/tmsgfmt.cpp
Examining data/icu-68.1/source/test/intltest/escoll.h
Examining data/icu-68.1/source/test/intltest/transapi.h
Examining data/icu-68.1/source/test/intltest/reldatefmttest.cpp
Examining data/icu-68.1/source/test/intltest/aliastst.h
Examining data/icu-68.1/source/test/intltest/string_segment_test.cpp
Examining data/icu-68.1/source/test/intltest/astrotst.cpp
Examining data/icu-68.1/source/test/intltest/locnmtst.cpp
Examining data/icu-68.1/source/test/intltest/convtest.cpp
Examining data/icu-68.1/source/test/intltest/trnserr.cpp
Examining data/icu-68.1/source/test/intltest/ficoll.h
Examining data/icu-68.1/source/test/intltest/nmfmtrt.cpp
Examining data/icu-68.1/source/test/intltest/dtfmttst.cpp
Examining data/icu-68.1/source/test/intltest/cpdtrtst.h
Examining data/icu-68.1/source/test/intltest/dtfmrgts.cpp
Examining data/icu-68.1/source/test/intltest/numbertest.h
Examining data/icu-68.1/source/test/intltest/svccoll.cpp
Examining data/icu-68.1/source/test/intltest/locnmtst.h
Examining data/icu-68.1/source/test/intltest/mnkytst.cpp
Examining data/icu-68.1/source/test/intltest/transtst.cpp
Examining data/icu-68.1/source/test/intltest/itmajor.cpp
Examining data/icu-68.1/source/test/intltest/rbbitst.cpp
Examining data/icu-68.1/source/test/intltest/regextst.cpp
Examining data/icu-68.1/source/test/intltest/ucharstrietest.cpp
Examining data/icu-68.1/source/test/intltest/numbertest_patternstring.cpp
Examining data/icu-68.1/source/test/intltest/listformattertest.cpp
Examining data/icu-68.1/source/test/intltest/dadrcal.cpp
Examining data/icu-68.1/source/test/intltest/colldata.cpp
Examining data/icu-68.1/source/test/intltest/datadrivennumberformattestsuite.h
Examining data/icu-68.1/source/test/intltest/simpleformattertest.cpp
Examining data/icu-68.1/source/test/intltest/pluralmaptest.cpp
Examining data/icu-68.1/source/test/intltest/trcoll.cpp
Examining data/icu-68.1/source/test/intltest/genderinfotest.cpp
Examining data/icu-68.1/source/test/intltest/restsnew.h
Examining data/icu-68.1/source/test/intltest/tsdate.cpp
Examining data/icu-68.1/source/test/intltest/encoll.cpp
Examining data/icu-68.1/source/test/intltest/csdetest.h
Examining data/icu-68.1/source/test/intltest/ucdtest.h
Examining data/icu-68.1/source/test/intltest/mnkytst.h
Examining data/icu-68.1/source/test/intltest/tscoll.cpp
Examining data/icu-68.1/source/test/intltest/g7coll.cpp
Examining data/icu-68.1/source/test/intltest/dtptngts.h
Examining data/icu-68.1/source/test/intltest/tztest.cpp
Examining data/icu-68.1/source/test/intltest/trnserr.h
Examining data/icu-68.1/source/test/intltest/numrgts.cpp
Examining data/icu-68.1/source/test/intltest/numbertest_modifiers.cpp
Examining data/icu-68.1/source/test/intltest/tzrulets.cpp
Examining data/icu-68.1/source/test/intltest/numberformattesttuple.cpp
Examining data/icu-68.1/source/test/intltest/regcoll.cpp
Examining data/icu-68.1/source/test/intltest/dtfmrgts.h
Examining data/icu-68.1/source/test/intltest/aliastst.cpp
Examining data/icu-68.1/source/test/intltest/simplethread.cpp
Examining data/icu-68.1/source/test/intltest/ssearch.cpp
Examining data/icu-68.1/source/test/intltest/allcoll.h
Examining data/icu-68.1/source/test/intltest/numfmtspectest.cpp
Examining data/icu-68.1/source/test/intltest/tzrulets.h
Examining data/icu-68.1/source/test/intltest/itrbbi.cpp
Examining data/icu-68.1/source/test/intltest/colldata.h
Examining data/icu-68.1/source/test/intltest/dtfmapts.cpp
Examining data/icu-68.1/source/test/intltest/idnaconf.h
Examining data/icu-68.1/source/test/intltest/numbertest_api.cpp
Examining data/icu-68.1/source/test/intltest/reptest.cpp
Examining data/icu-68.1/source/test/intltest/tzregts.h
Examining data/icu-68.1/source/test/intltest/idnaref.h
Examining data/icu-68.1/source/test/intltest/srchtest.h
Examining data/icu-68.1/source/test/intltest/itformat.cpp
Examining data/icu-68.1/source/test/intltest/rbbiapts.cpp
Examining data/icu-68.1/source/test/intltest/itspoof.h
Examining data/icu-68.1/source/test/intltest/punyref.h
Examining data/icu-68.1/source/test/intltest/plurults.h
Examining data/icu-68.1/source/test/intltest/convtest.h
Examining data/icu-68.1/source/test/intltest/dtfmtrtts.cpp
Examining data/icu-68.1/source/test/intltest/normconf.cpp
Examining data/icu-68.1/source/test/intltest/citrtest.h
Examining data/icu-68.1/source/test/intltest/normconf.h
Examining data/icu-68.1/source/test/intltest/compactdecimalformattest.cpp
Examining data/icu-68.1/source/test/intltest/thcoll.h
Examining data/icu-68.1/source/test/intltest/frcoll.cpp
Examining data/icu-68.1/source/test/intltest/dadrcal.h
Examining data/icu-68.1/source/test/intltest/thcoll.cpp
Examining data/icu-68.1/source/test/intltest/tchcfmt.h
Examining data/icu-68.1/source/test/intltest/selfmts.cpp
Examining data/icu-68.1/source/test/intltest/collationtest.cpp
Examining data/icu-68.1/source/test/intltest/restest.cpp
Examining data/icu-68.1/source/test/intltest/tzoffloc.h
Examining data/icu-68.1/source/test/intltest/utxttest.cpp
Examining data/icu-68.1/source/test/intltest/tsdate.h
Examining data/icu-68.1/source/test/intltest/numbertest_decimalquantity.cpp
Examining data/icu-68.1/source/test/intltest/caltest.h
Examining data/icu-68.1/source/test/intltest/numbertest_doubleconversion.cpp
Examining data/icu-68.1/source/test/intltest/loctest.h
Examining data/icu-68.1/source/test/intltest/jamotest.cpp
Examining data/icu-68.1/source/test/intltest/testidna.cpp
Examining data/icu-68.1/source/test/intltest/textfile.cpp
Examining data/icu-68.1/source/test/intltest/rbbimonkeytest.h
Examining data/icu-68.1/source/test/intltest/dcfmapts.cpp
Examining data/icu-68.1/source/test/intltest/icusvtst.cpp
Examining data/icu-68.1/source/test/intltest/nmfmtrt.h
Examining data/icu-68.1/source/test/intltest/numrgts.h
Examining data/icu-68.1/source/test/intltest/decoll.h
Examining data/icu-68.1/source/test/intltest/csdetest.cpp
Examining data/icu-68.1/source/test/intltest/punyref.cpp
Examining data/icu-68.1/source/test/intltest/currcoll.h
Examining data/icu-68.1/source/test/intltest/msfmrgts.cpp
Examining data/icu-68.1/source/test/intltest/fldset.cpp
Examining data/icu-68.1/source/test/intltest/svccoll.h
Examining data/icu-68.1/source/test/intltest/localebuildertest.cpp
Examining data/icu-68.1/source/test/intltest/escoll.cpp
Examining data/icu-68.1/source/test/intltest/numfmtst.cpp
Examining data/icu-68.1/source/test/intltest/loctest.cpp
Examining data/icu-68.1/source/test/intltest/tsdcfmsy.h
Examining data/icu-68.1/source/test/intltest/tsputil.h
Examining data/icu-68.1/source/test/intltest/rbbimonkeytest.cpp
Examining data/icu-68.1/source/test/intltest/itrbnf.cpp
Examining data/icu-68.1/source/test/intltest/ittrans.cpp
Examining data/icu-68.1/source/test/intltest/tchcfmt.cpp
Examining data/icu-68.1/source/test/intltest/numbertest_range.cpp
Examining data/icu-68.1/source/test/intltest/erarulestest.h
Examining data/icu-68.1/source/test/intltest/itutil.h
Examining data/icu-68.1/source/test/intltest/tokiter.cpp
Examining data/icu-68.1/source/test/intltest/bytestrietest.cpp
Examining data/icu-68.1/source/test/intltest/tokiter.h
Examining data/icu-68.1/source/test/intltest/numbertest_permutation.cpp
Examining data/icu-68.1/source/test/intltest/numbertest_parse.cpp
Examining data/icu-68.1/source/test/intltest/itspoof.cpp
Examining data/icu-68.1/source/test/intltest/tfsmalls.cpp
Examining data/icu-68.1/source/test/intltest/tzbdtest.h
Examining data/icu-68.1/source/test/intltest/static_unisets_test.cpp
Examining data/icu-68.1/source/test/intltest/encoll.h
Examining data/icu-68.1/source/test/intltest/tzbdtest.cpp
Examining data/icu-68.1/source/test/intltest/lcukocol.cpp
Examining data/icu-68.1/source/test/intltest/tstnorm.cpp
Examining data/icu-68.1/source/test/intltest/plurults.cpp
Examining data/icu-68.1/source/test/intltest/srchtest.cpp
Examining data/icu-68.1/source/test/intltest/calregts.cpp
Examining data/icu-68.1/source/test/intltest/alphaindextst.cpp
Examining data/icu-68.1/source/test/intltest/nptrans.h
Examining data/icu-68.1/source/test/intltest/simplethread.h
Examining data/icu-68.1/source/test/intltest/itrbnfp.cpp
Examining data/icu-68.1/source/test/intltest/plurfmts.cpp
Examining data/icu-68.1/source/test/intltest/astrotst.h
Examining data/icu-68.1/source/test/intltest/trcoll.h
Examining data/icu-68.1/source/test/intltest/numberformattesttuple.h
Examining data/icu-68.1/source/test/intltest/regextst.h
Examining data/icu-68.1/source/test/intltest/itercoll.cpp
Examining data/icu-68.1/source/test/intltest/datadrivennumberformattestsuite.cpp
Examining data/icu-68.1/source/test/intltest/winnmtst.h
Examining data/icu-68.1/source/test/intltest/uvectest.h
Examining data/icu-68.1/source/test/intltest/pptest.cpp
Examining data/icu-68.1/source/test/intltest/dadrfmt.h
Examining data/icu-68.1/source/test/intltest/textfile.h
Examining data/icu-68.1/source/test/intltest/tzoffloc.cpp
Examining data/icu-68.1/source/test/intltest/g7coll.h
Examining data/icu-68.1/source/test/intltest/units_data_test.cpp
Examining data/icu-68.1/source/test/intltest/allcoll.cpp
Examining data/icu-68.1/source/test/intltest/numbertest_skeletons.cpp
Examining data/icu-68.1/source/test/intltest/itrbbi.h
Examining data/icu-68.1/source/test/intltest/dtifmtts.cpp
Examining data/icu-68.1/source/test/intltest/sfwdchit.h
Examining data/icu-68.1/source/test/intltest/fldset.h
Examining data/icu-68.1/source/test/intltest/dtifmtts.h
Examining data/icu-68.1/source/test/intltest/idnaref.cpp
Examining data/icu-68.1/source/test/intltest/cpdtrtst.cpp
Examining data/icu-68.1/source/test/intltest/canittst.cpp
Examining data/icu-68.1/source/test/intltest/v32test.h
Examining data/icu-68.1/source/test/intltest/numbertest_patternmodifier.cpp
Examining data/icu-68.1/source/test/intltest/tzregts.cpp
Examining data/icu-68.1/source/test/intltest/intltest.h
Examining data/icu-68.1/source/test/intltest/jacoll.cpp
Examining data/icu-68.1/source/test/intltest/strtest.cpp
Examining data/icu-68.1/source/test/intltest/selfmts.h
Examining data/icu-68.1/source/test/intltest/uvectest.cpp
Examining data/icu-68.1/source/test/intltest/nmfmapts.h
Examining data/icu-68.1/source/test/intltest/alphaindextst.h
Examining data/icu-68.1/source/test/intltest/numbertest_affixutils.cpp
Examining data/icu-68.1/source/test/iotest/iotest.cpp
Examining data/icu-68.1/source/test/iotest/trnstst.c
Examining data/icu-68.1/source/test/iotest/stream.cpp
Examining data/icu-68.1/source/test/iotest/filetst.c
Examining data/icu-68.1/source/test/iotest/iotest.h
Examining data/icu-68.1/source/test/iotest/strtst.c
Examining data/icu-68.1/source/test/cintltst/unumberrangeformattertst.c
Examining data/icu-68.1/source/test/cintltst/callcoll.c
Examining data/icu-68.1/source/test/cintltst/cnmdptst.c
Examining data/icu-68.1/source/test/cintltst/cloctst.h
Examining data/icu-68.1/source/test/cintltst/cestst.c
Examining data/icu-68.1/source/test/cintltst/crestst.c
Examining data/icu-68.1/source/test/cintltst/cposxtst.c
Examining data/icu-68.1/source/test/cintltst/cmsgtst.c
Examining data/icu-68.1/source/test/cintltst/callcoll.h
Examining data/icu-68.1/source/test/cintltst/ucnvseltst.c
Examining data/icu-68.1/source/test/cintltst/citertst.c
Examining data/icu-68.1/source/test/cintltst/ucnvseltst.h
Examining data/icu-68.1/source/test/cintltst/nccbtst.h
Examining data/icu-68.1/source/test/cintltst/nfsprep.c
Examining data/icu-68.1/source/test/cintltst/cintltst.c
Examining data/icu-68.1/source/test/cintltst/uenumtst.c
Examining data/icu-68.1/source/test/cintltst/cnormtst.c
Examining data/icu-68.1/source/test/cintltst/nucnvtst.c
Examining data/icu-68.1/source/test/cintltst/cjaptst.h
Examining data/icu-68.1/source/test/cintltst/uformattedvaluetst.c
Examining data/icu-68.1/source/test/cintltst/crestst.h
Examining data/icu-68.1/source/test/cintltst/cdattst.c
Examining data/icu-68.1/source/test/cintltst/trietest.c
Examining data/icu-68.1/source/test/cintltst/cdtdptst.h
Examining data/icu-68.1/source/test/cintltst/cintltst.h
Examining data/icu-68.1/source/test/cintltst/cucdtst.c
Examining data/icu-68.1/source/test/cintltst/ccaltst.h
Examining data/icu-68.1/source/test/cintltst/unumberformattertst.c
Examining data/icu-68.1/source/test/cintltst/cnumtst.h
Examining data/icu-68.1/source/test/cintltst/cbkittst.c
Examining data/icu-68.1/source/test/cintltst/cdetst.h
Examining data/icu-68.1/source/test/cintltst/ncnvfbts.h
Examining data/icu-68.1/source/test/cintltst/cg7coll.c
Examining data/icu-68.1/source/test/cintltst/eurocreg.c
Examining data/icu-68.1/source/test/cintltst/ccapitst.c
Examining data/icu-68.1/source/test/cintltst/cgendtst.c
Examining data/icu-68.1/source/test/cintltst/cloctst.c
Examining data/icu-68.1/source/test/cintltst/cformtst.h
Examining data/icu-68.1/source/test/cintltst/cbiapts.h
Examining data/icu-68.1/source/test/cintltst/cmsccoll.c
Examining data/icu-68.1/source/test/cintltst/cfintst.c
Examining data/icu-68.1/source/test/cintltst/ncnvfbts.c
Examining data/icu-68.1/source/test/cintltst/sorttest.c
Examining data/icu-68.1/source/test/cintltst/cdtdptst.c
Examining data/icu-68.1/source/test/cintltst/cnormtst.h
Examining data/icu-68.1/source/test/cintltst/ucsdetst.c
Examining data/icu-68.1/source/test/cintltst/cdattst.h
Examining data/icu-68.1/source/test/cintltst/creststn.h
Examining data/icu-68.1/source/test/cintltst/reapits.c
Examining data/icu-68.1/source/test/cintltst/citertst.h
Examining data/icu-68.1/source/test/cintltst/cfintst.h
Examining data/icu-68.1/source/test/cintltst/spooftest.c
Examining data/icu-68.1/source/test/cintltst/cbiapts.c
Examining data/icu-68.1/source/test/cintltst/ccurrtst.c
Examining data/icu-68.1/source/test/cintltst/ccapitst.h
Examining data/icu-68.1/source/test/cintltst/cucdapi.c
Examining data/icu-68.1/source/test/cintltst/udatatst.c
Examining data/icu-68.1/source/test/cintltst/cturtst.h
Examining data/icu-68.1/source/test/cintltst/cbiditransformtst.c
Examining data/icu-68.1/source/test/cintltst/cdateintervalformattest.c
Examining data/icu-68.1/source/test/cintltst/calldata.h
Examining data/icu-68.1/source/test/cintltst/bocu1tst.c
Examining data/icu-68.1/source/test/cintltst/cconvtst.c
Examining data/icu-68.1/source/test/cintltst/cstrcase.c
Examining data/icu-68.1/source/test/cintltst/cucdapi.h
Examining data/icu-68.1/source/test/cintltst/utf8tst.c
Examining data/icu-68.1/source/test/cintltst/cnumtst.c
Examining data/icu-68.1/source/test/cintltst/ncnvtst.c
Examining data/icu-68.1/source/test/cintltst/cpluralrulestest.c
Examining data/icu-68.1/source/test/cintltst/cctest.c
Examining data/icu-68.1/source/test/cintltst/tracetst.c
Examining data/icu-68.1/source/test/cintltst/ulistfmttest.c
Examining data/icu-68.1/source/test/cintltst/utf16tst.c
Examining data/icu-68.1/source/test/cintltst/cg7coll.h
Examining data/icu-68.1/source/test/cintltst/putiltst.c
Examining data/icu-68.1/source/test/cintltst/cdtrgtst.h
Examining data/icu-68.1/source/test/cintltst/cutiltst.c
Examining data/icu-68.1/source/test/cintltst/usrchdat.c
Examining data/icu-68.1/source/test/cintltst/utmstest.c
Examining data/icu-68.1/source/test/cintltst/crelativedateformattest.c
Examining data/icu-68.1/source/test/cintltst/spreptst.c
Examining data/icu-68.1/source/test/cintltst/stdnmtst.c
Examining data/icu-68.1/source/test/cintltst/cbididat.c
Examining data/icu-68.1/source/test/cintltst/nucnvtst.h
Examining data/icu-68.1/source/test/cintltst/cfrtst.h
Examining data/icu-68.1/source/test/cintltst/usettest.c
Examining data/icu-68.1/source/test/cintltst/utransts.c
Examining data/icu-68.1/source/test/cintltst/ccolltst.h
Examining data/icu-68.1/source/test/cintltst/currtest.c
Examining data/icu-68.1/source/test/cintltst/cjaptst.c
Examining data/icu-68.1/source/test/cintltst/sprpdata.c
Examining data/icu-68.1/source/test/cintltst/cldrtest.c
Examining data/icu-68.1/source/test/cintltst/nccbtst.c
Examining data/icu-68.1/source/test/cintltst/nfsprep.h
Examining data/icu-68.1/source/test/cintltst/idnatest.c
Examining data/icu-68.1/source/test/cintltst/encoll.h
Examining data/icu-68.1/source/test/cintltst/cmsgtst.h
Examining data/icu-68.1/source/test/cintltst/cbiditst.c
Examining data/icu-68.1/source/test/cintltst/cnmdptst.h
Examining data/icu-68.1/source/test/cintltst/encoll.c
Examining data/icu-68.1/source/test/cintltst/uregiontest.c
Examining data/icu-68.1/source/test/cintltst/cformtst.c
Examining data/icu-68.1/source/test/cintltst/hpmufn.c
Examining data/icu-68.1/source/test/cintltst/trie2test.c
Examining data/icu-68.1/source/test/cintltst/custrtrn.c
Examining data/icu-68.1/source/test/cintltst/capitst.h
Examining data/icu-68.1/source/test/cintltst/capitst.c
Examining data/icu-68.1/source/test/cintltst/udatpg_test.c
Examining data/icu-68.1/source/test/cintltst/cstrtest.c
Examining data/icu-68.1/source/test/cintltst/cdetst.c
Examining data/icu-68.1/source/test/cintltst/ccaltst.c
Examining data/icu-68.1/source/test/cintltst/usrchtst.c
Examining data/icu-68.1/source/test/cintltst/ccolltst.c
Examining data/icu-68.1/source/test/cintltst/cfrtst.c
Examining data/icu-68.1/source/test/cintltst/chashtst.c
Examining data/icu-68.1/source/test/cintltst/creststn.c
Examining data/icu-68.1/source/test/cintltst/cdtrgtst.c
Examining data/icu-68.1/source/test/cintltst/cestst.h
Examining data/icu-68.1/source/test/cintltst/custrtst.c
Examining data/icu-68.1/source/test/cintltst/calltest.c
Examining data/icu-68.1/source/test/cintltst/cturtst.c
Examining data/icu-68.1/source/test/cintltst/ucptrietest.c
Examining data/icu-68.1/source/test/cintltst/cbiditst.h
Examining data/icu-68.1/source/test/cintltst/utexttst.c
Examining data/icu-68.1/source/test/cintltst/ccurrtst.h
Examining data/icu-68.1/source/test/compat/tzdate.c
Examining data/icu-68.1/source/stubdata/stubdata.cpp
Examining data/icu-68.1/source/layoutex/ParagraphLayout.cpp
Examining data/icu-68.1/source/layoutex/LXUtilities.cpp
Examining data/icu-68.1/source/layoutex/RunArrays.cpp
Examining data/icu-68.1/source/layoutex/LXUtilities.h
Examining data/icu-68.1/source/layoutex/layout/RunArrays.h
Examining data/icu-68.1/source/layoutex/layout/playout.h
Examining data/icu-68.1/source/layoutex/layout/ParagraphLayout.h
Examining data/icu-68.1/source/layoutex/layout/plruns.h
Examining data/icu-68.1/source/layoutex/plruns.cpp
Examining data/icu-68.1/source/layoutex/playout.cpp
Examining data/icu-68.1/source/common/capi_helper.h
Examining data/icu-68.1/source/common/uprops.h
Examining data/icu-68.1/source/common/parsepos.cpp
Examining data/icu-68.1/source/common/localematcher.cpp
Examining data/icu-68.1/source/common/util_props.cpp
Examining data/icu-68.1/source/common/uhash.h
Examining data/icu-68.1/source/common/uresimp.h
Examining data/icu-68.1/source/common/cstr.h
Examining data/icu-68.1/source/common/ubidi.cpp
Examining data/icu-68.1/source/common/uchar_props_data.h
Examining data/icu-68.1/source/common/unistr_case.cpp
Examining data/icu-68.1/source/common/servnotf.cpp
Examining data/icu-68.1/source/common/resource.cpp
Examining data/icu-68.1/source/common/dictionarydata.cpp
Examining data/icu-68.1/source/common/util.cpp
Examining data/icu-68.1/source/common/ucnv_ext.h
Examining data/icu-68.1/source/common/locdistance.cpp
Examining data/icu-68.1/source/common/udatamem.cpp
Examining data/icu-68.1/source/common/bmpset.h
Examining data/icu-68.1/source/common/stringtriebuilder.cpp
Examining data/icu-68.1/source/common/rbbisetb.cpp
Examining data/icu-68.1/source/common/restrace.cpp
Examining data/icu-68.1/source/common/pluralmap.cpp
Examining data/icu-68.1/source/common/static_unicode_sets.cpp
Examining data/icu-68.1/source/common/uelement.h
Examining data/icu-68.1/source/common/ucnvsel.cpp
Examining data/icu-68.1/source/common/brkeng.h
Examining data/icu-68.1/source/common/ucnvdisp.cpp
Examining data/icu-68.1/source/common/cwchar.h
Examining data/icu-68.1/source/common/uniset_closure.cpp
Examining data/icu-68.1/source/common/cmemory.h
Examining data/icu-68.1/source/common/uvectr64.cpp
Examining data/icu-68.1/source/common/ucmndata.cpp
Examining data/icu-68.1/source/common/utrie.cpp
Examining data/icu-68.1/source/common/usprep.cpp
Examining data/icu-68.1/source/common/msvcres.h
Examining data/icu-68.1/source/common/ucnvmbcs.cpp
Examining data/icu-68.1/source/common/ubidiln.cpp
Examining data/icu-68.1/source/common/umapfile.h
Examining data/icu-68.1/source/common/uts46.cpp
Examining data/icu-68.1/source/common/uchar.cpp
Examining data/icu-68.1/source/common/resbund_cnv.cpp
Examining data/icu-68.1/source/common/utrie2_impl.h
Examining data/icu-68.1/source/common/locdspnm.cpp
Examining data/icu-68.1/source/common/ustr_cnv.h
Examining data/icu-68.1/source/common/uinvchar.h
Examining data/icu-68.1/source/common/sprpimpl.h
Examining data/icu-68.1/source/common/ucasemap_titlecase_brkiter.cpp
Examining data/icu-68.1/source/common/uidna.cpp
Examining data/icu-68.1/source/common/ustr_titlecase_brkiter.cpp
Examining data/icu-68.1/source/common/localeprioritylist.cpp
Examining data/icu-68.1/source/common/stringpiece.cpp
Examining data/icu-68.1/source/common/ucnv_io.cpp
Examining data/icu-68.1/source/common/ucnvhz.cpp
Examining data/icu-68.1/source/common/ucnv_cnv.cpp
Examining data/icu-68.1/source/common/ureslocs.h
Examining data/icu-68.1/source/common/ucln_imp.h
Examining data/icu-68.1/source/common/locmap.cpp
Examining data/icu-68.1/source/common/locmap.h
Examining data/icu-68.1/source/common/locbased.cpp
Examining data/icu-68.1/source/common/propsvec.h
Examining data/icu-68.1/source/common/uinvchar.cpp
Examining data/icu-68.1/source/common/uenum.cpp
Examining data/icu-68.1/source/common/loadednormalizer2impl.cpp
Examining data/icu-68.1/source/common/messageimpl.h
Examining data/icu-68.1/source/common/locbased.h
Examining data/icu-68.1/source/common/umutablecptrie.cpp
Examining data/icu-68.1/source/common/uprops.cpp
Examining data/icu-68.1/source/common/rbbistbl.cpp
Examining data/icu-68.1/source/common/resource.h
Examining data/icu-68.1/source/common/unisetspan.cpp
Examining data/icu-68.1/source/common/rbbisetb.h
Examining data/icu-68.1/source/common/charstrmap.h
Examining data/icu-68.1/source/common/icuplugimp.h
Examining data/icu-68.1/source/common/unormimp.h
Examining data/icu-68.1/source/common/mutex.h
Examining data/icu-68.1/source/common/utrie2_builder.cpp
Examining data/icu-68.1/source/common/umapfile.cpp
Examining data/icu-68.1/source/common/unorm.cpp
Examining data/icu-68.1/source/common/uhash_us.cpp
Examining data/icu-68.1/source/common/uchriter.cpp
Examining data/icu-68.1/source/common/umath.cpp
Examining data/icu-68.1/source/common/hash.h
Examining data/icu-68.1/source/common/servnotf.h
Examining data/icu-68.1/source/common/serv.cpp
Examining data/icu-68.1/source/common/udataswp.h
Examining data/icu-68.1/source/common/uinit.cpp
Examining data/icu-68.1/source/common/ucnv_u32.cpp
Examining data/icu-68.1/source/common/utrace.cpp
Examining data/icu-68.1/source/common/locid.cpp
Examining data/icu-68.1/source/common/wintz.cpp
Examining data/icu-68.1/source/common/ucnvlat1.cpp
Examining data/icu-68.1/source/common/ustrtrns.cpp
Examining data/icu-68.1/source/common/ucptrie.cpp
Examining data/icu-68.1/source/common/utrie2.cpp
Examining data/icu-68.1/source/common/util.h
Examining data/icu-68.1/source/common/cpputils.h
Examining data/icu-68.1/source/common/uniquecharstr.h
Examining data/icu-68.1/source/common/ucurrimp.h
Examining data/icu-68.1/source/common/bytestriebuilder.cpp
Examining data/icu-68.1/source/common/ucnv_imp.h
Examining data/icu-68.1/source/common/sharedobject.cpp
Examining data/icu-68.1/source/common/charstr.h
Examining data/icu-68.1/source/common/uniset_props.cpp
Examining data/icu-68.1/source/common/uobject.cpp
Examining data/icu-68.1/source/common/usetiter.cpp
Examining data/icu-68.1/source/common/unifunct.cpp
Examining data/icu-68.1/source/common/ucnv_u8.cpp
Examining data/icu-68.1/source/common/appendable.cpp
Examining data/icu-68.1/source/common/unistrappender.h
Examining data/icu-68.1/source/common/ucnvbocu.cpp
Examining data/icu-68.1/source/common/cstring.h
Examining data/icu-68.1/source/common/normalizer2impl.h
Examining data/icu-68.1/source/common/uresdata.cpp
Examining data/icu-68.1/source/common/servlkf.cpp
Examining data/icu-68.1/source/common/ucnv_cb.cpp
Examining data/icu-68.1/source/common/loclikelysubtags.h
Examining data/icu-68.1/source/common/uset_imp.h
Examining data/icu-68.1/source/common/ucat.cpp
Examining data/icu-68.1/source/common/pluralmap.h
Examining data/icu-68.1/source/common/uniset.cpp
Examining data/icu-68.1/source/common/ucnv2022.cpp
Examining data/icu-68.1/source/common/simpleformatter.cpp
Examining data/icu-68.1/source/common/ucnvmbcs.h
Examining data/icu-68.1/source/common/ubidi_props.h
Examining data/icu-68.1/source/common/bytestrieiterator.cpp
Examining data/icu-68.1/source/common/ucnv_u7.cpp
Examining data/icu-68.1/source/common/dictbe.h
Examining data/icu-68.1/source/common/ucnv_bld.h
Examining data/icu-68.1/source/common/ucharstriebuilder.cpp
Examining data/icu-68.1/source/common/ustr_cnv.cpp
Examining data/icu-68.1/source/common/ucasemap_imp.h
Examining data/icu-68.1/source/common/charstr.cpp
Examining data/icu-68.1/source/common/ucnv_u16.cpp
Examining data/icu-68.1/source/common/locavailable.cpp
Examining data/icu-68.1/source/common/ubidi_props_data.h
Examining data/icu-68.1/source/common/putilimp.h
Examining data/icu-68.1/source/common/utypeinfo.h
Examining data/icu-68.1/source/common/dtintrv.cpp
Examining data/icu-68.1/source/common/rbbiscan.h
Examining data/icu-68.1/source/common/messagepattern.cpp
Examining data/icu-68.1/source/common/punycode.h
Examining data/icu-68.1/source/common/locdistance.h
Examining data/icu-68.1/source/common/uenumimp.h
Examining data/icu-68.1/source/common/uarrsort.cpp
Examining data/icu-68.1/source/common/ucharstrie.cpp
Examining data/icu-68.1/source/common/ruleiter.cpp
Examining data/icu-68.1/source/common/rbbidata.cpp
Examining data/icu-68.1/source/common/brkiter.cpp
Examining data/icu-68.1/source/common/errorcode.cpp
Examining data/icu-68.1/source/common/propname.h
Examining data/icu-68.1/source/common/utrie_swap.cpp
Examining data/icu-68.1/source/common/unormcmp.cpp
Examining data/icu-68.1/source/common/ucptrie_impl.h
Examining data/icu-68.1/source/common/umutex.h
Examining data/icu-68.1/source/common/uassert.h
Examining data/icu-68.1/source/common/uvector.cpp
Examining data/icu-68.1/source/common/ucnv_ext.cpp
Examining data/icu-68.1/source/common/rbbi.cpp
Examining data/icu-68.1/source/common/ucurr.cpp
Examining data/icu-68.1/source/common/cwchar.cpp
Examining data/icu-68.1/source/common/ubrkimpl.h
Examining data/icu-68.1/source/common/ubidi_props.cpp
Examining data/icu-68.1/source/common/unistr_cnv.cpp
Examining data/icu-68.1/source/common/ucnv_err.cpp
Examining data/icu-68.1/source/common/cstr.cpp
Examining data/icu-68.1/source/common/servlk.cpp
Examining data/icu-68.1/source/common/ucln.h
Examining data/icu-68.1/source/common/ustr_imp.h
Examining data/icu-68.1/source/common/localsvc.h
Examining data/icu-68.1/source/common/propsvec.cpp
Examining data/icu-68.1/source/common/ustack.cpp
Examining data/icu-68.1/source/common/schriter.cpp
Examining data/icu-68.1/source/common/ucol_swp.h
Examining data/icu-68.1/source/common/ucmndata.h
Examining data/icu-68.1/source/common/loclikely.cpp
Examining data/icu-68.1/source/common/udatamem.h
Examining data/icu-68.1/source/common/ustrfmt.cpp
Examining data/icu-68.1/source/common/propname.cpp
Examining data/icu-68.1/source/common/filteredbrk.cpp
Examining data/icu-68.1/source/common/ulist.h
Examining data/icu-68.1/source/common/caniter.cpp
Examining data/icu-68.1/source/common/filterednormalizer2.cpp
Examining data/icu-68.1/source/common/icudataver.cpp
Examining data/icu-68.1/source/common/unifilt.cpp
Examining data/icu-68.1/source/common/ustrfmt.h
Examining data/icu-68.1/source/common/ustrenum.cpp
Examining data/icu-68.1/source/common/uvectr64.h
Examining data/icu-68.1/source/common/norm2allmodes.h
Examining data/icu-68.1/source/common/unicode/docmain.h
Examining data/icu-68.1/source/common/unicode/udata.h
Examining data/icu-68.1/source/common/unicode/symtable.h
Examining data/icu-68.1/source/common/unicode/uobject.h
Examining data/icu-68.1/source/common/unicode/uchar.h
Examining data/icu-68.1/source/common/unicode/uldnames.h
Examining data/icu-68.1/source/common/unicode/putil.h
Examining data/icu-68.1/source/common/unicode/filteredbrk.h
Examining data/icu-68.1/source/common/unicode/uenum.h
Examining data/icu-68.1/source/common/unicode/idna.h
Examining data/icu-68.1/source/common/unicode/utf.h
Examining data/icu-68.1/source/common/unicode/simpleformatter.h
Examining data/icu-68.1/source/common/unicode/platform.h
Examining data/icu-68.1/source/common/unicode/casemap.h
Examining data/icu-68.1/source/common/unicode/ucurr.h
Examining data/icu-68.1/source/common/unicode/ubidi.h
Examining data/icu-68.1/source/common/unicode/uclean.h
Examining data/icu-68.1/source/common/unicode/bytestrie.h
Examining data/icu-68.1/source/common/unicode/localematcher.h
Examining data/icu-68.1/source/common/unicode/icudataver.h
Examining data/icu-68.1/source/common/unicode/ubrk.h
Examining data/icu-68.1/source/common/unicode/utf16.h
Examining data/icu-68.1/source/common/unicode/normlzr.h
Examining data/icu-68.1/source/common/unicode/unorm2.h
Examining data/icu-68.1/source/common/unicode/dtintrv.h
Examining data/icu-68.1/source/common/unicode/ptypes.h
Examining data/icu-68.1/source/common/unicode/ucptrie.h
Examining data/icu-68.1/source/common/unicode/ucpmap.h
Examining data/icu-68.1/source/common/unicode/parsepos.h
Examining data/icu-68.1/source/common/unicode/uset.h
Examining data/icu-68.1/source/common/unicode/schriter.h
Examining data/icu-68.1/source/common/unicode/usetiter.h
Examining data/icu-68.1/source/common/unicode/uniset.h
Examining data/icu-68.1/source/common/unicode/unifilt.h
Examining data/icu-68.1/source/common/unicode/stringtriebuilder.h
Examining data/icu-68.1/source/common/unicode/urename.h
Examining data/icu-68.1/source/common/unicode/ucat.h
Examining data/icu-68.1/source/common/unicode/stringoptions.h
Examining data/icu-68.1/source/common/unicode/utext.h
Examining data/icu-68.1/source/common/unicode/unistr.h
Examining data/icu-68.1/source/common/unicode/uconfig.h
Examining data/icu-68.1/source/common/unicode/parseerr.h
Examining data/icu-68.1/source/common/unicode/normalizer2.h
Examining data/icu-68.1/source/common/unicode/resbund.h
Examining data/icu-68.1/source/common/unicode/unorm.h
Examining data/icu-68.1/source/common/unicode/utf8.h
Examining data/icu-68.1/source/common/unicode/uchriter.h
Examining data/icu-68.1/source/common/unicode/bytestriebuilder.h
Examining data/icu-68.1/source/common/unicode/uversion.h
Examining data/icu-68.1/source/common/unicode/ushape.h
Examining data/icu-68.1/source/common/unicode/chariter.h
Examining data/icu-68.1/source/common/unicode/edits.h
Examining data/icu-68.1/source/common/unicode/ucnvsel.h
Examining data/icu-68.1/source/common/unicode/ucnv_err.h
Examining data/icu-68.1/source/common/unicode/ucharstrie.h
Examining data/icu-68.1/source/common/unicode/uvernum.h
Examining data/icu-68.1/source/common/unicode/dbbi.h
Examining data/icu-68.1/source/common/unicode/umachine.h
Examining data/icu-68.1/source/common/unicode/char16ptr.h
Examining data/icu-68.1/source/common/unicode/utypes.h
Examining data/icu-68.1/source/common/unicode/ucnv_cb.h
Examining data/icu-68.1/source/common/unicode/umutablecptrie.h
Examining data/icu-68.1/source/common/unicode/utf32.h
Examining data/icu-68.1/source/common/unicode/utrace.h
Examining data/icu-68.1/source/common/unicode/localebuilder.h
Examining data/icu-68.1/source/common/unicode/ucasemap.h
Examining data/icu-68.1/source/common/unicode/uscript.h
Examining data/icu-68.1/source/common/unicode/ustringtrie.h
Examining data/icu-68.1/source/common/unicode/udisplaycontext.h
Examining data/icu-68.1/source/common/unicode/caniter.h
Examining data/icu-68.1/source/common/unicode/strenum.h
Examining data/icu-68.1/source/common/unicode/uidna.h
Examining data/icu-68.1/source/common/unicode/appendable.h
Examining data/icu-68.1/source/common/unicode/uloc.h
Examining data/icu-68.1/source/common/unicode/ures.h
Examining data/icu-68.1/source/common/unicode/localpointer.h
Examining data/icu-68.1/source/common/unicode/std_string.h
Examining data/icu-68.1/source/common/unicode/utf_old.h
Examining data/icu-68.1/source/common/unicode/ubiditransform.h
Examining data/icu-68.1/source/common/unicode/rep.h
Examining data/icu-68.1/source/common/unicode/locdspnm.h
Examining data/icu-68.1/source/common/unicode/errorcode.h
Examining data/icu-68.1/source/common/unicode/messagepattern.h
Examining data/icu-68.1/source/common/unicode/enumset.h
Examining data/icu-68.1/source/common/unicode/ucnv.h
Examining data/icu-68.1/source/common/unicode/ustring.h
Examining data/icu-68.1/source/common/unicode/stringpiece.h
Examining data/icu-68.1/source/common/unicode/usprep.h
Examining data/icu-68.1/source/common/unicode/unifunct.h
Examining data/icu-68.1/source/common/unicode/unimatch.h
Examining data/icu-68.1/source/common/unicode/urep.h
Examining data/icu-68.1/source/common/unicode/umisc.h
Examining data/icu-68.1/source/common/unicode/bytestream.h
Examining data/icu-68.1/source/common/unicode/brkiter.h
Examining data/icu-68.1/source/common/unicode/locid.h
Examining data/icu-68.1/source/common/unicode/icuplug.h
Examining data/icu-68.1/source/common/unicode/rbbi.h
Examining data/icu-68.1/source/common/unicode/ucharstriebuilder.h
Examining data/icu-68.1/source/common/unicode/uiter.h
Examining data/icu-68.1/source/common/ucln_cmn.h
Examining data/icu-68.1/source/common/ubrk.cpp
Examining data/icu-68.1/source/common/servrbf.cpp
Examining data/icu-68.1/source/common/servslkf.cpp
Examining data/icu-68.1/source/common/ucnv_io.h
Examining data/icu-68.1/source/common/locdispnames.cpp
Examining data/icu-68.1/source/common/rbbitblb.h
Examining data/icu-68.1/source/common/localebuilder.cpp
Examining data/icu-68.1/source/common/loclikelysubtags.cpp
Examining data/icu-68.1/source/common/uloc_tag.cpp
Examining data/icu-68.1/source/common/propname_data.h
Examining data/icu-68.1/source/common/characterproperties.cpp
Examining data/icu-68.1/source/common/normalizer2.cpp
Examining data/icu-68.1/source/common/serv.h
Examining data/icu-68.1/source/common/ubidiwrt.cpp
Examining data/icu-68.1/source/common/edits.cpp
Examining data/icu-68.1/source/common/locutil.cpp
Examining data/icu-68.1/source/common/locutil.h
Examining data/icu-68.1/source/common/icuplug.cpp
Examining data/icu-68.1/source/common/rbbidata.h
Examining data/icu-68.1/source/common/umutex.cpp
Examining data/icu-68.1/source/common/uiter.cpp
Examining data/icu-68.1/source/common/uset_props.cpp
Examining data/icu-68.1/source/common/servloc.h
Examining data/icu-68.1/source/common/utracimp.h
Examining data/icu-68.1/source/common/bytesinkutil.h
Examining data/icu-68.1/source/common/unistr_props.cpp
Examining data/icu-68.1/source/common/wintz.h
Examining data/icu-68.1/source/common/ucnv_lmb.cpp
Examining data/icu-68.1/source/common/uscript_props.cpp
Examining data/icu-68.1/source/common/uvectr32.cpp
Examining data/icu-68.1/source/common/bmpset.cpp
Examining data/icu-68.1/source/common/ustring.cpp
Examining data/icu-68.1/source/common/localeprioritylist.h
Examining data/icu-68.1/source/common/rbbi_cache.cpp
Examining data/icu-68.1/source/common/unames.cpp
Examining data/icu-68.1/source/common/utrie.h
Examining data/icu-68.1/source/common/unifiedcache.cpp
Examining data/icu-68.1/source/common/rbbirb.cpp
Examining data/icu-68.1/source/common/unistr_case_locale.cpp
Examining data/icu-68.1/source/common/uresbund.cpp
Examining data/icu-68.1/source/common/usc_impl.cpp
Examining data/icu-68.1/source/common/ucol_data.h
Examining data/icu-68.1/source/common/dictionarydata.h
Examining data/icu-68.1/source/common/normalizer2impl.cpp
Examining data/icu-68.1/source/common/rbbirb.h
Examining data/icu-68.1/source/common/cmemory.cpp
Examining data/icu-68.1/source/common/uvectr32.h
Examining data/icu-68.1/source/common/putil.cpp
Examining data/icu-68.1/source/common/bytestream.cpp
Examining data/icu-68.1/source/common/ucharstrieiterator.cpp
Examining data/icu-68.1/source/common/ruleiter.h
Examining data/icu-68.1/source/common/uarrsort.h
Examining data/icu-68.1/source/common/patternprops.cpp
Examining data/icu-68.1/source/common/rbbi_cache.h
Examining data/icu-68.1/source/common/ucnv_set.cpp
Examining data/icu-68.1/source/common/static_unicode_sets.h
Examining data/icu-68.1/source/common/uscript.cpp
Examining data/icu-68.1/source/common/ustrenum.h
Examining data/icu-68.1/source/common/ulist.cpp
Examining data/icu-68.1/source/common/ucnvisci.cpp
Examining data/icu-68.1/source/common/ucnvscsu.cpp
Examining data/icu-68.1/source/common/ucln_cmn.cpp
Examining data/icu-68.1/source/common/rbbirpt.h
Examining data/icu-68.1/source/common/sharedobject.h
Examining data/icu-68.1/source/common/ulocimp.h
Examining data/icu-68.1/source/common/unistr_titlecase_brkiter.cpp
Examining data/icu-68.1/source/common/ustrcase.cpp
Examining data/icu-68.1/source/common/ulayout_props.h
Examining data/icu-68.1/source/common/norm2_nfc_data.h
Examining data/icu-68.1/source/common/ucnv_cnv.h
Examining data/icu-68.1/source/common/usc_impl.h
Examining data/icu-68.1/source/common/udataswp.cpp
Examining data/icu-68.1/source/common/brkeng.cpp
Examining data/icu-68.1/source/common/uvector.h
Examining data/icu-68.1/source/common/uloc_keytype.cpp
Examining data/icu-68.1/source/common/unifiedcache.h
Examining data/icu-68.1/source/common/punycode.cpp
Examining data/icu-68.1/source/common/lsr.h
Examining data/icu-68.1/source/common/resbund.cpp
Examining data/icu-68.1/source/common/unisetspan.h
Examining data/icu-68.1/source/common/cstring.cpp
Examining data/icu-68.1/source/common/utrie2.h
Examining data/icu-68.1/source/common/lsr.cpp
Examining data/icu-68.1/source/common/bytestrie.cpp
Examining data/icu-68.1/source/common/bytesinkutil.cpp
Examining data/icu-68.1/source/common/uset.cpp
Examining data/icu-68.1/source/common/ustrcase_locale.cpp
Examining data/icu-68.1/source/common/ubidiimp.h
Examining data/icu-68.1/source/common/chariter.cpp
Examining data/icu-68.1/source/common/udata.cpp
Examining data/icu-68.1/source/common/servls.cpp
Examining data/icu-68.1/source/common/ucase.h
Examining data/icu-68.1/source/common/uhash.cpp
Examining data/icu-68.1/source/common/ucase.cpp
Examining data/icu-68.1/source/common/uresdata.h
Examining data/icu-68.1/source/common/patternprops.h
Examining data/icu-68.1/source/common/normlzr.cpp
Examining data/icu-68.1/source/common/ubiditransform.cpp
Examining data/icu-68.1/source/common/ucnv.cpp
Examining data/icu-68.1/source/common/ucasemap.cpp
Examining data/icu-68.1/source/common/ucnv_ct.cpp
Examining data/icu-68.1/source/common/ucnv_bld.cpp
Examining data/icu-68.1/source/common/rbbiscan.cpp
Examining data/icu-68.1/source/common/rbbitblb.cpp
Examining data/icu-68.1/source/common/ucase_props_data.h
Examining data/icu-68.1/source/common/dictbe.cpp
Examining data/icu-68.1/source/common/locresdata.cpp
Examining data/icu-68.1/source/common/rbbinode.cpp
Examining data/icu-68.1/source/common/ucol_swp.cpp
Examining data/icu-68.1/source/common/ures_cnv.cpp
Examining data/icu-68.1/source/common/ustr_wcs.cpp
Examining data/icu-68.1/source/common/unistr.cpp
Examining data/icu-68.1/source/common/uloc.cpp
Examining data/icu-68.1/source/common/utf_impl.cpp
Examining data/icu-68.1/source/common/ushape.cpp
Examining data/icu-68.1/source/common/uposixdefs.h
Examining data/icu-68.1/source/common/utypes.cpp
Examining data/icu-68.1/source/common/rbbinode.h
Examining data/icu-68.1/source/common/restrace.h
Examining data/icu-68.1/source/common/utext.cpp
Examining data/icu-68.1/debian/tests/ustring.cpp

FINAL RESULTS:

data/icu-68.1/as_is/os400/iculd.c:131:12:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        if(readlink(b,linkbuf,200)>0) {
data/icu-68.1/as_is/os400/iculd.c:165:12:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        if(readlink(b,linkbuf,200)>0) {
data/icu-68.1/source/common/putil.cpp:1165:32:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        int32_t ret = (int32_t)readlink(TZDEFAULT, gTimeZoneBuffer, sizeof(gTimeZoneBuffer)-1);
data/icu-68.1/as_is/os400/iculd.c:108:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
          strcat(opt,argv[i]+9);
data/icu-68.1/as_is/os400/iculd.c:140:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(outbuf,mend);
data/icu-68.1/as_is/os400/iculd.c:150:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(objs,outputdir);
data/icu-68.1/as_is/os400/iculd.c:174:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
              strcpy(outbuf,mend);
data/icu-68.1/as_is/os400/iculd.c:184:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(bnddirs,outputdir);
data/icu-68.1/as_is/os400/iculd.c:196:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(libs,outputdir);
data/icu-68.1/as_is/os400/iculd.c:212:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(buf,"CRTPGM PGM(%s/%s) MODULE(%s) BNDSRVPGM(%s) BNDDIR(%s) OPTION(%s) REPLACE(*YES)",
data/icu-68.1/as_is/os400/iculd.c:231:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(path1,"/qsys.lib/%s.lib/%s.pgm",
data/icu-68.1/source/common/cstring.h:36:57:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define uprv_strcpy(dst, src) U_STANDARD_CPP_NAMESPACE  strcpy(dst, src)
data/icu-68.1/source/common/cstring.h:39:56:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
#define uprv_strcat(dst, src) U_STANDARD_CPP_NAMESPACE strcat(dst, src)
data/icu-68.1/source/common/cwchar.h:41:24:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
#   define uprv_wcscpy wcscpy
data/icu-68.1/source/common/cwchar.h:42:24:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
#   define uprv_wcscat wcscat
data/icu-68.1/source/common/icuplug.cpp:44:62:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DBG(x) fprintf(stderr, "%s:%d: ",__FILE__,__LINE__); fprintf x
data/icu-68.1/source/common/putil.cpp:2125:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(codepage,UCNV_SWAP_LFNL_OPTION_STRING);
data/icu-68.1/source/common/rbbirb.h:223:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define RBBIDebugPrintf printf
data/icu-68.1/source/common/udata.cpp:1456:59:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
U_CAPI void U_EXPORT2 udata_setFileAccess(UDataFileAccess access, UErrorCode * /*status*/)
data/icu-68.1/source/common/udata.cpp:1459:23:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    gDataFileAccess = access;
data/icu-68.1/source/common/unicode/udata.h:417:37:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
udata_setFileAccess(UDataFileAccess access, UErrorCode *status);
data/icu-68.1/source/common/unicode/utext.h:1242:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    UTextAccess *access;
data/icu-68.1/source/common/utext.cpp:42:24:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return ut->pFuncs->access(ut, index, forward);
data/icu-68.1/source/common/utext.cpp:117:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        ut->pFuncs->access(ut, index, TRUE);
data/icu-68.1/source/common/utext.cpp:130:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                ut->pFuncs->access(ut, ut->chunkNativeStart, FALSE);
data/icu-68.1/source/common/utext.cpp:192:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->pFuncs->access(ut, ut->chunkNativeLimit, TRUE) == FALSE) {
data/icu-68.1/source/common/utext.cpp:222:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->pFuncs->access(ut, nativePosition, TRUE)) {
data/icu-68.1/source/common/utext.cpp:225:31:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        UBool r = ut->pFuncs->access(ut, nativePosition, FALSE);  // reverse iteration flag loads preceding chunk
data/icu-68.1/source/common/utext.cpp:273:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->pFuncs->access(ut, ut->chunkNativeLimit, TRUE) == FALSE) {
data/icu-68.1/source/common/utext.cpp:287:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->pFuncs->access(ut, ut->chunkNativeLimit, TRUE) == FALSE) {
data/icu-68.1/source/common/utext.cpp:313:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->pFuncs->access(ut, ut->chunkNativeStart, FALSE) == FALSE) {
data/icu-68.1/source/common/utext.cpp:327:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->pFuncs->access(ut, ut->chunkNativeStart, FALSE) == FALSE) {
data/icu-68.1/source/common/utext.cpp:354:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if(!ut->pFuncs->access(ut, index, TRUE)) {
data/icu-68.1/source/common/utext.cpp:394:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if(!ut->pFuncs->access(ut, index, FALSE)) {
data/icu-68.1/source/common/utext.cpp:403:48:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (ut->chunkOffset==0 && !ut->pFuncs->access(ut, index, FALSE)) {
data/icu-68.1/source/i18n/astro.cpp:40:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, pat, ap);
data/icu-68.1/source/i18n/chnsecal.cpp:43:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, pat, ap);
data/icu-68.1/source/i18n/decNumber.cpp:7937:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
     else printf(spec, ar[i]);
data/icu-68.1/source/i18n/dtitvfmt.cpp:107:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mesg, "skeleton: %s; pattern: %s\n", result, result_1);
data/icu-68.1/source/i18n/dtitvfmt.cpp:764:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mesg, "in getBestSkeleton: fSkeleton: %s; \n", result);
data/icu-68.1/source/i18n/dtitvfmt.cpp:811:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mesg, "in getBestSkeleton: fSkeleton: %s; \n", result);
data/icu-68.1/source/i18n/dtitvinf.cpp:568:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mesg, "in getBestSkeleton: skeleton: %s; \n", result);
data/icu-68.1/source/i18n/dtitvinf.cpp:637:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mesg, "available skeletons: skeleton: %s; \n", result);
data/icu-68.1/source/i18n/islamcal.cpp:45:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, pat, ap);
data/icu-68.1/source/i18n/olsontz.cpp:45:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, pat, ap);
data/icu-68.1/source/i18n/plurrule.cpp:1881:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(buffer, sizeof(buffer), pattern, source);
data/icu-68.1/source/i18n/plurrule.cpp:1884:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(buffer, sizeof(buffer), pattern, source, exponent);
data/icu-68.1/source/i18n/regeximp.h:46:36:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define REGEX_SCAN_DEBUG_PRINTF(a) printf a
data/icu-68.1/source/i18n/timezone.cpp:60:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, pat, ap);
data/icu-68.1/source/i18n/ulocdata.cpp:229:16:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        return system;
data/icu-68.1/source/i18n/ulocdata.cpp:237:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    return system;
data/icu-68.1/source/samples/coll/coll.cpp:248:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(gHelpString);
data/icu-68.1/source/samples/layout/FontMap.cpp:50:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage, "Could not open the font map file: %s.", fileName);
data/icu-68.1/source/samples/layout/FontMap.cpp:81:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errorMessage, "The script name %s is invalid.", line);
data/icu-68.1/source/samples/layout/FontMap.cpp:106:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage, "The font map file %s does not contain any valid scripts.", fileName);
data/icu-68.1/source/samples/layout/FontMap.cpp:171:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    fFontNames[index] = strcpy(s, fontName);
data/icu-68.1/source/samples/layout/FontMap.cpp:214:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage, "No font was set for script %s", uscript_getName((UScriptCode) scriptCode));
data/icu-68.1/source/samples/layout/FontMap.cpp:224:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(errorMessage, "Could not open font file %s", fFontNames[fontIndex]);
data/icu-68.1/source/samples/layout/GDIFontInstance.cpp:158:5:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    lstrcpy(lf.lfFaceName, faceName);
data/icu-68.1/source/samples/layout/GDIFontInstance.cpp:246:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(lf.lfFaceName, faceName);
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:45:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage,"Couldn't open %s: %s \n", fileName, strerror(errno));
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:78:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage, "Couldn't detect the encoding of %s: (%2.2X, %2.2X, %2.2X, %2.2X)\n", fileName,
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:90:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage,"Couldn't get memory for reading %s: %s \n", fileName, strerror(errno));
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:98:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage,"Couldn't read %s: %s \n", fileName, strerror(errno));
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:113:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(errorMessage,"Couldn't get memory for reading %s: %s \n", fileName, strerror(errno));
data/icu-68.1/source/samples/layout/clayout.c:52:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(title, "%s - %s", APP_NAME, fileName);
data/icu-68.1/source/samples/layout/layout.cpp:51:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(title, "%s - %s", APP_NAME, fileName);
data/icu-68.1/source/samples/strsrch/strsrch.cpp:285:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(gHelpString);
data/icu-68.1/source/samples/uciter8/uciter8.c:37:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define log_err printf
data/icu-68.1/source/samples/ucnv/convsamp.cpp:58:73:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define U_ASSERT(x)  { if(U_FAILURE(x)) {fflush(stdout);fflush(stderr); fprintf(stderr, #x " == %s\n", u_errorName(x)); assert(U_SUCCESS(x)); }}
data/icu-68.1/source/samples/udata/reader.c:100:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(curPathBuffer, currdir);
data/icu-68.1/source/samples/uresb/uresb.c:130:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(resPathBuffer, currdir);
data/icu-68.1/source/test/cintltst/callcoll.c:1334:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(input, ucol_getAvailable(i));
data/icu-68.1/source/test/cintltst/callcoll.c:1337:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(input, keywordValue);
data/icu-68.1/source/test/cintltst/ccapitst.c:521:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ucs_file_name, U_TOPSRCDIR U_FILE_SEP_STRING"test"U_FILE_SEP_STRING"testdata"U_FILE_SEP_STRING);
data/icu-68.1/source/test/cintltst/ccapitst.c:523:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ucs_file_name, loadTestData(&err));
data/icu-68.1/source/test/cintltst/ccapitst.c:538:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(ucs_file_name,".."U_FILE_SEP_STRING);
data/icu-68.1/source/test/cintltst/ccapitst.c:540:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(ucs_file_name, CodePagesTestFiles[codepage_index]);
data/icu-68.1/source/test/cintltst/ccapitst.c:2642:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(testName, converterName);
data/icu-68.1/source/test/cintltst/ccapitst.c:3097:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(swapped, name);
data/icu-68.1/source/test/cintltst/ccapitst.c:3098:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(swapped, UCNV_SWAP_LFNL_OPTION_STRING);
data/icu-68.1/source/test/cintltst/ccapitst.c:3468:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(defaultName, ucnv_getDefaultName());
data/icu-68.1/source/test/cintltst/cctest.c:49:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(out, itsName); 
data/icu-68.1/source/test/cintltst/cctest.c:67:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(defaultName, ucnv_getDefaultName());
data/icu-68.1/source/test/cintltst/cintltst.c:328:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, __FILE__);
data/icu-68.1/source/test/cintltst/cintltst.c:342:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING );
data/icu-68.1/source/test/cintltst/cintltst.c:395:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, __FILE__);
data/icu-68.1/source/test/cintltst/cintltst.c:409:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "out" U_FILE_SEP_STRING);
data/icu-68.1/source/test/cintltst/cintltst.c:458:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(retStr, dataDir);
data/icu-68.1/source/test/cintltst/cintltst.c:559:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tdpath, directory);
data/icu-68.1/source/test/cintltst/cintltst.c:560:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tdpath, tdrelativepath);
data/icu-68.1/source/test/cintltst/cldrtest.c:807:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pattern, uscript_getShortName(scriptCodes[i]));
data/icu-68.1/source/test/cintltst/cloctst.c:296:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(testLocale,rawData2[NAME][i]);
data/icu-68.1/source/test/cintltst/cloctst.c:962:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(oldDirectory, temp);
data/icu-68.1/source/test/cintltst/cloctst.c:1849:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(p1_buff,r1_addr);
data/icu-68.1/source/test/cintltst/cloctst.c:1858:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(p1_buff,r1_addr);
data/icu-68.1/source/test/cintltst/cloctst.c:2157:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(buffer, kwSetTestCases[i].l);
data/icu-68.1/source/test/cintltst/cloctst.c:2201:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(cbuffer, kwSetTestCases[i].l);
data/icu-68.1/source/test/cintltst/cloctst.c:2243:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(buffer,kwSetTestCases[i].l);
data/icu-68.1/source/test/cintltst/cloctst.c:2270:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(buffer,kwSetTestCases[i].l);
data/icu-68.1/source/test/cintltst/cnmdptst.c:790:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(currLoc, uloc_getAvailable(i));
data/icu-68.1/source/test/cintltst/cnmdptst.c:792:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(locale, currLoc);
data/icu-68.1/source/test/cintltst/cnmdptst.c:794:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(locale, currencies[j]);
data/icu-68.1/source/test/cintltst/cnumtst.c:46:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(_fileline, "%s:%d: ASSERT_TRUE(%s)", f, l, msg);
data/icu-68.1/source/test/cintltst/crestst.c:311:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action, param[i].name);
data/icu-68.1/source/test/cintltst/crestst.c:387:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tag,frag);
data/icu-68.1/source/test/cintltst/crestst.c:389:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(action,param[i].name);
data/icu-68.1/source/test/cintltst/crestst.c:391:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action,tag);
data/icu-68.1/source/test/cintltst/creststn.c:703:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(path, sourcePath);
data/icu-68.1/source/test/cintltst/creststn.c:705:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(path, deltaPath);
data/icu-68.1/source/test/cintltst/creststn.c:1687:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action, param[i].name);
data/icu-68.1/source/test/cintltst/creststn.c:1757:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tag,frag);
data/icu-68.1/source/test/cintltst/creststn.c:1759:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(action,param[i].name);
data/icu-68.1/source/test/cintltst/creststn.c:1761:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action,tag);
data/icu-68.1/source/test/cintltst/creststn.c:1788:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tag,frag);
data/icu-68.1/source/test/cintltst/creststn.c:1790:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(action,param[i].name);
data/icu-68.1/source/test/cintltst/creststn.c:1792:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action,tag);
data/icu-68.1/source/test/cintltst/creststn.c:1829:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tag,frag);
data/icu-68.1/source/test/cintltst/creststn.c:1831:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(action,param[i].name);
data/icu-68.1/source/test/cintltst/creststn.c:1833:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action, tag);
data/icu-68.1/source/test/cintltst/creststn.c:1866:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tag,frag);
data/icu-68.1/source/test/cintltst/creststn.c:1868:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(action,param[i].name);
data/icu-68.1/source/test/cintltst/creststn.c:1870:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action,tag);
data/icu-68.1/source/test/cintltst/creststn.c:1963:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tag,frag);
data/icu-68.1/source/test/cintltst/creststn.c:1965:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(action,param[i].name);
data/icu-68.1/source/test/cintltst/creststn.c:1967:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(action, tag);
data/icu-68.1/source/test/cintltst/creststn.c:2009:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(item_tag, itoa1(idx,buf));
data/icu-68.1/source/test/cintltst/cstrcase.c:781:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cstrcase.c:789:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, aBc);
data/icu-68.1/source/test/cintltst/cstrcase.c:797:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, aBc);
data/icu-68.1/source/test/cintltst/cstrcase.c:805:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cstrcase.c:813:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cstrcase.c:821:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cstrcase.c:829:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cstrcase.c:837:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cstrcase.c:845:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(utf8Out, defg);
data/icu-68.1/source/test/cintltst/cucdapi.c:27:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(s, uscript_getShortName(scripts[i]));
data/icu-68.1/source/test/cintltst/cucdtst.c:86:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path, u_getDataDirectory());
data/icu-68.1/source/test/cintltst/cucdtst.c:87:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(path, ".." U_FILE_SEP_STRING "unidata" U_FILE_SEP_STRING);
data/icu-68.1/source/test/cintltst/cucdtst.c:88:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(path, filename);
data/icu-68.1/source/test/cintltst/cucdtst.c:93:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(backupPath, ctest_dataSrcDir());
data/icu-68.1/source/test/cintltst/cucdtst.c:94:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(backupPath, U_FILE_SEP_STRING);
data/icu-68.1/source/test/cintltst/cucdtst.c:95:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(backupPath, "unidata" U_FILE_SEP_STRING);
data/icu-68.1/source/test/cintltst/cucdtst.c:96:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(backupPath, filename);
data/icu-68.1/source/test/cintltst/hpmufn.c:70:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(retStr, dataDir);
data/icu-68.1/source/test/cintltst/nccbtst.c:79:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gNuConvTestName, "[testing %s %s Unicode, InputBufSiz=%d, OutputBufSiz=%d]",
data/icu-68.1/source/test/cintltst/ncnvfbts.c:123:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gNuConvTestName, "[Testing %s %s Unicode, InputBufSiz=%d, OutputBufSiz=%d]",
data/icu-68.1/source/test/cintltst/ncnvtst.c:58:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gNuConvTestName, "[Testing %s %s Unicode, InputBufSiz=%d, OutputBufSiz=%d]",
data/icu-68.1/source/test/cintltst/nucnvtst.c:346:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(gNuConvTestName, "[Testing %s %s Unicode, InputBufSiz=%d, OutputBufSiz=%d]",
data/icu-68.1/source/test/cintltst/reapits.c:974:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(expected, expectedResult);
data/icu-68.1/source/test/cintltst/reapits.c:991:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(expected, expectedResult2);
data/icu-68.1/source/test/cintltst/spooftest.c:141:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fileName, dataSrcDir);
data/icu-68.1/source/test/cintltst/spooftest.c:142:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fileName, U_FILE_SEP_STRING "unidata" U_FILE_SEP_STRING "confusables.txt");
data/icu-68.1/source/test/cintltst/spooftest.c:151:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fileName, dataSrcDir);
data/icu-68.1/source/test/cintltst/spooftest.c:152:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fileName, U_FILE_SEP_STRING "unidata" U_FILE_SEP_STRING "confusablesWholeScript.txt");
data/icu-68.1/source/test/cintltst/sprpdata.c:303:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename,srcdatapath);
data/icu-68.1/source/test/cintltst/sprpdata.c:304:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(filename,relativepath);
data/icu-68.1/source/test/cintltst/sprpdata.c:305:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(filename,txtFileName);
data/icu-68.1/source/test/cintltst/tracetst.c:91:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(expectedResult, result);
data/icu-68.1/source/test/cintltst/trietest.c:30:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define log_err printf
data/icu-68.1/source/test/cintltst/trietest.c:31:21:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define log_verbose printf
data/icu-68.1/source/test/cintltst/ucnvseltst.c:176:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(fnbuf, directory);
data/icu-68.1/source/test/cintltst/ucnvseltst.c:177:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fnbuf, TDSRCPATH);
data/icu-68.1/source/test/cintltst/ucnvseltst.c:178:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(fnbuf, filename);
data/icu-68.1/source/test/cintltst/ucptrietest.c:126:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name, "%s/%s(%s) min=U+%04lx", typeName, optionName, testName, (long)start);
data/icu-68.1/source/test/cintltst/udatatst.c:158:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(strcpy(path, ctest_dataOutDir()), U_ICUDATA_NAME);
data/icu-68.1/source/test/cintltst/udatatst.c:158:14:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcat(strcpy(path, ctest_dataOutDir()), U_ICUDATA_NAME);
data/icu-68.1/source/test/cintltst/udatatst.c:166:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(icuDataFilePath, path);
data/icu-68.1/source/test/cintltst/udatatst.c:195:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(path, ctest_dataOutDir());
data/icu-68.1/source/test/cintltst/udatatst.c:197:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(path, dirSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:198:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(path, U_ICUDATA_NAME);
data/icu-68.1/source/test/cintltst/udatatst.c:206:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(icuDataFilePath, path);
data/icu-68.1/source/test/cintltst/udatatst.c:247:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(icuDataFilePath, ctest_dataOutDir());
data/icu-68.1/source/test/cintltst/udatatst.c:249:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(icuDataFilePath, dirSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:250:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(icuDataFilePath, U_ICUDATA_NAME);
data/icu-68.1/source/test/cintltst/udatatst.c:251:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(icuDataFilePath, dirSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:259:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(icuDataFilePath, ctest_dataOutDir());
data/icu-68.1/source/test/cintltst/udatatst.c:261:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(icuDataFilePath, dirSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:262:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(icuDataFilePath, U_ICUDATA_NAME);
data/icu-68.1/source/test/cintltst/udatatst.c:359:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(longTestPath, dirSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:362:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(longTestPath, pathSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:363:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(longTestPath, testPath);
data/icu-68.1/source/test/cintltst/udatatst.c:377:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(longName, name);
data/icu-68.1/source/test/cintltst/udatatst.c:380:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(longName, dirSepString);
data/icu-68.1/source/test/cintltst/udatatst.c:381:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(longName, name);
data/icu-68.1/source/test/cintltst/udatatst.c:504:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(retStr, dataDir);
data/icu-68.1/source/test/cintltst/udatatst.c:1159:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(expectDataName, "%s%d%c",
data/icu-68.1/source/test/cintltst/udatatst.c:1628:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf((char *)context, fmt, args);
data/icu-68.1/source/test/cintltst/unumberformattertst.c:353:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(buffer, "measure-unit/%s per-measure-unit/%s",
data/icu-68.1/source/test/intltest/alphaindextst.cpp:650:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(msg, "getBucketIndex(%s)", testCase.name);
data/icu-68.1/source/test/intltest/alphaindextst.cpp:652:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(msg, "immutable getBucketIndex(%s)", testCase.name);
data/icu-68.1/source/test/intltest/alphaindextst.cpp:654:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(msg, "immutable bucket label (%s)", testCase.name);
data/icu-68.1/source/test/intltest/bidiconf.cpp:268:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(bidiTestPath, sourceTestDataPath);
data/icu-68.1/source/test/intltest/bidiconf.cpp:437:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(bidiTestPath, sourceTestDataPath);
data/icu-68.1/source/test/intltest/callimts.cpp:213:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(buf, testCase.type);
data/icu-68.1/source/test/intltest/compactdecimalformattest.cpp:511:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  sprintf(description,"%s - %s", locale.getName(), StyleStr(style));
data/icu-68.1/source/test/intltest/compactdecimalformattest.cpp:530:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(description,"%s - %s", locale.getName(), StyleStr(style));
data/icu-68.1/source/test/intltest/csdetest.cpp:246:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/intltest/csdetest.cpp:247:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/intltest/dcfmtest.cpp:201:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/intltest/dcfmtest.cpp:202:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1503:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(mesg, "interval date: %s\n", result);
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1626:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(mesg, "locale: %s\n", locName);
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1636:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(mesg, "original date: %s - %s\n", datestr, datestr_2);
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1670:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(mesg, "interval by skeleton: %s\n", result);
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1673:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(mesg, "interval date: %s\n", result);
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1697:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(mesg, "interval date: %s\n", result);
data/icu-68.1/source/test/intltest/dtptngts.cpp:1197:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(message, tests[i][0]);
data/icu-68.1/source/test/intltest/dtptngts.cpp:1199:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(message, tests[i][1]);
data/icu-68.1/source/test/intltest/idnaconf.cpp:79:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(absolute_name, path);
data/icu-68.1/source/test/intltest/idnaconf.cpp:80:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(absolute_name, name);
data/icu-68.1/source/test/intltest/intltest.cpp:460:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, __FILE__);
data/icu-68.1/source/test/intltest/intltest.cpp:474:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "out" U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/intltest.cpp:611:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(testToBeCalled.basePath, this->basePath );
data/icu-68.1/source/test/intltest/intltest.cpp:613:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(testToBeCalled.basePath, this->basePath ); // reset it.
data/icu-68.1/source/test/intltest/intltest.cpp:758:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(this->basePath, baseName);
data/icu-68.1/source/test/intltest/intltest.cpp:783:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(msg, "%s {", name);
data/icu-68.1/source/test/intltest/intltest.cpp:786:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(saveBaseLoc,name);
data/icu-68.1/source/test/intltest/intltest.cpp:789:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(currName, name); // set
data/icu-68.1/source/test/intltest/intltest.cpp:803:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(saveBaseLoc,name);
data/icu-68.1/source/test/intltest/intltest.cpp:812:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf( msg, "   } OK:   %s ", name );
data/icu-68.1/source/test/intltest/intltest.cpp:816:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(msg,  "   } ERRORS (%li) in %s", (long)(errorCount-lastErrorCount), name);
data/icu-68.1/source/test/intltest/intltest.cpp:974:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:988:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1002:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1015:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(fullpath, basePath);
data/icu-68.1/source/test/intltest/intltest.cpp:1016:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(fullpath, currName);
data/icu-68.1/source/test/intltest/intltest.cpp:1040:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1052:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1063:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1074:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1085:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1096:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/icu-68.1/source/test/intltest/intltest.cpp:1508:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(baseName, "/%s/", name);
data/icu-68.1/source/test/intltest/intltest.cpp:1628:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(tdpath, directory);
data/icu-68.1/source/test/intltest/intltest.cpp:1629:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(tdpath, tdrelativepath);
data/icu-68.1/source/test/intltest/intltest.cpp:1675:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path, pathToDataDirectory());
data/icu-68.1/source/test/intltest/intltest.cpp:1687:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(path, U_TOPSRCDIR  U_FILE_SEP_STRING "data");
data/icu-68.1/source/test/intltest/intltest.cpp:1697:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(path, testDataPath);
data/icu-68.1/source/test/intltest/intltest.cpp:1698:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(path, U_FILE_SEP_STRING ".." U_FILE_SEP_STRING ".."
data/icu-68.1/source/test/intltest/intltest.cpp:1702:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(path, U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/intltest.cpp:1746:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, __FILE__);
data/icu-68.1/source/test/intltest/intltest.cpp:1760:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING );
data/icu-68.1/source/test/intltest/listformattertest.cpp:85:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buf, "%24s %3d %3d %3d", attrString(id), id, start, limit);
data/icu-68.1/source/test/intltest/loctest.cpp:5363:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(testPath, sourceTestDataPath);
data/icu-68.1/source/test/intltest/normconf.cpp:79:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(unidataPath, folder);
data/icu-68.1/source/test/intltest/normconf.cpp:80:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, "unidata" U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/normconf.cpp:81:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, filename);
data/icu-68.1/source/test/intltest/normconf.cpp:92:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(unidataPath, folder);
data/icu-68.1/source/test/intltest/normconf.cpp:93:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, U_FILE_SEP_STRING ".." U_FILE_SEP_STRING ".."
data/icu-68.1/source/test/intltest/normconf.cpp:96:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, filename);
data/icu-68.1/source/test/intltest/normconf.cpp:107:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(unidataPath, folder);
data/icu-68.1/source/test/intltest/normconf.cpp:108:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/normconf.cpp:109:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, filename);
data/icu-68.1/source/test/intltest/normconf.cpp:120:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(unidataPath, folder);
data/icu-68.1/source/test/intltest/normconf.cpp:121:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, U_FILE_SEP_STRING ".." U_FILE_SEP_STRING ".." U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/normconf.cpp:122:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(unidataPath, filename);
data/icu-68.1/source/test/intltest/normconf.cpp:131:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(unidataPath, U_TOPSRCDIR U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "unidata" U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/normconf.cpp:132:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(unidataPath, filename);
data/icu-68.1/source/test/intltest/normconf.cpp:138:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(unidataPath, U_TOPSRCDIR U_FILE_SEP_STRING "test" U_FILE_SEP_STRING "testdata" U_FILE_SEP_STRING);
data/icu-68.1/source/test/intltest/normconf.cpp:139:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(unidataPath, filename);
data/icu-68.1/source/test/intltest/normconf.cpp:452:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(msg, sizeof(msg), kMessages[mode], field);
data/icu-68.1/source/test/intltest/numfmtst.cpp:3121:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(theInfo, "For locale %s, string \"%s\", currency ",
data/icu-68.1/source/test/intltest/numfmtst.cpp:6659:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "%24s %3d %3d %3d", attrString(id), id, start, limit);
data/icu-68.1/source/test/intltest/numrgts.cpp:2750:21:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
      int32_t len = sprintf (_msg,"File %s, line %d: " #x "==" #y, __FILE__, __LINE__); \
data/icu-68.1/source/test/intltest/rbbitst.cpp:1405:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(testFileName, testDataDirectory);
data/icu-68.1/source/test/intltest/rbbitst.cpp:1406:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(testFileName, fileName);
data/icu-68.1/source/test/intltest/rbbitst.cpp:4297:21:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                    sprintf(hexCodePoint, format.c_str(), c);
data/icu-68.1/source/test/intltest/regextst.cpp:3158:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/intltest/regextst.cpp:3159:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/intltest/reldatefmttest.cpp:1202:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(
data/icu-68.1/source/test/intltest/reldatefmttest.cpp:1231:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(
data/icu-68.1/source/test/intltest/reldatefmttest.cpp:1254:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(
data/icu-68.1/source/test/intltest/ssearch.cpp:118:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/intltest/ssearch.cpp:119:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/intltest/strtest.cpp:750:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(expected, longStr);
data/icu-68.1/source/test/intltest/strtest.cpp:751:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(expected, longStr+4);
data/icu-68.1/source/test/intltest/strtest.cpp:752:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(expected, longStr);
data/icu-68.1/source/test/intltest/strtest.cpp:753:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(expected, longStr+4);
data/icu-68.1/source/test/intltest/strtest.cpp:765:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(expected, longStr);
data/icu-68.1/source/test/intltest/tmsgfmt.cpp:1725:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(buf, "[%2d] test \"%s\": target (\"%s\") != result (\"%s\")\n", i/2, patterns[i], patterns[i+1], buf2);
data/icu-68.1/source/test/intltest/transrt.cpp:983:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp, HALFWIDTH_KATAKANA);
data/icu-68.1/source/test/intltest/transrt.cpp:984:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp, LENGTH);
data/icu-68.1/source/test/intltest/transrt.cpp:1006:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp, KATAKANA_ITERATION);
data/icu-68.1/source/test/intltest/transrt.cpp:1007:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp, HALFWIDTH_KATAKANA);
data/icu-68.1/source/test/intltest/tsmthred.cpp:799:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(testDataPath, IntlTest::getSourceTestData(status));
data/icu-68.1/source/test/intltest/tsmthred.cpp:813:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataPath);
data/icu-68.1/source/test/intltest/tsmthred.cpp:814:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, type);
data/icu-68.1/source/test/intltest/tsmthred.cpp:823:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer+bufLen, ext);
data/icu-68.1/source/test/intltest/tsmthred.cpp:829:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(buffer, ext);
data/icu-68.1/source/test/intltest/tsmthred.cpp:834:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(buffer, ext);
data/icu-68.1/source/test/intltest/uobjtest.cpp:500:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(junk, " %4d:\t%p\t%s\t%s\n", 
data/icu-68.1/source/test/intltest/usettest.cpp:3706:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(testName, s);
data/icu-68.1/source/test/intltest/utxttest.cpp:1388:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    ut->pFuncs->access(ut, 0, TRUE);
data/icu-68.1/source/test/intltest/winnmtst.cpp:304:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(localeID, lcidRecords[i].localeID);
data/icu-68.1/source/test/iotest/filetst.c:925:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(convName, u_fgetcodepage(myFile));
data/icu-68.1/source/test/iotest/filetst.c:1063:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1069:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1075:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1082:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1088:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1094:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1112:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1118:14:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        n += fscanf(myCFile, "%s", readBuf);
data/icu-68.1/source/test/iotest/filetst.c:1167:19:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    cNumPrinted = sprintf(buffer, cFormat, cValue);\
data/icu-68.1/source/test/iotest/filetst.c:1348:23:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        cNumScanned = sscanf(cValue, format, buffer);
data/icu-68.1/source/test/iotest/iotest.cpp:96:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(p, __FILE__);
data/icu-68.1/source/test/iotest/iotest.cpp:110:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING );
data/icu-68.1/source/test/iotest/iotest.cpp:152:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(tdpath, directory);
data/icu-68.1/source/test/iotest/iotest.cpp:153:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(tdpath, tdrelativepath);
data/icu-68.1/source/test/iotest/iotest.cpp:772:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, __FILE__);
data/icu-68.1/source/test/iotest/iotest.cpp:786:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "out" U_FILE_SEP_STRING);
data/icu-68.1/source/test/iotest/strtst.c:369:19:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    cNumPrinted = sprintf(buffer, cFormat, cValue);\
data/icu-68.1/source/test/iotest/strtst.c:626:23:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        cNumScanned = sscanf(cValue, format, buffer);
data/icu-68.1/source/test/letest/cletest.c:392:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/letest/cletest.c:393:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/letest/gendata.cpp:74:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/letest/gendata.cpp:75:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/letest/gendata.cpp:160:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(outputFile, header, local->tm_year + 1900, tmString);
data/icu-68.1/source/test/letest/letest.cpp:439:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buffer, testDataDirectory);
data/icu-68.1/source/test/letest/letest.cpp:440:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buffer, filename);
data/icu-68.1/source/test/letest/letest.cpp:1015:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(p, __FILE__);
data/icu-68.1/source/test/letest/letest.cpp:1029:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(pBackSlash, U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "out" U_FILE_SEP_STRING);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:161:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:250:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:289:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:336:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:391:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:435:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:480:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:527:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:575:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:704:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(locale, loc);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:782:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(locale, loc);
data/icu-68.1/source/test/perf/charperf/charperf.cpp:57:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr,gUsageString, "charperf");
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1430:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(gUsageString);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:278:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(name,"%s:p=|%s|,str=|%s|",getClassName(),fCPat,fCStr);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:406:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(name,"%s:p=|%s|,str=|%s|",getClassName(),fCPat,fCStr);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:491:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(name,"%s:p=|%s|,str=|%s|",getClassName(),fCPat,fCStr);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:618:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(name,"%s:p=|%s|,str=|%s|,sp=|%s|",getClassName(),fCPat,fCStr, fExpect.data());
data/icu-68.1/source/test/perf/normperf/normperf.cpp:129:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr,gUsageString, "normperf");
data/icu-68.1/source/test/perf/strsrchperf/strsrchperf.cpp:25:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr,gUsageString, "strsrchperf");
data/icu-68.1/source/test/perf/ubrkperf/ubrkperf.cpp:223:8:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
       fprintf(stderr, gUsageString, "ubrkperf");
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:647:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(gUsageString);
data/icu-68.1/source/tools/ctestfw/ctest.c:354:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pathToFunction, nodeList[i]->name);
data/icu-68.1/source/tools/ctestfw/ctest.c:355:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(pathToFunction, separatorString);
data/icu-68.1/source/tools/ctestfw/ctest.c:357:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(pathToFunction, nodeList[i]->name); /* including 'root' */
data/icu-68.1/source/tools/ctestfw/ctest.c:389:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(gTestName, pathToFunction);
data/icu-68.1/source/tools/ctestfw/ctest.c:413:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
          strcpy(ERROR_LOG[ERRONEOUS_FUNCTION_COUNT++], pathToFunction);
data/icu-68.1/source/tools/ctestfw/ctest.c:687:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, pattern, ap);
data/icu-68.1/source/tools/ctestfw/ctest.c:707:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buf, pattern, ap);
data/icu-68.1/source/tools/ctestfw/ctest.c:729:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, pattern, ap);
data/icu-68.1/source/tools/ctestfw/ctest.c:748:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, pattern, ap);
data/icu-68.1/source/tools/ctestfw/ctest.c:761:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, pattern, ap);
data/icu-68.1/source/tools/ctestfw/ctest.c:778:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stdout, pattern, ap);
data/icu-68.1/source/tools/ctestfw/ctest.c:1282:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(XML_PREFIX,rootName);
data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp:44:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
        vsprintf(buffer, fmt, ap);
data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp:71:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
        vsprintf(buffer, fmt, ap);
data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp:96:9:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
        vsprintf(buffer, fmt, ap);
data/icu-68.1/source/tools/genbrk/genbrk.cpp:182:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(msg, "genbrk writes dummy %s because of UCONFIG_NO_BREAK_ITERATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName);
data/icu-68.1/source/tools/genccode/genccode.c:174:17:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                fprintf(stdout, message, filename);
data/icu-68.1/source/tools/gencfu/gencfu.cpp:196:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(msg, "gencfu writes dummy %s because of UCONFIG_NO_REGULAR_EXPRESSIONS and/or UCONFIG_NO_NORMALIZATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName);
data/icu-68.1/source/tools/gendict/gendict.cpp:304:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(msg, "gendict writes dummy %s because of UCONFIG_NO_BREAK_ITERATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:831:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const UVersionInfo %s_formatVersion={", name);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:833:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const UVersionInfo %s_dataVersion={", name);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:835:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const int32_t %s_indexes[Normalizer2Impl::IX_COUNT]={\n", name);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:840:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const uint16_t %s_extraData[%%ld]={\n", name);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:842:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const uint8_t %s_smallFCD[%%ld]={\n", name);
data/icu-68.1/source/tools/genrb/errmsg.c:32:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, msg, va);
data/icu-68.1/source/tools/genrb/errmsg.c:70:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, msg, va);
data/icu-68.1/source/tools/genrb/wrtjava.cpp:473:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(byteBuffer, byteDecl, byteArray[byteIterator]);
data/icu-68.1/source/tools/genrb/wrtjava.cpp:477:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(byteBuffer, byteDecl, (byteArray[byteIterator]-256));
data/icu-68.1/source/tools/icupkg/icupkg.cpp:538:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(outFilenameBuffer, inFilename);
data/icu-68.1/source/tools/icuswap/icuswap.cpp:82:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf((FILE *)context, fmt, args);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:537:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "bash -c \"%s\"", command);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:540:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "QSH CMD('%s')", command);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:553:18:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    int result = system(cmd);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:692:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(checkLibFile, "%s%s", targetDir, libFileNames[LIB_FILE_VERSION]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:929:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE], "%s", libName);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:931:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE], "%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:937:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE], "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:948:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_MINGW], "lib%s.dll.a", libName);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:950:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_CYGWIN], "cyg%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:954:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_CYGWIN_VERSION], "cyg%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:963:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:968:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:975:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_OS390BATCH_VERSION], "%s%s.x",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:978:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_OS390BATCH_MAJOR], "%s%s.x",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:983:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:988:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:997:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION_MAJOR], "%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1002:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION], "%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1007:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION_MAJOR], "%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1014:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION], "%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1032:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(libFileNames[LIB_FILE_VERSION], "%s.%s", libFileNames[LIB_FILE], pkgDataFlags[A_EXT]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1055:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "cd %s && %s %s && %s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1071:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name1, "%s", libFileNames[LIB_FILE_CYGWIN]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1072:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name2, "%s", libFileNames[LIB_FILE_CYGWIN_VERSION]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1076:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s/%s", targetDir, libFileNames[LIB_FILE_OS390BATCH_VERSION]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1078:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cmd, "cd %s && %s %s && %s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1091:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cmd, "cd %s && %s %s.x && %s %s %s.x",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1106:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name1, "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1107:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name2, "%s", libFileNames[LIB_FILE_VERSION]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1115:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name1, "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1116:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(name2, "%s", libFileNames[LIB_FILE_VERSION]);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1119:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "cd %s && %s %s && %s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1154:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "cd %s && %s %s.lib %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1167:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "cd %s && %s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1182:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1217:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "%s %s %s", pkgDataFlags[INSTALL_CMD], fileName, installDir);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1219:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "%s %s %s %s", WIN_INSTALL_CMD, fileName, installDir, WIN_INSTALL_CMD_FLAGS);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1290:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "%s %s %s %s", WIN_INSTALL_CMD, srcDir, installDir, WIN_INSTALL_CMD_FLAGS);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1311:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(libFileNames[LIB_FILE_VERSION], "%s%s%s.%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1317:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s %s%s %s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1331:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s%s", 
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1343:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1392:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s %s%s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1401:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cmd, "%s %s%s", 
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1427:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s%s%s %s -o %s%s %s %s%s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1435:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s%s%s %s -o %s%s %s %s%s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1443:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s%s;%s %s -o %s%s %s %s%s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1452:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s -o %s%s %s %s%s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1476:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(PDS_Name, "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1479:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(PDS_Name, getenv("ICU_PDS_NAME_SUFFIX"));
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1481:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(PDS_Name, "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1485:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(PDS_Name, "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1491:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(PDS_Name, "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1494:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(PDS_Name, getenv("ICU_PDS_NAME_SUFFIX"));
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1496:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(PDS_Name, "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1500:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(PDS_Name, "%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1507:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(PDS_LibName,"%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1513:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cmd, "%s %s -o %s %s %s%s %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1557:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd.getAlias(), "%s %s -o %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1617:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(icudtAll, "%s%s%sall.c",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1661:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cmd, "%s %s -o %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1672:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(buffer, "%s",tempObjectFile);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1685:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(dataDirName, "%s%s", DATA_PREFIX[n], PKGDATA_FILE_SEP_STRING);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1734:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(cmd, "#include \"%s\"\n", gencmnFile);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1744:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s -o %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1771:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(cmd, "%s %s -I. -o %s %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1822:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(staticLibFilePath, "%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1829:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(staticLibFilePath, "%s%s%s%s%s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1837:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s\"%s\" \"%s\"",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1877:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(resFilePath, "\"%s\"", tmpResFilePath);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1907:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s\"%s\" %s %s\"%s\" \"%s\" %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2019:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(tmpbuffer, "%s%s ", o->entryName, UDATA_CMN_INTERMEDIATE_SUFFIX);
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2190:21:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    p.adoptInstead( popen(cmdBuf.data(), "r") );
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2264:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(cmd, "%s %s -o %s",
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2270:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(optMatchArch, "%s", obj);
data/icu-68.1/source/tools/toolutil/package.cpp:65:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf((FILE *)context, fmt, args);
data/icu-68.1/source/tools/toolutil/package.cpp:261:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(filename, path);
data/icu-68.1/source/tools/toolutil/package.cpp:277:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s, name);
data/icu-68.1/source/tools/toolutil/package.cpp:440:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(pkgPrefix, p);
data/icu-68.1/source/tools/toolutil/package.cpp:1047:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(items[idx].name, name);
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:338:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    count = snprintf(
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:364:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    count = snprintf(
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:414:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(entry, optName);
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:341:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buffer,
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:353:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buffer, "extern const char\n    %s%s[]", symPrefix?symPrefix:"", files[0].pathname);
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:356:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(buffer, ",\n    %s%s[]", symPrefix?symPrefix:"", files[i].pathname);
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:361:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:393:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buffer, "        { \"%s\", %s%s }", files[0].basename, symPrefix?symPrefix:"", files[0].pathname);
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:396:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(buffer, ",\n        { \"%s\", %s%s }", files[i].basename, symPrefix?symPrefix:"", files[i].pathname);
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:52:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf((FILE *)context, fmt, args);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:61:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(f, header, filename, buffer);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:63:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(f, header, filename, generator);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:91:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(buffer,
data/icu-68.1/source/tools/toolutil/writesrc.cpp:150:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(f, prefix, (long)length);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:175:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(f, value<=9 ? "%lu" : "0x%lx", (unsigned long)value);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:299:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const uint16_t %s_trieIndex[%%ld]={\n", name);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:300:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line2, "static const uint%d_t %s_trieData[%%ld]={\n", (int)width, name);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:302:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, "static const UCPTrie %s_trie={\n", name);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:303:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line2, "%s_trieIndex", name);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:304:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line3, "%s_trieData", name);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:317:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(f, prefix, (long)length);
data/icu-68.1/source/tools/toolutil/writesrc.cpp:338:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(f, c<0x20 ? "%u" : "'%c'", c);
data/icu-68.1/source/tools/tzcode/asctime.c:106:9:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	(void) sprintf(result,
data/icu-68.1/source/tools/tzcode/asctime.c:113:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		return strcpy(buf, result);
data/icu-68.1/source/tools/tzcode/ialloc.c:24:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(result + oldsize, new);
data/icu-68.1/source/tools/tzcode/localtime.c:371:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(fullname, p);
data/icu-68.1/source/tools/tzcode/localtime.c:373:11:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			(void) strcat(fullname, name);
data/icu-68.1/source/tools/tzcode/localtime.c:381:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
		if (doaccess && access(name, R_OK) != 0)
data/icu-68.1/source/tools/tzcode/localtime.c:1217:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		(void) strcpy(lcl_TZname, name);
data/icu-68.1/source/tools/tzcode/localtime.c:1238:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		(void) strcpy(lclptr->chars, gmt);
data/icu-68.1/source/tools/tzcode/scheck.c:60:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(string, fbuf, &dummy) != 1)
data/icu-68.1/source/tools/tzcode/zdump.c:270:11:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			(void) fprintf(stderr, tformat(), *tp);
data/icu-68.1/source/tools/tzcode/zdump.c:280:11:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			(void) fprintf(stderr, tformat(), t);
data/icu-68.1/source/tools/tzcode/zdump.c:544:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		(void) strcpy(&fakeenv[0][3], argv[i]);
data/icu-68.1/source/tools/tzcode/zdump.c:561:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(path, dirarg);
data/icu-68.1/source/tools/tzcode/zdump.c:564:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(path, argv[i]);
data/icu-68.1/source/tools/tzcode/zdump.c:808:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			(void) printf(tformat(), t);
data/icu-68.1/source/tools/tzcode/zdump.c:1047:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(path, basedir);
data/icu-68.1/source/tools/tzcode/zdump.c:1050:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(path, relpath);
data/icu-68.1/source/tools/tzcode/zdump.c:1062:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(pzonename, relpath);
data/icu-68.1/source/tools/tzcode/zdump.c:1084:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(subpath, relpath);
data/icu-68.1/source/tools/tzcode/zdump.c:1086:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
				strcat(subpath, dir->d_name);
data/icu-68.1/source/tools/tzcode/zdump.c:1088:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(subpath, dir->d_name);
data/icu-68.1/source/tools/tzcode/zic.c:482:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void ATTRIBUTE_FORMAT((printf, 1, 0))
data/icu-68.1/source/tools/tzcode/zic.c:491:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, string, args);
data/icu-68.1/source/tools/tzcode/zic.c:499:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void ATTRIBUTE_FORMAT((printf, 1, 2))
data/icu-68.1/source/tools/tzcode/zic.c:508:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
static void ATTRIBUTE_FORMAT((printf, 1, 2))
data/icu-68.1/source/tools/tzcode/zic.c:791:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    && access(fromname, F_OK) == 0 && !itsdir(fromname)) {
data/icu-68.1/source/tools/tzcode/zic.c:877:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	accres = access(myname, F_OK);
data/icu-68.1/source/tools/tzcode/zic.c:1089:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(string, scheck(string, "%"SCNdZIC), &hh) == 1)
data/icu-68.1/source/tools/tzcode/zic.c:1091:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	else if (sscanf(string, scheck(string, "%"SCNdZIC":%d"), &hh, &mm) == 2)
data/icu-68.1/source/tools/tzcode/zic.c:1093:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	else if (sscanf(string, scheck(string, "%"SCNdZIC":%d:%d"),
data/icu-68.1/source/tools/tzcode/zic.c:1281:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(cp, scheck(cp, "%"SCNdZIC), &year) != 1) {
data/icu-68.1/source/tools/tzcode/zic.c:1316:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	if (sscanf(cp, scheck(cp, "%d"), &day) != 1 ||
data/icu-68.1/source/tools/tzcode/zic.c:1456:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	} else if (sscanf(cp, scheck(cp, "%"SCNdZIC), &rp->r_loyear) != 1) {
data/icu-68.1/source/tools/tzcode/zic.c:1478:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	} else if (sscanf(cp, scheck(cp, "%"SCNdZIC), &rp->r_hiyear) != 1) {
data/icu-68.1/source/tools/tzcode/zic.c:1531:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		if (sscanf(ep, scheck(ep, "%d"), &rp->r_dayofmonth) != 1 ||
data/icu-68.1/source/tools/tzcode/zic.c:1688:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	(void) sprintf(fullname, "%s/%s", directory, name);
data/icu-68.1/source/tools/tzcode/zic.c:1849:12:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				(void) strcpy(&thischars[(int) thischarcnt],
data/icu-68.1/source/tools/tzcode/zic.c:1956:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(abbr, format);
data/icu-68.1/source/tools/tzcode/zic.c:1957:15:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		else	(void) sprintf(abbr, format, letters);
data/icu-68.1/source/tools/tzcode/zic.c:1959:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		(void) strcpy(abbr, slashp + 1);
data/icu-68.1/source/tools/tzcode/zic.c:2602:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
					(void) strcpy(startbuf, zp->z_format);
data/icu-68.1/source/tools/tzcode/zic.c:2692:11:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			(void) strcpy(chars, &chars[abbrinds[type]]);
data/icu-68.1/source/tools/tzcode/zic.c:2837:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	(void) sprintf(buf, "%s %d %s", yitcommand, year, type);
data/icu-68.1/source/tools/tzcode/zic.c:2838:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	result = system(buf);
data/icu-68.1/source/tools/tzcode/zic.c:3103:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	(void) strcpy(&chars[charcnt], string);
data/icu-68.1/as_is/os400/iculd.c:67:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *outputdir=getenv("OUTPUTDIR");
data/icu-68.1/source/common/icuplug.cpp:728:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *env = getenv("ICU_PLUGINS");
data/icu-68.1/source/common/putil.cpp:260:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char *fake_start = getenv("U_FAKETIME_START");
data/icu-68.1/source/common/putil.cpp:861:68:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    fprintf(stderr, "TZ=%s std=%s dst=%s daylight=%d offset=%d\n", getenv("TZ"), stdID, dstID, daylightType, offset);
data/icu-68.1/source/common/putil.cpp:1138:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    tzid = getenv("TZ");
data/icu-68.1/source/common/putil.cpp:1434:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        path=getenv("ICU_DATA");
data/icu-68.1/source/common/putil.cpp:1448:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char *prefix = getenv(ICU_DATA_DIR_PREFIX_ENV_VAR);
data/icu-68.1/source/common/putil.cpp:1516:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *prefix = getenv(ICU_TIMEZONE_FILES_DIR_PREFIX_ENV_VAR);
data/icu-68.1/source/common/putil.cpp:1531:11:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dir = getenv("ICU_TIMEZONE_FILES_DIR");
data/icu-68.1/source/common/putil.cpp:1606:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            posixID = getenv("LC_ALL");
data/icu-68.1/source/common/putil.cpp:1612:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                posixID = getenv(category == LC_MESSAGES ? "LC_MESSAGES" : "LC_CTYPE");
data/icu-68.1/source/common/putil.cpp:1616:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                posixID = getenv(category == LC_MESSAGES ? "LC_MESSAGES" : "LC_CTYPE");
data/icu-68.1/source/common/putil.cpp:1619:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                    posixID = getenv("LANG");
data/icu-68.1/source/common/putil.cpp:1852:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const  char *localeID = getenv("LC_ALL");
data/icu-68.1/source/common/putil.cpp:1856:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        localeID = getenv("LANG");
data/icu-68.1/source/common/rbbi.cpp:345:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *debugEnv = getenv("U_RBBIDEBUG");
data/icu-68.1/source/common/rbbidata.cpp:139:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *debugEnv = getenv("U_RBBIDEBUG");
data/icu-68.1/source/common/rbbirb.cpp:57:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    fDebugEnv   = getenv("U_RBBIDEBUG");
data/icu-68.1/source/i18n/japancal.cpp:86:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *envVarVal = getenv(TENTATIVE_ERA_VAR_NAME);
data/icu-68.1/source/i18n/usearch.cpp:3855:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("USEARCH_DEBUG") != NULL) {
data/icu-68.1/source/i18n/usearch.cpp:4087:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (getenv("USEARCH_DEBUG") != NULL) {
data/icu-68.1/source/i18n/usearch.cpp:4114:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("USEARCH_DEBUG") != NULL) {
data/icu-68.1/source/i18n/usearch.cpp:4155:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("USEARCH_DEBUG") != NULL) {
data/icu-68.1/source/i18n/usearch.cpp:4381:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (getenv("USEARCH_DEBUG") != NULL) {
data/icu-68.1/source/i18n/usearch.cpp:4397:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("USEARCH_DEBUG") != NULL) {
data/icu-68.1/source/test/cintltst/cintltst.c:443:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("ICU_DATA") == NULL) {
data/icu-68.1/source/test/cintltst/cloctst.c:6990:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *env_var = getenv("LANG");
data/icu-68.1/source/test/cintltst/cnormtst.c:663:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand((unsigned)time( NULL ));
data/icu-68.1/source/test/cintltst/creststn.c:60:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/cintltst/utmstest.c:50:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/intltest/dtfmtrtts.cpp:229:13:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        if (random >= 0 && random < 24 && TEST_TABLE[i]) {
data/icu-68.1/source/test/intltest/dtfmtrtts.cpp:229:28:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        if (random >= 0 && random < 24 && TEST_TABLE[i]) {
data/icu-68.1/source/test/intltest/dtfmtrtts.h:54:35:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    return ((uint32_t) (IntlTest::random() * (1<<16))) |
data/icu-68.1/source/test/intltest/dtfmtrtts.h:55:35:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
          (((uint32_t) (IntlTest::random() * (1<<16))) << 16);
data/icu-68.1/source/test/intltest/intltest.cpp:426:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *original_ICU_DATA = getenv("ICU_DATA");
data/icu-68.1/source/test/intltest/intltest.cpp:1809:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
float IntlTest::random(int32_t* seedp) {
data/icu-68.1/source/test/intltest/intltest.cpp:1834:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
float IntlTest::random() {
data/icu-68.1/source/test/intltest/intltest.cpp:1835:12:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    return random(&RAND_SEED);
data/icu-68.1/source/test/intltest/intltest.h:248:18:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    static float random(int32_t* seedp);
data/icu-68.1/source/test/intltest/intltest.h:253:18:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    static float random();
data/icu-68.1/source/test/intltest/mnkytst.cpp:81:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand( (unsigned)time( NULL ) );
data/icu-68.1/source/test/intltest/mnkytst.cpp:156:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand( (unsigned)time( NULL ) );
data/icu-68.1/source/test/intltest/restest.cpp:151:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/intltest/restsnew.cpp:187:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/intltest/testidna.cpp:1338:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/intltest/winnmtst.cpp:71:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/intltest/winnmtst.cpp:91:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/intltest/winnmtst.cpp:125:9:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        srand((unsigned)time(NULL));
data/icu-68.1/source/test/iotest/iotest.cpp:820:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("ICU_DATA") == NULL) {
data/icu-68.1/source/test/letest/letest.cpp:1063:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("ICU_DATA") == NULL) {
data/icu-68.1/source/test/perf/collperf/collperf.cpp:422:36:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        void binary_search(int32_t random)	{
data/icu-68.1/source/test/perf/collperf/collperf.cpp:432:33:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                r = (this->*fn)(random, guess);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:76:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while((c=getopt(argc,argv,"lf:t:")) != EOF) {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1475:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (env_tmp = getenv("ICU_PDS_NAME")) {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1479:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                strcat(PDS_Name, getenv("ICU_PDS_NAME_SUFFIX"));
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1480:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            } else if (env_tmp = getenv("PDS_NAME_PREFIX")) {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1490:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            if (env_tmp = getenv("ICU_PDS_NAME")) {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1494:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                strcat(PDS_Name, getenv("ICU_PDS_NAME_SUFFIX"));
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1495:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            } else if (env_tmp = getenv("PDS_NAME_PREFIX")) {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1509:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                    getenv("LOADMOD"),
data/icu-68.1/source/tools/tzcode/localtime.c:1207:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	name = getenv("TZ");
data/icu-68.1/source/tools/tzcode/zdump.c:212:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int	getopt(int argc, char * const argv[],
data/icu-68.1/source/tools/tzcode/zdump.c:386:10:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		switch(getopt(argc, argv, "ac:d:it:vV")) {
data/icu-68.1/source/tools/tzcode/zdump.c:406:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	  switch (getopt(argc, argv, "c:t:vV")) {
data/icu-68.1/source/tools/tzcode/zic.c:128:12:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
extern int	getopt(int argc, char * const argv[],
data/icu-68.1/source/tools/tzcode/zic.c:639:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "d:l:p:L:vsy:")) != EOF && c != -1)
data/icu-68.1/as_is/os400/iculd.c:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[8048];
data/icu-68.1/as_is/os400/iculd.c:61:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char opt[4100];
data/icu-68.1/as_is/os400/iculd.c:62:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char objs[4024];
data/icu-68.1/as_is/os400/iculd.c:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char libs[4024];
data/icu-68.1/as_is/os400/iculd.c:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bnddirs[4024];
data/icu-68.1/as_is/os400/iculd.c:123:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char linkbuf[200];
data/icu-68.1/as_is/os400/iculd.c:124:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char outbuf[100];
data/icu-68.1/as_is/os400/iculd.c:157:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char linkbuf[200];
data/icu-68.1/as_is/os400/iculd.c:158:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char outbuf[100];
data/icu-68.1/as_is/os400/iculd.c:230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path1[1000];
data/icu-68.1/debian/tests/ustring.cpp:28:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[200];
data/icu-68.1/debian/tests/ustring.cpp:68:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[200];
data/icu-68.1/debian/tests/ustring.cpp:400:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char out[100];
data/icu-68.1/debian/tests/ustring.cpp:538:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char cs2[40];
data/icu-68.1/source/common/brkiter.cpp:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnbuff[256];
data/icu-68.1/source/common/brkiter.cpp:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ext[4]={'\0'};
data/icu-68.1/source/common/brkiter.cpp:411:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lbType[kKeyValueLenMax];
data/icu-68.1/source/common/brkiter.cpp:433:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char lbKeyValue[kKeyValueLenMax] = {0};
data/icu-68.1/source/common/brkiter.cpp:451:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ssKeyValue[kKeyValueLenMax] = {0};
data/icu-68.1/source/common/bytesinkutil.cpp:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scratch[200];
data/icu-68.1/source/common/bytesinkutil.cpp:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s8[U8_MAX_LENGTH];
data/icu-68.1/source/common/bytesinkutil.cpp:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s8[2] = { (char)getTwoByteLead(c), (char)getTwoByteTrail(c) };
data/icu-68.1/source/common/bytestriebuilder.cpp:432:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char intBytes[5];
data/icu-68.1/source/common/bytestriebuilder.cpp:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char intBytes[5];
data/icu-68.1/source/common/cmemory.h:40:62:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define uprv_memcpy(dst, src, size) U_STANDARD_CPP_NAMESPACE memcpy(dst, src, size)
data/icu-68.1/source/common/cmemory.h:96:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(type) static char storage[sizeof(type)]; \
data/icu-68.1/source/common/cstr.cpp:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2];
data/icu-68.1/source/common/cstring.cpp:159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      tbuf[30];
data/icu-68.1/source/common/cstring.cpp:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char      tbuf[30];
data/icu-68.1/source/common/filteredbrk.cpp:33:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2048];
data/icu-68.1/source/common/filteredbrk.cpp:37:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(buf,"NULL");
data/icu-68.1/source/common/icuplug.cpp:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char libName[UPLUG_NAME_MAX];   /**< library name */
data/icu-68.1/source/common/icuplug.cpp:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sym[UPLUG_NAME_MAX];        /**< plugin symbol, or NULL */
data/icu-68.1/source/common/icuplug.cpp:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char config[UPLUG_NAME_MAX];     /**< configuration data */
data/icu-68.1/source/common/icuplug.cpp:60:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[UPLUG_NAME_MAX];   /**< name of plugin */
data/icu-68.1/source/common/icuplug.cpp:112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[UPLUG_NAME_MAX]; /**< library name */
data/icu-68.1/source/common/icuplug.cpp:707:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char plugin_file[2048] = "";
data/icu-68.1/source/common/icuplug.cpp:799:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        f = fopen(pluginFile.data(), "r");
data/icu-68.1/source/common/icuplug.cpp:803:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char linebuf[1024];
data/icu-68.1/source/common/locdispnames.cpp:357:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeBuffer[ULOC_FULLNAME_CAPACITY*4];
data/icu-68.1/source/common/locdspnm.cpp:590:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/locdspnm.cpp:661:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[ULOC_KEYWORD_AND_VALUES_CAPACITY]; // sigh, no ULOC_VALUE_CAPACITY
data/icu-68.1/source/common/locid.cpp:1647:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *field[5] = {0};
data/icu-68.1/source/common/loclikely.cpp:202:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tagBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:224:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char alternateLang[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:265:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char alternateScript[ULOC_SCRIPT_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:302:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char alternateRegion[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char likelySubtagsBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:830:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lang[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:832:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[ULOC_SCRIPT_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:834:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:919:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lang[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:921:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[ULOC_SCRIPT_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:1244:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:1292:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/loclikely.cpp:1308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[8];
data/icu-68.1/source/common/loclikely.cpp:1315:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lang[8];
data/icu-68.1/source/common/loclikely.cpp:1368:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rgBuf[ULOC_RG_BUFLEN];
data/icu-68.1/source/common/locmap.cpp:1062:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locName[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/common/locmap.cpp:1173:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char baseName[ULOC_FULLNAME_CAPACITY] = {};
data/icu-68.1/source/common/locmap.cpp:1202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char asciiBCP47Tag[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/common/locmap.cpp:1209:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t bcp47Tag[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/common/locresdata.cpp:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char explicitFallbackName[ULOC_FULLNAME_CAPACITY] = {0};
data/icu-68.1/source/common/locresdata.cpp:160:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char localeBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/locutil.cpp:171:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[BUFLEN];
data/icu-68.1/source/common/messagepattern.cpp:982:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char numberChars[128];
data/icu-68.1/source/common/normalizer2impl.cpp:139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[U8_MAX_LENGTH];
data/icu-68.1/source/common/putil.cpp:724:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gTimeZoneBuffer[PATH_MAX];
data/icu-68.1/source/common/putil.cpp:898:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bufferFile[MAX_READ_SIZE];
data/icu-68.1/source/common/putil.cpp:902:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        tzInfo->defaultTZFilePtr = fopen(defaultTZFileName, "r");
data/icu-68.1/source/common/putil.cpp:904:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(TZFileName, "r");
data/icu-68.1/source/common/putil.cpp:1059:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gAndroidTimeZone[PROP_VALUE_MAX] = { '\0' };
data/icu-68.1/source/common/putil.cpp:1374:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t windowsPath[MAX_PATH];
data/icu-68.1/source/common/putil.cpp:1375:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char windowsPathUtf8[MAX_PATH];
data/icu-68.1/source/common/putil.cpp:1415:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datadir_path_buffer[PATH_MAX];
data/icu-68.1/source/common/putil.cpp:1465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datadir_path_buffer[MAX_PATH];
data/icu-68.1/source/common/putil.cpp:1515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timezonefilesdir_path_buffer[PATH_MAX];
data/icu-68.1/source/common/putil.cpp:1524:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datadir_path_buffer[MAX_PATH];
data/icu-68.1/source/common/putil.cpp:1796:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char modifiedWindowsLocale[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/common/putil.cpp:1851:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char correctedLocale[64];
data/icu-68.1/source/common/putil.cpp:2078:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeBuf[100];
data/icu-68.1/source/common/putil.cpp:2102:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char codepage[64];
data/icu-68.1/source/common/putil.cpp:2118:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(codepage,"ibm-%d", ccsid);
data/icu-68.1/source/common/putil.cpp:2122:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char codepage[64];
data/icu-68.1/source/common/putil.cpp:2131:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char codepage[64];
data/icu-68.1/source/common/putil.cpp:2155:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(codepage, "windows-%ld", codepageNumber);
data/icu-68.1/source/common/putil.cpp:2162:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char codesetName[100];
data/icu-68.1/source/common/putil.cpp:2265:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char versionChars[U_MAX_VERSION_STRING_LENGTH+1];
data/icu-68.1/source/common/rbbidata.h:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             fTableData[1];         // First RBBIStateTableRow begins here.
data/icu-68.1/source/common/servrbf.cpp:62:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pkg[20];
data/icu-68.1/source/common/static_unicode_sets.cpp:31:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char gEmptyUnicodeSet[sizeof(UnicodeSet)];
data/icu-68.1/source/common/ucasemap_imp.h:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[32];
data/icu-68.1/source/common/ucat.cpp:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[MAX_KEY_LEN];
data/icu-68.1/source/common/ucnv.cpp:97:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char asciiName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/common/ucnv.cpp:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/common/ucnv.cpp:478:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(UConverter) char cloneBuffer[U_CNV_SAFECLONE_BUFFERSIZE];
data/icu-68.1/source/common/ucnv.cpp:479:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char chars[UCNV_ERROR_BUFFER_LENGTH];
data/icu-68.1/source/common/ucnv.cpp:688:34:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                ccsid = (int32_t)atol(ccsidStr+1);  /* +1 to skip '-' */
data/icu-68.1/source/common/ucnv.cpp:1282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char replay[UCNV_EXT_MAX_BYTES];
data/icu-68.1/source/common/ucnv.cpp:1755:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[1024];
data/icu-68.1/source/common/ucnv.cpp:2445:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char targetBuffer[CHUNK_SIZE];
data/icu-68.1/source/common/ucnv.cpp:2756:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char start[SIG_MAX_LEN]={ '\xa5', '\xa5', '\xa5', '\xa5', '\xa5' };
data/icu-68.1/source/common/ucnv2022.cpp:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[30];
data/icu-68.1/source/common/ucnv2022.cpp:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[3];
data/icu-68.1/source/common/ucnv2022.cpp:481:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myLocale[7]={' ',' ',' ',' ',' ',' ', '\0'};
data/icu-68.1/source/common/ucnv2022.cpp:1561:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
_2022ToSJIS(uint8_t c1, uint8_t c2, char bytes[2]) {
data/icu-68.1/source/common/ucnv2022.cpp:1674:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/icu-68.1/source/common/ucnv2022.cpp:2083:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuf[2];
data/icu-68.1/source/common/ucnv2022.cpp:2676:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuf[2];
data/icu-68.1/source/common/ucnv2022.cpp:2926:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/icu-68.1/source/common/ucnv2022.cpp:3269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuf[3];
data/icu-68.1/source/common/ucnv2022.cpp:3474:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/icu-68.1/source/common/ucnv_bld.cpp:208:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gDefaultConverterNameBuffer[UCNV_MAX_CONVERTER_NAME_LENGTH + 1]; /* +1 for NULL */
data/icu-68.1/source/common/ucnv_bld.cpp:388:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strippedName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/common/ucnv_bld.cpp:1016:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(mySharedConverterData->impl->open != NULL) {
data/icu-68.1/source/common/ucnv_bld.cpp:1017:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        mySharedConverterData->impl->open(myUConverter, pArgs, err);
data/icu-68.1/source/common/ucnv_bld.h:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name
data/icu-68.1/source/common/ucnv_bld.h:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char invalidCharBuffer[UCNV_MAX_CHAR_LEN];          /* bytes from last error/callback situation */
data/icu-68.1/source/common/ucnv_bld.h:235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char preToU[UCNV_EXT_MAX_BYTES];
data/icu-68.1/source/common/ucnv_cnv.h:238:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    UConverterOpen open;
data/icu-68.1/source/common/ucnv_imp.h:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cnvName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/common/ucnv_imp.h:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucnv_io.cpp:557:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strippedName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/common/ucnv_io.cpp:1127:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char strippedLeft[UCNV_MAX_CONVERTER_NAME_LENGTH],
data/icu-68.1/source/common/ucnv_lmb.cpp:237:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const OptGroupByteToCPName[ULMBCS_GRP_LAST + 1] = {
data/icu-68.1/source/common/ucnv_lmb.cpp:1215:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bytes[2];
data/icu-68.1/source/common/ucnv_lmb.cpp:1266:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char LMBCS [ULMBCS_CHARSIZE_MAX];
data/icu-68.1/source/common/ucnv_u16.cpp:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char overflow[4];
data/icu-68.1/source/common/ucnv_u16.cpp:662:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char overflow[4];
data/icu-68.1/source/common/ucnv_u32.cpp:222:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[sizeof(uint32_t)];
data/icu-68.1/source/common/ucnv_u32.cpp:325:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[sizeof(uint32_t)];
data/icu-68.1/source/common/ucnv_u32.cpp:700:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[sizeof(uint32_t)];
data/icu-68.1/source/common/ucnv_u32.cpp:810:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[sizeof(uint32_t)];
data/icu-68.1/source/common/ucnv_u32.cpp:1046:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char utf32BOM[8]={ 0, 0, (char)0xfeu, (char)0xffu, (char)0xffu, (char)0xfeu, 0, 0 };
data/icu-68.1/source/common/ucnvhz.cpp:158:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuf[2];
data/icu-68.1/source/common/ucnvhz.cpp:504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4];
data/icu-68.1/source/common/ucnvisci.cpp:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[sizeof(ISCII_CNV_PREFIX) + 1];
data/icu-68.1/source/common/ucnvmbcs.cpp:1138:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char bytes[4];
data/icu-68.1/source/common/ucnvmbcs.cpp:5656:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4];
data/icu-68.1/source/common/ucnvsel.cpp:553:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    (char **)uprv_malloc(
data/icu-68.1/source/common/ucnvsel.cpp:713:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(en.getAlias(), &defaultEncodings, sizeof(UEnumeration));
data/icu-68.1/source/common/ucurr.cpp:217:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char tmp[200];
data/icu-68.1/source/common/ucurr.cpp:316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ISO_CURRENCY_CODE_LENGTH+1];
data/icu-68.1/source/common/ucurr.cpp:376:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  id[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:464:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char id[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char currency[4];  // ISO currency codes are alpha3 codes.
data/icu-68.1/source/common/ucurr.cpp:536:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:672:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:679:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ISO_CURRENCY_CODE_LENGTH+1];
data/icu-68.1/source/common/ucurr.cpp:771:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:778:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ISO_CURRENCY_CODE_LENGTH+1];
data/icu-68.1/source/common/ucurr.cpp:884:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[ULOC_FULLNAME_CAPACITY] = "";
data/icu-68.1/source/common/ucurr.cpp:959:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[ULOC_FULLNAME_CAPACITY] = "";
data/icu-68.1/source/common/ucurr.cpp:1107:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char curNameBuf[1024];
data/icu-68.1/source/common/ucurr.cpp:1117:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char curNameBuf[1024];
data/icu-68.1/source/common/ucurr.cpp:1349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[ULOC_FULLNAME_CAPACITY];  //key
data/icu-68.1/source/common/ucurr.cpp:2276:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char id[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:2391:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char id[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:2538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefRegion[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/common/ucurr.cpp:2555:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &defaultKeywordValues, sizeof(UEnumeration));
data/icu-68.1/source/common/ucurr.cpp:2686:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char alphaCode[ISO_CURRENCY_CODE_LENGTH+1];
data/icu-68.1/source/common/udata.cpp:782:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ourPathBuffer[1024];
data/icu-68.1/source/common/uloc.cpp:582:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyword[ULOC_KEYWORD_BUFFER_LEN];
data/icu-68.1/source/common/uloc.cpp:752:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keywordNameBuffer[ULOC_KEYWORD_BUFFER_LEN];
data/icu-68.1/source/common/uloc.cpp:753:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeKeywordNameBuffer[ULOC_KEYWORD_BUFFER_LEN];
data/icu-68.1/source/common/uloc.cpp:756:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tempBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:865:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keywordNameBuffer[ULOC_KEYWORD_BUFFER_LEN];
data/icu-68.1/source/common/uloc.cpp:866:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keywordValueBuffer[ULOC_KEYWORDS_CAPACITY+1];
data/icu-68.1/source/common/uloc.cpp:867:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeKeywordNameBuffer[ULOC_KEYWORD_BUFFER_LEN];
data/icu-68.1/source/common/uloc.cpp:1380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:1458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:1746:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:1929:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lang[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:1949:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cntry[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:1970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       langID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc.cpp:1998:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmpLocaleID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:51:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char          *extlang[MAXEXTLANG];
data/icu-68.1/source/common/uloc_tag.cpp:997:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:1045:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ULOC_SCRIPT_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:1077:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:1130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:1247:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char attrBuf[ULOC_KEYWORD_AND_VALUES_CAPACITY] = { 0 };
data/icu-68.1/source/common/uloc_tag.cpp:1513:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char attrBuf[ULOC_KEYWORD_AND_VALUES_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:1649:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char bcpKeyBuf[3];          /* BCP key length is always 2 for now */
data/icu-68.1/source/common/uloc_tag.cpp:1687:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bcpTypeBuf[128];       /* practically long enough even considering multiple subtag type */
data/icu-68.1/source/common/uloc_tag.cpp:1862:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uloc_tag.cpp:1863:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpAppend[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/umapfile.cpp:148:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t utf16Path[MAX_PATH];
data/icu-68.1/source/common/umapfile.cpp:232:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd=open(path, O_RDONLY);
data/icu-68.1/source/common/umapfile.cpp:299:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file=fopen(path, "rb");
data/icu-68.1/source/common/umapfile.cpp:424:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pathBuffer[1024];
data/icu-68.1/source/common/umapfile.cpp:455:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fd=open(path, O_RDONLY);
data/icu-68.1/source/common/umutablecptrie.cpp:1043:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[UCPTRIE_FAST_DATA_BLOCK_LENGTH * 3 + 3];
data/icu-68.1/source/common/umutex.h:243:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(std::mutex) char fStorage[sizeof(std::mutex)] {};
data/icu-68.1/source/common/unames.cpp:127:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const charCatNames[U_CHAR_EXTENDED_CATEGORY_COUNT] = {
data/icu-68.1/source/common/unames.cpp:608:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[200];
data/icu-68.1/source/common/unames.cpp:648:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[200];
data/icu-68.1/source/common/unames.cpp:777:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  const char *elementBases[8], const char *elements[8],
data/icu-68.1/source/common/unames.cpp:777:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  const char *elementBases[8], const char *elements[8],
data/icu-68.1/source/common/unames.cpp:940:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/icu-68.1/source/common/unames.cpp:994:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *elementBases[8], *elements[8];
data/icu-68.1/source/common/unames.cpp:1121:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[64];
data/icu-68.1/source/common/unames.cpp:1123:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *elementBases[8], *elements[8];
data/icu-68.1/source/common/unames.cpp:1522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char upper[120] = {0};
data/icu-68.1/source/common/unames.cpp:1523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lower[120] = {0};
data/icu-68.1/source/common/unames.cpp:1720:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cs[256];
data/icu-68.1/source/common/unicode/brkiter.h:650:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actualLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/unicode/brkiter.h:651:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char validLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/unicode/localebuilder.h:299:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char language_[9];
data/icu-68.1/source/common/unicode/localebuilder.h:300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script_[5];
data/icu-68.1/source/common/unicode/localebuilder.h:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region_[4];
data/icu-68.1/source/common/unicode/locid.h:1142:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char language[ULOC_LANG_CAPACITY];
data/icu-68.1/source/common/unicode/locid.h:1143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[ULOC_SCRIPT_CAPACITY];
data/icu-68.1/source/common/unicode/locid.h:1144:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char country[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/common/unicode/locid.h:1147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fullNameBuffer[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/unicode/strenum.h:222:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charsBuffer[32];
data/icu-68.1/source/common/unifiedcache.cpp:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/common/uniset.cpp:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[40];
data/icu-68.1/source/common/uniset.cpp:112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[40];
data/icu-68.1/source/common/uniset_props.cpp:920:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[128]; // it suffices that this be > uprv_getMaxCharNameLength
data/icu-68.1/source/common/uniset_props.cpp:938:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[128];
data/icu-68.1/source/common/unistr.cpp:972:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stackBuffer[1024];
data/icu-68.1/source/common/unistr_cnv.cpp:283:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[1024];
data/icu-68.1/source/common/ures_cnv.cpp:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pathBuffer[1024];
data/icu-68.1/source/common/uresbund.cpp:310:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aliasName[100] = { 0 };
data/icu-68.1/source/common/uresbund.cpp:639:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uresbund.cpp:640:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char usrDataPath[96];
data/icu-68.1/source/common/uresbund.cpp:803:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char name[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uresbund.cpp:972:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char stackAlias[200];
data/icu-68.1/source/common/uresbund.cpp:1120:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char stackPath[URES_MAX_BUFFER_SIZE];
data/icu-68.1/source/common/uresbund.cpp:1232:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[256];
data/icu-68.1/source/common/uresbund.cpp:2287:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char canonLocaleID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/common/uresbund.cpp:2610:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char kwVal[1024] = ""; /* value of keyword 'keyword' */
data/icu-68.1/source/common/uresbund.cpp:2611:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defVal[1024] = ""; /* default value for given locale */
data/icu-68.1/source/common/uresbund.cpp:2612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defLoc[1024] = ""; /* default value for given locale */
data/icu-68.1/source/common/uresbund.cpp:2613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char base[1024] = ""; /* base locale */
data/icu-68.1/source/common/uresbund.cpp:2614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char found[1024] = "";
data/icu-68.1/source/common/uresbund.cpp:2615:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parent[1024] = "";
data/icu-68.1/source/common/uresbund.cpp:2616:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char full[1024] = "";
data/icu-68.1/source/common/uresbund.cpp:2916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char       valuesBuf[VALUES_BUF_SIZE];
data/icu-68.1/source/common/uresbund.cpp:2918:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *valuesList[VALUES_LIST_SIZE];
data/icu-68.1/source/common/uresimp.h:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fNameBuffer[3]; /* A small buffer of free space for fName. The free space is due to struct padding. */
data/icu-68.1/source/common/uresimp.h:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fResBuf[RES_BUFSIZE];
data/icu-68.1/source/common/uscript.cpp:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lang[8] = {0};
data/icu-68.1/source/common/uscript.cpp:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char script[8] = {0};
data/icu-68.1/source/common/ustr_wcs.cpp:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stackBuffer [_STACK_BUFFER_CAPACITY];
data/icu-68.1/source/common/ustr_wcs.cpp:298:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t wStack[_STACK_BUFFER_CAPACITY];
data/icu-68.1/source/common/ustr_wcs.cpp:302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cStack[_STACK_BUFFER_CAPACITY];
data/icu-68.1/source/common/uts46.cpp:430:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char stackArray[256];
data/icu-68.1/source/common/utypes.cpp:22:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:35:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:74:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:110:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:134:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:178:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/utypes.cpp:191:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const
data/icu-68.1/source/common/wintz.cpp:85:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char gmtOffsetTz[11] = {}; // "Etc/GMT+dd" is 11-char long with a terminal null.
data/icu-68.1/source/common/wintz.cpp:120:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t regionCodeW[3] = {};
data/icu-68.1/source/common/wintz.cpp:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char regionCode[3] = {}; // 2 letter ISO 3166 country/region code made entirely of invariant chars.
data/icu-68.1/source/extra/uconv/uconv.cpp:86:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dataPath[2048];        /* XXX Sloppy: should be PATH_MAX. */
data/icu-68.1/source/extra/uconv/uconv.cpp:512:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[20];
data/icu-68.1/source/extra/uconv/uconv.cpp:623:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        infile = fopen(infilestr, "rb");
data/icu-68.1/source/extra/uconv/uconv.cpp:792:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char pos[32], errorBytes[32];
data/icu-68.1/source/extra/uconv/uconv.cpp:807:29:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    (int8_t)sprintf(pos, "%d",
data/icu-68.1/source/extra/uconv/uconv.cpp:944:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char pos[32];
data/icu-68.1/source/extra/uconv/uconv.cpp:988:38:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    length = (int8_t)sprintf(pos, "%u", (int)ferroffset);
data/icu-68.1/source/extra/uconv/uconv.cpp:1182:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bufsz = atoi(*iter);
data/icu-68.1/source/extra/uconv/uconv.cpp:1326:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        outfile = fopen(outfilestr, "wb");
data/icu-68.1/source/extra/uconv/uwmsg.c:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf [BUF_SIZE];
data/icu-68.1/source/extra/uconv/uwmsg.c:152:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, msg, msgLen * U_SIZEOF_UCHAR);
data/icu-68.1/source/extra/uconv/uwmsg.c:153:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result + msgLen, gNoFormatting, resultLength);
data/icu-68.1/source/extra/uconv/uwmsg.c:251:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error[128];
data/icu-68.1/source/extra/uconv/uwmsg.c:254:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(error, "UNDOCUMENTED ICU ERROR %d", err);
data/icu-68.1/source/i18n/anytrans.cpp:336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/icu-68.1/source/i18n/astro.cpp:46:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char gStrBuf[1024];
data/icu-68.1/source/i18n/astro.cpp:1483:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[800];
data/icu-68.1/source/i18n/astro.cpp:1484:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "[%.5f,%.5f]", longitude*RAD_DEG, latitude*RAD_DEG);
data/icu-68.1/source/i18n/astro.cpp:1494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[400];
data/icu-68.1/source/i18n/astro.cpp:1495:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "%f,%f",
data/icu-68.1/source/i18n/astro.cpp:1506:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[800];
data/icu-68.1/source/i18n/astro.cpp:1507:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "[%.5f,%.5f]", altitude*RAD_DEG, azimuth*RAD_DEG);
data/icu-68.1/source/i18n/bocsu.cpp:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scratch[64];
data/icu-68.1/source/i18n/calendar.cpp:267:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char canonicalName[256];
data/icu-68.1/source/i18n/calendar.cpp:279:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char calTypeBuf[32];
data/icu-68.1/source/i18n/calendar.cpp:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/calendar.cpp:455:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char keyword[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/calendar.cpp:940:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmp[200];
data/icu-68.1/source/i18n/calendar.cpp:961:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char keyword[ULOC_FULLNAME_CAPACITY] = "";
data/icu-68.1/source/i18n/calendar.cpp:3852:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/choicfmt.cpp:174:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[DBL_DIG + 16];
data/icu-68.1/source/i18n/choicfmt.cpp:178:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(temp, "%.*g", DBL_DIG, value);
data/icu-68.1/source/i18n/coll.cpp:294:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *collReorderCodes[UCOL_REORDER_CODE_LIMIT - UCOL_REORDER_CODE_FIRST] = {
data/icu-68.1/source/i18n/coll.cpp:326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[1024];  // The reordering value could be long.
data/icu-68.1/source/i18n/coll.cpp:904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/collationkeys.cpp:336:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buffer[3] = { p2, (char)(p >> 8), (char)p };
data/icu-68.1/source/i18n/collationruleparser.cpp:607:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char localeID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/collationruleparser.cpp:618:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char baseID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/collationruleparser.cpp:632:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char collationType[ULOC_KEYWORDS_CAPACITY];
data/icu-68.1/source/i18n/csdetect.cpp:449:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &gCSDetEnumeration, sizeof(UEnumeration));
data/icu-68.1/source/i18n/csdetect.cpp:472:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &gCSDetEnumeration, sizeof(UEnumeration));
data/icu-68.1/source/i18n/currpinf.cpp:350:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char result_1[1000];
data/icu-68.1/source/i18n/currunit.cpp:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char simpleIsoCode[4];
data/icu-68.1/source/i18n/currunit.cpp:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char isoCodeBuffer[4];
data/icu-68.1/source/i18n/currunit.cpp:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char simpleIsoCode[4];
data/icu-68.1/source/i18n/datefmt.cpp:507:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/icu-68.1/source/i18n/dayperiodrules.cpp:344:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/dayperiodrules.cpp:345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parentName[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/dcfmtsym.cpp:66:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *gNumberElementKeys[DecimalFormatSymbols::kFormatSymbolCount] = {
data/icu-68.1/source/i18n/dcfmtsym.cpp:534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cc[4]={0};
data/icu-68.1/source/i18n/decNumber.cpp:3675:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c,   "Inf");
data/icu-68.1/source/i18n/decNumber.cpp:3676:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(c+3, "inity");
data/icu-68.1/source/i18n/decNumber.cpp:3683:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(c, "NaN");
data/icu-68.1/source/i18n/decNumberLocal.h:124:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBTOUS(b)  (memcpy((void *)&uswork, b, 2), uswork)
data/icu-68.1/source/i18n/decNumberLocal.h:125:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBTOUI(b)  (memcpy((void *)&uiwork, b, 4), uiwork)
data/icu-68.1/source/i18n/decNumberLocal.h:130:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBFROMUS(b, i)  (uswork=(i), memcpy(b, (void *)&uswork, 2), uswork)
data/icu-68.1/source/i18n/decNumberLocal.h:131:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  #define UBFROMUI(b, i)  (uiwork=(i), memcpy(b, (void *)&uiwork, 4), uiwork)
data/icu-68.1/source/i18n/decNumberLocal.h:461:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    #define dpd2bcd8(u, dpd)  memcpy(u, &DPD2BCD8[((dpd)&0x3ff)*4], 4)
data/icu-68.1/source/i18n/decNumberLocal.h:462:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    #define dpd2bcd83(u, dpd) memcpy(u, &DPD2BCD8[((dpd)&0x3ff)*4], 3)
data/icu-68.1/source/i18n/double-conversion-double-to-string.cpp:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[kMaxExponentLength + 1];
data/icu-68.1/source/i18n/double-conversion-double-to-string.cpp:194:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char decimal_rep[kDecimalRepCapacity];
data/icu-68.1/source/i18n/double-conversion-double-to-string.cpp:239:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char decimal_rep[kDecimalRepCapacity];
data/icu-68.1/source/i18n/double-conversion-double-to-string.cpp:272:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char decimal_rep[kDecimalRepCapacity];
data/icu-68.1/source/i18n/double-conversion-double-to-string.cpp:327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char decimal_rep[kDecimalRepCapacity];
data/icu-68.1/source/i18n/double-conversion-string-to-double.cpp:575:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  DOUBLE_CONVERSION_STACK_UNINITIALIZED char
data/icu-68.1/source/i18n/double-conversion-strtod.cpp:509:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char copy_buffer[kMaxSignificantDecimalDigits];
data/icu-68.1/source/i18n/double-conversion-strtod.cpp:542:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char copy_buffer[kMaxSignificantDecimalDigits];
data/icu-68.1/source/i18n/double-conversion-utils.h:370:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  typedef char VerifySizesAreEqual[sizeof(Dest) == sizeof(Source) ? 1 : -1];
data/icu-68.1/source/i18n/dtfmtsym.cpp:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[256];
data/icu-68.1/source/i18n/dtitvfmt.cpp:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[1000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result_1[1000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[2000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:760:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[1000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:761:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result_1[1000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:762:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[2000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:807:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[1000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:808:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result_1[1000];
data/icu-68.1/source/i18n/dtitvfmt.cpp:809:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[2000];
data/icu-68.1/source/i18n/dtitvinf.cpp:401:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         calendarType[ULOC_KEYWORDS_CAPACITY]; // to be filled in with the type to use, if all goes well
data/icu-68.1/source/i18n/dtitvinf.cpp:402:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         localeWithCalendarKey[ULOC_LOCALE_IDENTIFIER_CAPACITY];
data/icu-68.1/source/i18n/dtitvinf.cpp:564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[1000];
data/icu-68.1/source/i18n/dtitvinf.cpp:565:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result_1[1000];
data/icu-68.1/source/i18n/dtitvinf.cpp:566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[2000];
data/icu-68.1/source/i18n/dtptngen.cpp:673:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[8];
data/icu-68.1/source/i18n/dtptngen.cpp:881:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char localeWithCalendarKey[ULOC_LOCALE_IDENTIFIER_CAPACITY];
data/icu-68.1/source/i18n/dtptngen.cpp:895:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char calendarType[ULOC_KEYWORDS_CAPACITY];
data/icu-68.1/source/i18n/dtptngen.cpp:1515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cldrFieldKey[UDATPG_FIELD_KEY_MAX + 1];
data/icu-68.1/source/i18n/gender.cpp:151:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parentLocaleName[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/gender.cpp:163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type_str[256] = "";
data/icu-68.1/source/i18n/listformatter.cpp:409:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aliasedStyle[kStyleLenMax+1];
data/icu-68.1/source/i18n/listformatter.cpp:414:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aliasedStyle[kStyleLenMax+1] = {0};
data/icu-68.1/source/i18n/listformatter.cpp:480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char currentStyle[kStyleLenMax+1];
data/icu-68.1/source/i18n/nfrs.cpp:742:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ubstr[64];
data/icu-68.1/source/i18n/nfrs.cpp:744:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ubstrhex[64];
data/icu-68.1/source/i18n/number_decimalquantity.cpp:488:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[DoubleToStringConverter::kBase10MaximalLength + 1];
data/icu-68.1/source/i18n/number_decimalquantity.cpp:1336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer8[100];
data/icu-68.1/source/i18n/number_decimfmtprops.cpp:19:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char kRawDefaultProperties[sizeof(DecimalFormatProperties)];
data/icu-68.1/source/i18n/number_microprops.h:85:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nsName[9];
data/icu-68.1/source/i18n/number_rounding.cpp:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[DoubleToStringConverter::kBase10MaximalLength + 1];
data/icu-68.1/source/i18n/number_utils.cpp:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[DoubleToStringConverter::kBase10MaximalLength + 6];
data/icu-68.1/source/i18n/numfmt.cpp:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2000];
data/icu-68.1/source/i18n/numfmt.cpp:1038:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cfKeyValue[kKeyValueLenMax] = {0};
data/icu-68.1/source/i18n/numfmt.cpp:1327:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[8];
data/icu-68.1/source/i18n/numsys.cpp:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ULOC_KEYWORDS_CAPACITY] = "";
data/icu-68.1/source/i18n/plurrule.cpp:818:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char parentLocaleName[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/plurrule.cpp:837:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char setKey[256];
data/icu-68.1/source/i18n/plurrule.cpp:1239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char digits[128];
data/icu-68.1/source/i18n/plurrule.cpp:1244:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return((int32_t)atoi(digits));
data/icu-68.1/source/i18n/plurrule.cpp:1776:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  buf[30] = {0};
data/icu-68.1/source/i18n/plurrule.cpp:1777:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%1.15e", n);
data/icu-68.1/source/i18n/plurrule.cpp:1779:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int exponent = atoi(buf+18);
data/icu-68.1/source/i18n/plurrule.cpp:1877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pattern[15];
data/icu-68.1/source/i18n/plurrule.cpp:1878:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/icu-68.1/source/i18n/rbnf.cpp:601:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/icu-68.1/source/i18n/rbnf.cpp:1044:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[64];
data/icu-68.1/source/i18n/regexcmp.cpp:4217:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];
data/icu-68.1/source/i18n/reldtfmt.cpp:494:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int32_t offset = atoi(key);
data/icu-68.1/source/i18n/rulebasedcollator.cpp:1552:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resultLocale[ULOC_FULLNAME_CAPACITY + 1];
data/icu-68.1/source/i18n/rulebasedcollator.cpp:1561:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subtag[ULOC_KEYWORD_AND_VALUES_CAPACITY];
data/icu-68.1/source/i18n/scriptset.cpp:226:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[40];
data/icu-68.1/source/i18n/smpdtfmt.cpp:1390:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char kw[ULOC_KEYWORD_AND_VALUES_CAPACITY];
data/icu-68.1/source/i18n/standardplural.cpp:25:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *gKeywords[StandardPlural::COUNT] = {
data/icu-68.1/source/i18n/timezone.cpp:63:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gStrBuf[256];
data/icu-68.1/source/i18n/timezone.cpp:119:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gRawGMT[sizeof(icu::SimpleTimeZone)];
data/icu-68.1/source/i18n/timezone.cpp:122:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gRawUNKNOWN[sizeof(icu::SimpleTimeZone)];
data/icu-68.1/source/i18n/timezone.cpp:127:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char TZDATA_VERSION[16];
data/icu-68.1/source/i18n/timezone.cpp:259:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[64];
data/icu-68.1/source/i18n/timezone.cpp:282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/icu-68.1/source/i18n/timezone.cpp:585:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ULOC_KEYWORDS_CAPACITY] = "";
data/icu-68.1/source/i18n/timezone.cpp:863:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char tzregion[4]; // max 3 letters + null term
data/icu-68.1/source/i18n/timezone.cpp:1671:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char winidKey[MAX_WINDOWS_ID_SIZE];
data/icu-68.1/source/i18n/tmutfmt.cpp:185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char res[1000];
data/icu-68.1/source/i18n/tmutfmt.cpp:559:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char parentLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/translit.cpp:761:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char key[200];
data/icu-68.1/source/i18n/tzgnames.cpp:305:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fTargetRegion[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/tzgnames.cpp:545:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char countryCode[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/tzgnames.cpp:788:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char countryCode[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/tznames_impl.cpp:749:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char key[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/tznames_impl.cpp:764:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char key[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/tznames_impl.cpp:1290:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mzIdChar[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/tznames_impl.cpp:2261:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char key[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/tznames_impl.h:258:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fRegion[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/ucal.cpp:169:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char localeBuf[ULOC_LOCALE_IDENTIFIER_CAPACITY];
data/icu-68.1/source/i18n/ucal.cpp:699:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefRegion[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/ucal.cpp:766:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &defaultKeywordValues, sizeof(UEnumeration));
data/icu-68.1/source/i18n/ucol_imp.h:124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[16];
data/icu-68.1/source/i18n/ucol_imp.h:125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defaultType[16];
data/icu-68.1/source/i18n/ucol_res.cpp:112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char type[16];
data/icu-68.1/source/i18n/ucol_res.cpp:683:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &defaultKeywordValues, sizeof(UEnumeration));
data/icu-68.1/source/i18n/ucol_sit.cpp:453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[internalBufferSize];
data/icu-68.1/source/i18n/ucol_sit.cpp:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyBuffer[256];
data/icu-68.1/source/i18n/ucol_sit.cpp:523:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[internalBufferSize];
data/icu-68.1/source/i18n/ulocdata.cpp:195:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/unicode/calendar.h:2330:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char validLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/calendar.h:2331:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actualLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/dcfmtsym.h:495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actualLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/dcfmtsym.h:496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char validLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/dtfmtsym.h:908:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char validLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/dtfmtsym.h:909:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actualLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/format.h:300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actualLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/format.h:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char validLocale[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/unicode/numberformatter.h:2519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fUnsafeCallCount[8] {};  // internally cast to u_atomic_int32_t
data/icu-68.1/source/i18n/unicode/numsys.h:202:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            name[kInternalNumSysNameCapacity+1];
data/icu-68.1/source/i18n/unicode/region.h:194:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[4];
data/icu-68.1/source/i18n/unicode/tzfmt.h:681:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fTargetRegion[ULOC_COUNTRY_CAPACITY];
data/icu-68.1/source/i18n/vzone.cpp:61:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(url,s.getBuffer(),urlLength);
data/icu-68.1/source/i18n/vzone.cpp:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result,s.getBuffer(),resultLength);
data/icu-68.1/source/i18n/vzone.cpp:101:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result,s.getBuffer(),resultLength);
data/icu-68.1/source/i18n/vzone.cpp:113:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result,s.getBuffer(),resultLength);
data/icu-68.1/source/i18n/windtfmt.cpp:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char asciiBCP47Tag[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/i18n/windtfmt.cpp:111:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t bcp47Tag[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/i18n/windtfmt.cpp:138:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t windowsLocaleName[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/i18n/windtfmt.cpp:310:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t stackBuffer[STACK_BUFFER_SIZE];
data/icu-68.1/source/i18n/windtfmt.cpp:343:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t stackBuffer[STACK_BUFFER_SIZE];
data/icu-68.1/source/i18n/winnmfmt.cpp:85:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t buf[10];
data/icu-68.1/source/i18n/winnmfmt.cpp:112:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t buf[10];
data/icu-68.1/source/i18n/winnmfmt.cpp:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char asciiBCP47Tag[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/i18n/winnmfmt.cpp:156:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t bcp47Tag[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/i18n/winnmfmt.cpp:183:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t windowsLocaleName[LOCALE_NAME_MAX_LENGTH] = {};
data/icu-68.1/source/i18n/winnmfmt.cpp:222:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmpLocID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/i18n/winnmfmt.cpp:339:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t nStackBuffer[STACK_BUFFER_SIZE];
data/icu-68.1/source/i18n/winnmfmt.cpp:385:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t stackBuffer[STACK_BUFFER_SIZE];
data/icu-68.1/source/i18n/zonemeta.cpp:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/zonemeta.cpp:637:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tzKey[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/zonemeta.cpp:722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyBuf[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/zonemeta.cpp:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tzidKey[ZID_KEY_MAX + 1];
data/icu-68.1/source/i18n/zrule.cpp:47:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(name, s.getBuffer(), nameLength);
data/icu-68.1/source/i18n/zrule.cpp:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(name, s.getBuffer(), nameLength);
data/icu-68.1/source/io/ufile.cpp:130:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE     *systemFile = fopen(filename, perm);
data/icu-68.1/source/io/ufile.cpp:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[FILENAME_BUF_CAPACITY];
data/icu-68.1/source/io/ufile.cpp:186:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t wperm[40] = {};
data/icu-68.1/source/io/uprntf_p.cpp:818:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&scidbl_info, info, sizeof(u_printf_spec_info));
data/icu-68.1/source/io/ustdio.cpp:321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        charBuffer[UFILE_CHARBUFFER_SIZE];
data/icu-68.1/source/io/ustdio.cpp:416:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        charBuffer[UFILE_CHARBUFFER_SIZE];
data/icu-68.1/source/io/ustdio.cpp:720:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(chars + read, str->fPos, dataSize * sizeof(UChar));
data/icu-68.1/source/io/ustream.cpp:43:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[200];
data/icu-68.1/source/io/ustream.cpp:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/icu-68.1/source/layoutex/ParagraphLayout.cpp:947:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char code[8] = {0, 0, 0, 0, 0, 0, 0, 0};
data/icu-68.1/source/samples/break/break.cpp:25:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charBuf[1000];
data/icu-68.1/source/samples/break/ubreak.c:25:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char    charBuf[1000];
data/icu-68.1/source/samples/cal/cal.c:385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char c [BUF_SIZE];
data/icu-68.1/source/samples/cal/uprint.c:35:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [BUF_SIZE];
data/icu-68.1/source/samples/csdet/csdet.c:22:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[BUFFER_SIZE];
data/icu-68.1/source/samples/csdet/csdet.c:42:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file = fopen(filename, "rb");
data/icu-68.1/source/samples/date/uprint.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf [BUF_SIZE];
data/icu-68.1/source/samples/layout/FontMap.cpp:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *c, *scriptName, *fontName, *line, buffer[BUFFER_SIZE];
data/icu-68.1/source/samples/layout/FontMap.cpp:47:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(fileName, "r");
data/icu-68.1/source/samples/layout/FontMap.cpp:120:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            delete[] (char *) fFontNames[font];
data/icu-68.1/source/samples/layout/FontMap.h:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errorMessage[256];
data/icu-68.1/source/samples/layout/FontMap.h:60:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *fFontNames[scriptCodeCount];
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char startBytes[4] = {'\xA5', '\xA5', '\xA5', '\xA5'};
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errorMessage[128];
data/icu-68.1/source/samples/layout/UnicodeReader.cpp:42:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/samples/layout/arraymem.h:17:37:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define ARRAY_COPY(dst, src, count) memcpy((void *) (dst), (void *) (src), (count) * sizeof (src)[0])
data/icu-68.1/source/samples/layout/clayout.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[MAX_PATH + 64];
data/icu-68.1/source/samples/layout/clayout.c:272:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFileName[MAX_PATH], szTitleName[MAX_PATH];
data/icu-68.1/source/samples/layout/layout.cpp:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[MAX_PATH + 64];
data/icu-68.1/source/samples/layout/layout.cpp:270:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char szFileName[MAX_PATH], szTitleName[MAX_PATH];
data/icu-68.1/source/samples/numfmt/capi.c:17:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/icu-68.1/source/samples/numfmt/util.cpp:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char stackBuffer[100];
data/icu-68.1/source/samples/numfmt/util.cpp:96:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/icu-68.1/source/samples/numfmt/util.cpp:97:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%gD", f.getDouble());
data/icu-68.1/source/samples/numfmt/util.cpp:102:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/icu-68.1/source/samples/numfmt/util.cpp:103:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%" PRId32 "L", f.getLong());
data/icu-68.1/source/samples/numfmt/util.cpp:108:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/icu-68.1/source/samples/numfmt/util.cpp:109:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%" PRId64 "L", f.getInt64());
data/icu-68.1/source/samples/props/props.cpp:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1000];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:211:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char target[100];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:301:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char inBuf[BUFFERSIZE];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:313:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen("data01.txt", "r");
data/icu-68.1/source/samples/ucnv/convsamp.cpp:401:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char inBuf[BUFFERSIZE];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:417:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen("data06.txt", "r");
data/icu-68.1/source/samples/ucnv/convsamp.cpp:624:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bytes[100];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:718:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char bytes[100];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:880:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char inBuf[BUFFERSIZE];
data/icu-68.1/source/samples/ucnv/convsamp.cpp:891:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen("data02.bin", "rb");
data/icu-68.1/source/samples/ucnv/convsamp.cpp:898:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen("data40.utf16", "wb");
data/icu-68.1/source/samples/ucnv/convsamp.cpp:996:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  f = fopen("data40.utf16", "rb");
data/icu-68.1/source/samples/ucnv/convsamp.cpp:1003:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = fopen("data46.out", "wb");
data/icu-68.1/source/samples/ucnv/flagcb.c:62:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cloned, old, sizeof(FromUFLAGContext));
data/icu-68.1/source/samples/udata/reader.c:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char curPathBuffer[1024];
data/icu-68.1/source/samples/ugrep/ugrep.cpp:280:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *file = fopen(name, "rb");
data/icu-68.1/source/samples/ugrep/ugrep.cpp:424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                buf[2000];
data/icu-68.1/source/samples/uresb/uresb.c:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resPathBuffer[1024];
data/icu-68.1/source/samples/uresb/uresb.c:139:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            truncsize = atoi(options[5].value); /* user defined printable size */
data/icu-68.1/source/samples/uresb/uresb.c:178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inchar[256];
data/icu-68.1/source/samples/ustring/ustring.cpp:50:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[200];
data/icu-68.1/source/samples/ustring/ustring.cpp:90:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char out[200];
data/icu-68.1/source/samples/ustring/ustring.cpp:422:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char out[100];
data/icu-68.1/source/samples/ustring/ustring.cpp:560:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char cs2[40];
data/icu-68.1/source/stubdata/stubdata.cpp:31:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char padding[8];
data/icu-68.1/source/test/cintltst/bocu1tst.c:791:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[80], buf2[80];
data/icu-68.1/source/test/cintltst/bocu1tst.c:852:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(prev, level, 4);
data/icu-68.1/source/test/cintltst/callcoll.c:281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/cintltst/callcoll.c:308:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char utf8Source[256], utf8Target[256];
data/icu-68.1/source/test/cintltst/callcoll.c:495:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(temp, orders, size * sizeof(OrderAndOffset));
data/icu-68.1/source/test/cintltst/callcoll.c:512:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(temp, orders, size * sizeof(OrderAndOffset));
data/icu-68.1/source/test/cintltst/callcoll.c:1226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char preContext[200]={0};
data/icu-68.1/source/test/cintltst/callcoll.c:1227:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char postContext[200]={0};
data/icu-68.1/source/test/cintltst/callcoll.c:1319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char input[256], output[256];
data/icu-68.1/source/test/cintltst/callcoll.c:1336:17:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
                strcat(input, "@collation=");
data/icu-68.1/source/test/cintltst/capitst.c:53:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            position += sprintf(buffer + position, "%02X . ", b);
data/icu-68.1/source/test/cintltst/capitst.c:55:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            position += sprintf(buffer + position, "%02X ", b);
data/icu-68.1/source/test/cintltst/capitst.c:59:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        position += sprintf(buffer + position, "%02X]", b);
data/icu-68.1/source/test/cintltst/capitst.c:181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char srcU8[UTF8_BUF_SIZE], tgtU8[UTF8_BUF_SIZE];
data/icu-68.1/source/test/cintltst/capitst.c:875:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sortKeyStr1[2048];
data/icu-68.1/source/test/cintltst/capitst.c:877:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sortKeyStr2[2048];
data/icu-68.1/source/test/cintltst/capitst.c:943:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sortKeyStr1[512], sortKeyStr2[512];
data/icu-68.1/source/test/cintltst/capitst.c:1078:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char toStringBuffer[256], *resultP;
data/icu-68.1/source/test/cintltst/capitst.c:1155:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char junk2[1000];
data/icu-68.1/source/test/cintltst/capitst.c:1156:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char junk3[1000];
data/icu-68.1/source/test/cintltst/capitst.c:1159:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(junk2, "abcda[2] ");
data/icu-68.1/source/test/cintltst/capitst.c:1160:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(junk3, " abcda[3] ");
data/icu-68.1/source/test/cintltst/capitst.c:1164:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(junk2+strlen(junk2), "%02X ",(int)( 0xFF & sortk2[i]));
data/icu-68.1/source/test/cintltst/capitst.c:1165:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(junk3+strlen(junk3), "%02X ",(int)( 0xFF & sortk3[i]));
data/icu-68.1/source/test/cintltst/capitst.c:1628:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    if(strcmp((const char *)lower, (const char *)tests[k].key) > 0) {
data/icu-68.1/source/test/cintltst/capitst.c:1628:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    if(strcmp((const char *)lower, (const char *)tests[k].key) > 0) {
data/icu-68.1/source/test/cintltst/capitst.c:1631:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    if(strcmp((const char *)upper, (const char *)tests[k].key) <= 0) {
data/icu-68.1/source/test/cintltst/capitst.c:1631:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    if(strcmp((const char *)upper, (const char *)tests[k].key) <= 0) {
data/icu-68.1/source/test/cintltst/capitst.c:1849:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *tests[20];
data/icu-68.1/source/test/cintltst/capitst.c:1913:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char outBuff1[256], outBuff2[256];
data/icu-68.1/source/test/cintltst/capitst.c:2067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fromShortBuffer[256], normalizedBuffer[256], fromNormalizedBuffer[256];
data/icu-68.1/source/test/cintltst/cbiapts.c:482:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char  stackBuf[U_BRK_SAFECLONE_BUFFERSIZE+sizeof(void *)];
data/icu-68.1/source/test/cintltst/cbididat.c:23:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * const
data/icu-68.1/source/test/cintltst/cbiditransformtst.c:52:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char pseudo[STR_CAPACITY] = { 0 };
data/icu-68.1/source/test/cintltst/cbiditst.c:406:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buffer, "BAD LEVELS");
data/icu-68.1/source/test/cintltst/cbiditst.c:432:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buffer, " UBIDI_OPTION_INSERT_MARKS");
data/icu-68.1/source/test/cintltst/cbiditst.c:435:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buffer, " UBIDI_OPTION_REMOVE_CONTROLS");
data/icu-68.1/source/test/cintltst/cbiditst.c:438:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(buffer, " UBIDI_OPTION_STREAMING");
data/icu-68.1/source/test/cintltst/cbiditst.c:453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char levelChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:456:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/icu-68.1/source/test/cintltst/cbiditst.c:460:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(levelChars, "BAD LEVELS");
data/icu-68.1/source/test/cintltst/cbiditst.c:534:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char accumSrc[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char accumDst[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:735:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formatChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:747:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char chars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:782:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char chars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:816:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char chars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:847:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char chars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:881:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char chars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:997:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char formatChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:3635:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char formatChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:3865:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char outIndices[TC_COUNT][MODES_COUNT - 1][OPTIONS_COUNT]
data/icu-68.1/source/test/cintltst/cbiditst.c:3952:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char roundtrip[TC_COUNT][MODES_COUNT][OPTIONS_COUNT]
data/icu-68.1/source/test/cintltst/cbiditst.c:4056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char destChars2[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:4057:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char destChars3[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:4150:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char noroundtrip[2];
data/icu-68.1/source/test/cintltst/cbiditst.c:4192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char destChars[MAXLEN], vis1Chars[MAXLEN], vis2Chars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:4271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char destChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:4416:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  portionLens[2][MAXPORTIONS];
data/icu-68.1/source/test/cintltst/cbiditst.c:4450:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char processedLenStr[MAXPORTIONS * 5];
data/icu-68.1/source/test/cintltst/cbiditst.c:4489:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(processedLenStr + j * 4, "%4d", processedLen);
data/icu-68.1/source/test/cintltst/cbiditst.c:4670:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char expChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4671:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4697:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char expChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4698:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4726:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4727:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char gotChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4755:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4756:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char gotChars[MAX_MAP_LENGTH];
data/icu-68.1/source/test/cintltst/cbiditst.c:4832:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char destChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.c:4887:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char formatChars[MAXLEN];
data/icu-68.1/source/test/cintltst/cbiditst.h:58:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char * const
data/icu-68.1/source/test/cintltst/ccaltst.c:117:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempMsgBuf[1024];  // u_austrcpy() of some formatted dates & times.
data/icu-68.1/source/test/cintltst/ccaltst.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempMsgBuf2[256];  // u_austrcpy() of some formatted dates & times.
data/icu-68.1/source/test/cintltst/ccaltst.c:1243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempMsgBuf[256];
data/icu-68.1/source/test/cintltst/ccaltst.c:1319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempMsgBuf[256];
data/icu-68.1/source/test/cintltst/ccaltst.c:1503:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempMsgBuf[256];
data/icu-68.1/source/test/cintltst/ccaltst.c:1589:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *PREFERRED[PREFERRED_SIZE][MAX_NUMBER_OF_KEYWORDS+1] = {
data/icu-68.1/source/test/cintltst/ccaltst.c:1797:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char  fmtDateBytes[kFormattedDateMax] = "<could not format test date>"; /* initialize for failure */
data/icu-68.1/source/test/cintltst/ccapitst.c:240:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                myptr[4];
data/icu-68.1/source/test/cintltst/ccapitst.c:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                save[4];
data/icu-68.1/source/test/cintltst/ccapitst.c:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                ucs_file_name[UCS_FILE_NAME_SIZE];
data/icu-68.1/source/test/cintltst/ccapitst.c:542:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        ucs_file_in = fopen(ucs_file_name,"rb");
data/icu-68.1/source/test/cintltst/ccapitst.c:650:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(myptr, "abc");
data/icu-68.1/source/test/cintltst/ccapitst.c:659:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(myptr, "abc");
data/icu-68.1/source/test/cintltst/ccapitst.c:1494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hunk[8192];
data/icu-68.1/source/test/cintltst/ccapitst.c:1702:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charBuffer[21];   /* Leave at an odd number for alignment testing */
data/icu-68.1/source/test/cintltst/ccapitst.c:1971:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char char_in[CHUNK_SIZE+32];
data/icu-68.1/source/test/cintltst/ccapitst.c:1972:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char char_out[CHUNK_SIZE*2];
data/icu-68.1/source/test/cintltst/ccapitst.c:1992:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(char_in + (CHUNK_SIZE - i), test_seq, test_seq_len);
data/icu-68.1/source/test/cintltst/ccapitst.c:2032:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char target[5];
data/icu-68.1/source/test/cintltst/ccapitst.c:2091:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char char_in[CHUNK_SIZE*4];
data/icu-68.1/source/test/cintltst/ccapitst.c:2092:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target[5];
data/icu-68.1/source/test/cintltst/ccapitst.c:2159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char targetBuffer[CHUNK_SIZE];
data/icu-68.1/source/test/cintltst/ccapitst.c:2276:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char srcBuffer[100], targetBuffer[100];
data/icu-68.1/source/test/cintltst/ccapitst.c:2319:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(srcBuffer, utf8, sizeof(utf8));
data/icu-68.1/source/test/cintltst/ccapitst.c:2462:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static UBool getTestChar(UConverter *cnv, const char *converterName,
data/icu-68.1/source/test/cintltst/ccapitst.c:2463:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         char charUTF8[4], int32_t *pCharUTF8Length,
data/icu-68.1/source/test/cintltst/ccapitst.c:2464:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         char char0[ARG_CHAR_ARR_SIZE], int32_t *pChar0Length,
data/icu-68.1/source/test/cintltst/ccapitst.c:2465:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         char char1[ARG_CHAR_ARR_SIZE], int32_t *pChar1Length) {
data/icu-68.1/source/test/cintltst/ccapitst.c:2530:79:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void testFromTruncatedUTF8(UConverter *utf8Cnv, UConverter *cnv, const char *converterName,
data/icu-68.1/source/test/cintltst/ccapitst.c:2531:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  char charUTF8[4], int32_t charUTF8Length,
data/icu-68.1/source/test/cintltst/ccapitst.c:2532:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  char char0[8], int32_t char0Length,
data/icu-68.1/source/test/cintltst/ccapitst.c:2533:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  char char1[8], int32_t char1Length) {
data/icu-68.1/source/test/cintltst/ccapitst.c:2540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8[16];
data/icu-68.1/source/test/cintltst/ccapitst.c:2543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char output[16];
data/icu-68.1/source/test/cintltst/ccapitst.c:2546:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char invalidChars[8];
data/icu-68.1/source/test/cintltst/ccapitst.c:2562:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(utf8, charUTF8, charUTF8Length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2572:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(utf8+charUTF8Length, badUTF8[i], length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2602:73:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void testFromBadUTF8(UConverter *utf8Cnv, UConverter *cnv, const char *converterName,
data/icu-68.1/source/test/cintltst/ccapitst.c:2603:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char charUTF8[4], int32_t charUTF8Length,
data/icu-68.1/source/test/cintltst/ccapitst.c:2604:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char char0[8], int32_t char0Length,
data/icu-68.1/source/test/cintltst/ccapitst.c:2605:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char char1[8], int32_t char1Length) {
data/icu-68.1/source/test/cintltst/ccapitst.c:2606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8[600], expect[600];
data/icu-68.1/source/test/cintltst/ccapitst.c:2609:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testName[32];
data/icu-68.1/source/test/cintltst/ccapitst.c:2622:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(utf8, charUTF8, charUTF8Length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2625:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(expect, char0, char0Length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2630:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(utf8+utf8Length, badUTF8[i], length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2633:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(utf8+utf8Length, charUTF8, charUTF8Length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2636:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(expect+expectLength, char1, char1Length);
data/icu-68.1/source/test/cintltst/ccapitst.c:2641:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(testName, "from bad UTF-8 to ");
data/icu-68.1/source/test/cintltst/ccapitst.c:2668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charUTF8[4], char0[8], char1[8];
data/icu-68.1/source/test/cintltst/ccapitst.c:2710:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char bad_utf8[2]={ (char)0xC5, (char)0xF0 };
data/icu-68.1/source/test/cintltst/ccapitst.c:2712:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char twoNCRs[16]={
data/icu-68.1/source/test/cintltst/ccapitst.c:2716:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char twoFFFD[6]={
data/icu-68.1/source/test/cintltst/ccapitst.c:2722:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[20];  /* longer than longest expectedLength */
data/icu-68.1/source/test/cintltst/ccapitst.c:2807:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target[100], utf8NUL[100], shiftJISNUL[100];
data/icu-68.1/source/test/cintltst/ccapitst.c:2822:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(utf8NUL, utf8, sizeof(utf8));
data/icu-68.1/source/test/cintltst/ccapitst.c:2824:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(shiftJISNUL, shiftJIS, sizeof(shiftJIS));
data/icu-68.1/source/test/cintltst/ccapitst.c:3038:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(myConvName + UCNV_MAX_CONVERTER_NAME_LENGTH, "locale=", 7);
data/icu-68.1/source/test/cintltst/ccapitst.c:3082:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char normal[32], swapped[32];
data/icu-68.1/source/test/cintltst/ccapitst.c:3250:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tgt[10];
data/icu-68.1/source/test/cintltst/ccapitst.c:3285:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tgt[10];
data/icu-68.1/source/test/cintltst/ccapitst.c:3337:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char input[6];
data/icu-68.1/source/test/cintltst/ccapitst.c:3467:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char defaultName[UCNV_MAX_CONVERTER_NAME_LENGTH + 1];
data/icu-68.1/source/test/cintltst/ccapitst.c:3546:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/icu-68.1/source/test/cintltst/ccapitst.c:3549:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char subChars[5]={ 0x61, 0x62, 0x63, 0x64, 0x65 };
data/icu-68.1/source/test/cintltst/ccapitst.c:3638:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charBuffer[2] = {1, 1};
data/icu-68.1/source/test/cintltst/ccapitst.c:3639:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ucharAsCharBuffer[2] = {2, 2};
data/icu-68.1/source/test/cintltst/ccapitst.c:3738:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytes[10];
data/icu-68.1/source/test/cintltst/ccolltst.c:66:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(sk+2*i, "%02X", sourceKey[i]);
data/icu-68.1/source/test/cintltst/ccolltst.c:127:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char sk[10000];
data/icu-68.1/source/test/cintltst/cctest.c:62:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char defaultName[UCNV_MAX_CONVERTER_NAME_LENGTH + 1];
data/icu-68.1/source/test/cintltst/cctest.c:63:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nameBeforeSet[UCNV_MAX_CONVERTER_NAME_LENGTH + 1];
data/icu-68.1/source/test/cintltst/cctest.c:64:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nameAfterSet[UCNV_MAX_CONVERTER_NAME_LENGTH + 1];
data/icu-68.1/source/test/cintltst/cctest.c:65:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char nameAfterRestore[UCNV_MAX_CONVERTER_NAME_LENGTH + 1];
data/icu-68.1/source/test/cintltst/cdateintervalformattest.c:145:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bcharBuf[kFormatBufLen];
data/icu-68.1/source/test/cintltst/cdateintervalformattest.c:340:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char bbuf[kSizeBBuf];
data/icu-68.1/source/test/cintltst/cdateintervalformattest.c:341:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			    char bebuf[kSizeBBuf];
data/icu-68.1/source/test/cintltst/cdattst.c:191:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char xbuf[2048];
data/icu-68.1/source/test/cintltst/cdattst.c:192:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char gbuf[2048];
data/icu-68.1/source/test/cintltst/cdattst.c:208:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char xbuf[2048];
data/icu-68.1/source/test/cintltst/cdattst.c:209:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char gbuf[2048];
data/icu-68.1/source/test/cintltst/cdattst.c:220:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char g[100];
data/icu-68.1/source/test/cintltst/cdattst.c:221:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char x[100];
data/icu-68.1/source/test/cintltst/cdattst.c:845:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[256];
data/icu-68.1/source/test/cintltst/cdattst.c:1285:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[256];
data/icu-68.1/source/test/cintltst/cdattst.c:1530:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char bbuf1[kBbufMax];
data/icu-68.1/source/test/cintltst/cdattst.c:1531:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char bbuf2[kBbufMax];
data/icu-68.1/source/test/cintltst/cdattst.c:1570:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bbuf1[kBbufMax];
data/icu-68.1/source/test/cintltst/cdattst.c:1571:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bbuf2[kBbufMax];
data/icu-68.1/source/test/cintltst/cdattst.c:1629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bbuf1[kBbufMax];
data/icu-68.1/source/test/cintltst/cdattst.c:1630:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bbuf2[kBbufMax];
data/icu-68.1/source/test/cintltst/cdattst.c:1905:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bbuf[kBbufMax];
data/icu-68.1/source/test/cintltst/cdtrgtst.c:575:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char    byteText[3*DATE_TEXT_MAX_CHARS];
data/icu-68.1/source/test/cintltst/chashtst.c:100:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char one[4] =   {0x6F, 0x6E, 0x65, 0}; /* "one" */
data/icu-68.1/source/test/cintltst/chashtst.c:101:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char one2[4] =  {0x6F, 0x6E, 0x65, 0}; /* Get around compiler optimizations */
data/icu-68.1/source/test/cintltst/chashtst.c:102:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char two[4] =   {0x74, 0x77, 0x6F, 0}; /* "two" */
data/icu-68.1/source/test/cintltst/chashtst.c:103:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char three[6] = {0x74, 0x68, 0x72, 0x65, 0x65, 0}; /* "three" */
data/icu-68.1/source/test/cintltst/chashtst.c:104:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char omega[6] = {0x6F, 0x6D, 0x65, 0x67, 0x61, 0}; /* "omega" */
data/icu-68.1/source/test/cintltst/cintltst.c:324:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char p[sizeof(__FILE__) + 20];
data/icu-68.1/source/test/cintltst/cintltst.c:347:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(".."U_FILE_SEP_STRING".."U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "Makefile.in", "r");
data/icu-68.1/source/test/cintltst/cintltst.c:391:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char p[sizeof(__FILE__) + 20];
data/icu-68.1/source/test/cintltst/cintltst.c:414:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(".."U_FILE_SEP_STRING".."U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "Makefile.in", "r");
data/icu-68.1/source/test/cintltst/cintltst.c:561:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(tdpath,"testdata");
data/icu-68.1/source/test/cintltst/cldrtest.c:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lcidStringC[64] = {0};
data/icu-68.1/source/test/cintltst/cldrtest.c:479:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char langName[1024];
data/icu-68.1/source/test/cintltst/cldrtest.c:480:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char langLCID[1024];
data/icu-68.1/source/test/cintltst/cldrtest.c:691:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fromCountry[ULOC_FULLNAME_CAPACITY], toCountry[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/cintltst/cldrtest.c:694:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fromVariant[ULOC_FULLNAME_CAPACITY], toVariant[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/cintltst/cldrtest.c:799:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pattern[256] = { '[', ':', 0x000 };
data/icu-68.1/source/test/cintltst/cldrtest.c:808:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(pattern, ":]");
data/icu-68.1/source/test/cintltst/cldrtest.c:849:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char pat[500]={'\0'};
data/icu-68.1/source/test/cintltst/cldrtest.c:1083:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char fullLoc[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/cintltst/cldrtest.c:1147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuf[32]; /* 9 should be enough */
data/icu-68.1/source/test/cintltst/cldrtest.c:1374:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char expStart[kBDelimMax], expEnd[kBDelimMax], getStart[kBDelimMax], getEnd[kBDelimMax];
data/icu-68.1/source/test/cintltst/cloctst.c:364:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char original[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/cintltst/cloctst.c:476:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PREFIXBUFSIZ];
data/icu-68.1/source/test/cintltst/cloctst.c:522:17:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
                strcpy(buf, "**??");
data/icu-68.1/source/test/cintltst/cloctst.c:568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            temp2[20];
data/icu-68.1/source/test/cintltst/cloctst.c:596:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(temp2, "%x", (int)uloc_getLCID(testLocale));
data/icu-68.1/source/test/cintltst/cloctst.c:956:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            oldDirectory[512];
data/icu-68.1/source/test/cintltst/cloctst.c:958:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char path[40] ="d:\\icu\\source\\test\\intltest" U_FILE_SEP_STRING; /*give the required path */
data/icu-68.1/source/test/cintltst/cloctst.c:1685:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[256];
data/icu-68.1/source/test/cintltst/cloctst.c:1689:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char locale[9];
data/icu-68.1/source/test/cintltst/cloctst.c:1690:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lang3[4];
data/icu-68.1/source/test/cintltst/cloctst.c:1691:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char lang[4];
data/icu-68.1/source/test/cintltst/cloctst.c:1692:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ctry3[4];
data/icu-68.1/source/test/cintltst/cloctst.c:1693:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ctry[4];
data/icu-68.1/source/test/cintltst/cloctst.c:1848:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(p1_buff,"zz_");
data/icu-68.1/source/test/cintltst/cloctst.c:1857:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(p1_buff,"zz_");
data/icu-68.1/source/test/cintltst/cloctst.c:1877:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *expectedKeywords[10];
data/icu-68.1/source/test/cintltst/cloctst.c:1922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/cintltst/cloctst.c:2036:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/cintltst/cloctst.c:2150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/test/cintltst/cloctst.c:2152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cbuffer[1024];
data/icu-68.1/source/test/cintltst/cloctst.c:2213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/test/cintltst/cloctst.c:2411:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/cintltst/cloctst.c:2459:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/cintltst/cloctst.c:2725:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char baseName[256];
data/icu-68.1/source/test/cintltst/cloctst.c:3090:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[200];
data/icu-68.1/source/test/cintltst/cloctst.c:3432:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char names1[256], names2[256];
data/icu-68.1/source/test/cintltst/cloctst.c:3514:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char country[256] ={'\0'}; 
data/icu-68.1/source/test/cintltst/cloctst.c:3515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char language[256] ={'\0'};
data/icu-68.1/source/test/cintltst/cloctst.c:3554:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            temp2[40], temp3[40];
data/icu-68.1/source/test/cintltst/cloctst.c:5950:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ULOC_FULLNAME_CAPACITY + ULOC_KEYWORD_AND_VALUES_CAPACITY + 1];
data/icu-68.1/source/test/cintltst/cloctst.c:6200:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char langtag[256];
data/icu-68.1/source/test/cintltst/cloctst.c:6256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char langtag[256];
data/icu-68.1/source/test/cintltst/cloctst.c:6395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[256];
data/icu-68.1/source/test/cintltst/cloctst.c:6440:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[256];
data/icu-68.1/source/test/cintltst/cloctst.c:6441:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char canonical[256];
data/icu-68.1/source/test/cintltst/cloctst.c:6878:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char bbufExpect[kBBufDispNameMax], bbufGet[kBBufDispNameMax];
data/icu-68.1/source/test/cintltst/cloctst.c:6905:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[256];
data/icu-68.1/source/test/cintltst/cloctst.c:6918:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errorOutputBuff[256];
data/icu-68.1/source/test/cintltst/cmsccoll.c:340:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[512];
data/icu-68.1/source/test/cintltst/cmsccoll.c:478:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *data[10];
data/icu-68.1/source/test/cintltst/cmsccoll.c:657:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char cName[256];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1051:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyA[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1052:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyAz[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1053:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyB[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1054:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyBz[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1113:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyA[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1114:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyAz[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyB[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1116:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  sortKeyBz[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1953:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char *test[4];
data/icu-68.1/source/test/cintltst/cmsccoll.c:1977:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char *test[4];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2032:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *data[50];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2227:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *data[10];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2247:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *data[10];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2394:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *data[10];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2492:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *data[10];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2546:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char utf16be[2][4] = {
data/icu-68.1/source/test/cintltst/cmsccoll.c:2551:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char utf8[2][4] = {
data/icu-68.1/source/test/cintltst/cmsccoll.c:2585:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char U16BESource[CMSCOLL_ALEXIS2_BUFFER_SIZE], U16BETarget[CMSCOLL_ALEXIS2_BUFFER_SIZE];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2586:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char U8Source[CMSCOLL_ALEXIS2_BUFFER_SIZE], U8Target[CMSCOLL_ALEXIS2_BUFFER_SIZE];
data/icu-68.1/source/test/cintltst/cmsccoll.c:2674:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char utf8String[3][256];
data/icu-68.1/source/test/cintltst/cmsccoll.c:3160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[256];
data/icu-68.1/source/test/cintltst/cmsccoll.c:3512:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char sortkey[256];
data/icu-68.1/source/test/cintltst/cmsccoll.c:3996:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char shortKeyBuf[1];
data/icu-68.1/source/test/cintltst/cmsccoll.c:4535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char srules[500] = "&[before 1]\\u03b1 < \\u0e01";
data/icu-68.1/source/test/cintltst/cmsccoll.c:5540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char srules[500] = "[import vi][import es]";
data/icu-68.1/source/test/cintltst/cmsccoll.c:5647:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char srules[500] = "[import vi][import de-u-co-phonebk]";
data/icu-68.1/source/test/cintltst/cmsgtst.c:1001:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cresult[256];
data/icu-68.1/source/test/cintltst/cmsgtst.c:1042:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cresult[256];
data/icu-68.1/source/test/cintltst/cnmdptst.c:129:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuf[256];
data/icu-68.1/source/test/cintltst/cnmdptst.c:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempMsgBug[256];
data/icu-68.1/source/test/cintltst/cnmdptst.c:349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempBuf[256];
data/icu-68.1/source/test/cintltst/cnmdptst.c:489:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cStr[20]={0};
data/icu-68.1/source/test/cintltst/cnmdptst.c:783:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[256];
data/icu-68.1/source/test/cintltst/cnmdptst.c:784:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char currLoc[256];
data/icu-68.1/source/test/cintltst/cnmdptst.c:793:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(locale, "@currency=");
data/icu-68.1/source/test/cintltst/cnmdptst.c:809:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *PREFERRED[PREFERRED_SIZE][MAX_NUMBER_OF_KEYWORDS] = {
data/icu-68.1/source/test/cintltst/cnmdptst.c:831:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *FORLOCALE[PREFERRED_SIZE] = {
data/icu-68.1/source/test/cintltst/cnmdptst.c:937:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char getCurrB[4];
data/icu-68.1/source/test/cintltst/cnormtst.c:1032:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const _modeString[UNORM_MODE_COUNT]={
data/icu-68.1/source/test/cintltst/cnumtst.c:45:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char _fileline[1000];
data/icu-68.1/source/test/cintltst/cnumtst.c:869:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  desta[DESTCAPACITY];
data/icu-68.1/source/test/cintltst/cnumtst.c:1090:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char parseCurrB[4];
data/icu-68.1/source/test/cintltst/cnumtst.c:1262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  temp1[128];
data/icu-68.1/source/test/cintltst/cnumtst.c:1263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  temp2[128];
data/icu-68.1/source/test/cintltst/cnumtst.c:1548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[512];
data/icu-68.1/source/test/cintltst/cnumtst.c:1869:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char temp[512];
data/icu-68.1/source/test/cintltst/cnumtst.c:1895:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char acurrency[16];
data/icu-68.1/source/test/cintltst/cnumtst.c:1977:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[200];
data/icu-68.1/source/test/cintltst/cnumtst.c:2057:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp1[256];
data/icu-68.1/source/test/cintltst/cnumtst.c:2058:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp2[256];
data/icu-68.1/source/test/cintltst/cnumtst.c:2694:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char bbuf[kUBufMax*2];
data/icu-68.1/source/test/cintltst/cnumtst.c:3010:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bexp[kBBufSize];
data/icu-68.1/source/test/cintltst/cnumtst.c:3011:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bget[kBBufSize];
data/icu-68.1/source/test/cintltst/cnumtst.c:3211:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char decstr[32];
data/icu-68.1/source/test/cintltst/cnumtst.c:3219:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char btext[32];
data/icu-68.1/source/test/cintltst/cnumtst.c:3231:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char btext[32];
data/icu-68.1/source/test/cintltst/cnumtst.c:3245:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char btext[32];
data/icu-68.1/source/test/cintltst/cnumtst.c:3330:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  bbufe[kBBufMax];
data/icu-68.1/source/test/cintltst/cnumtst.c:3331:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  bbufg[kBBufMax];
data/icu-68.1/source/test/cintltst/cnumtst.c:3421:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char bbuf[kBBufMax];
data/icu-68.1/source/test/cintltst/cnumtst.c:3455:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bbuf[kBBufMax];
data/icu-68.1/source/test/cintltst/cnumtst.c:3487:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  bbuf[kBBufMax];
data/icu-68.1/source/test/cintltst/cpluralrulestest.c:95:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char bcharBuf[kKeywordBufLen];
data/icu-68.1/source/test/cintltst/cpluralrulestest.c:114:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char bcharBuf[kKeywordBufLen];
data/icu-68.1/source/test/cintltst/cposxtst.c:79:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[128];
data/icu-68.1/source/test/cintltst/crelativedateformattest.c:395:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char  bbufget[kBBufMax];
data/icu-68.1/source/test/cintltst/crelativedateformattest.c:417:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char  bbufget[kBBufMax];
data/icu-68.1/source/test/cintltst/crelativedateformattest.c:621:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char  bbufget[kBBufMax];
data/icu-68.1/source/test/cintltst/crestst.c:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[99];
data/icu-68.1/source/test/cintltst/crestst.c:279:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char action[256];
data/icu-68.1/source/test/cintltst/crestst.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char item_tag[10];
data/icu-68.1/source/test/cintltst/crestst.c:294:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(item_tag, "tag");
data/icu-68.1/source/test/cintltst/crestst.c:310:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(action,"construction for");
data/icu-68.1/source/test/cintltst/crestst.c:386:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tag,"string_");
data/icu-68.1/source/test/cintltst/crestst.c:390:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(action, ".ures_get(" );
data/icu-68.1/source/test/cintltst/creststn.c:484:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char action[256];
data/icu-68.1/source/test/cintltst/creststn.c:522:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of string with embeded zero");
data/icu-68.1/source/test/cintltst/creststn.c:538:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of binary type");
data/icu-68.1/source/test/cintltst/creststn.c:551:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of imported binary type");
data/icu-68.1/source/test/cintltst/creststn.c:564:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of integer types");
data/icu-68.1/source/test/cintltst/creststn.c:576:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting minusone");
data/icu-68.1/source/test/cintltst/creststn.c:589:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting plusone");
data/icu-68.1/source/test/cintltst/creststn.c:624:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char pattern[2048] = "";
data/icu-68.1/source/test/cintltst/creststn.c:631:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(pattern, "[ \\\\u0020 \\\\u00A0 \\\\u1680 \\\\u2000 \\\\u2001 \\\\u2002 \\\\u2003 \\\\u2004 \\\\u2005 \\\\u2006 \\\\u2007 "
data/icu-68.1/source/test/cintltst/creststn.c:637:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(pattern, 
data/icu-68.1/source/test/cintltst/creststn.c:644:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(pattern, 
data/icu-68.1/source/test/cintltst/creststn.c:711:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(path, "riwords.txt");
data/icu-68.1/source/test/cintltst/creststn.c:748:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(path, "translit_rules.txt");
data/icu-68.1/source/test/cintltst/creststn.c:786:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char action[256];
data/icu-68.1/source/test/cintltst/creststn.c:797:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "Construction of testtypes bundle");
data/icu-68.1/source/test/cintltst/creststn.c:816:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of explicit string of zero length string");
data/icu-68.1/source/test/cintltst/creststn.c:831:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of normal string of zero length string");
data/icu-68.1/source/test/cintltst/creststn.c:846:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of empty int");
data/icu-68.1/source/test/cintltst/creststn.c:860:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of zero length intvector");
data/icu-68.1/source/test/cintltst/creststn.c:877:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of zero length emptybin");
data/icu-68.1/source/test/cintltst/creststn.c:894:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of zero length emptyarray");
data/icu-68.1/source/test/cintltst/creststn.c:910:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of zero length emptytable");
data/icu-68.1/source/test/cintltst/creststn.c:1018:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char convOutput[256];
data/icu-68.1/source/test/cintltst/creststn.c:1563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char versionString[256];
data/icu-68.1/source/test/cintltst/creststn.c:1564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char verboseOutput[256];
data/icu-68.1/source/test/cintltst/creststn.c:1649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[99];
data/icu-68.1/source/test/cintltst/creststn.c:1650:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char action[256];
data/icu-68.1/source/test/cintltst/creststn.c:1655:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/icu-68.1/source/test/cintltst/creststn.c:1656:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char item_tag[10];
data/icu-68.1/source/test/cintltst/creststn.c:1665:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char verboseOutput[256];
data/icu-68.1/source/test/cintltst/creststn.c:1682:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(item_tag, "tag");
data/icu-68.1/source/test/cintltst/creststn.c:1686:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(action,"construction for ");
data/icu-68.1/source/test/cintltst/creststn.c:1756:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tag,"string_");
data/icu-68.1/source/test/cintltst/creststn.c:1760:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(action, ".ures_getStringByKey(" );
data/icu-68.1/source/test/cintltst/creststn.c:1787:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tag,"array_");
data/icu-68.1/source/test/cintltst/creststn.c:1791:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(action, ".ures_getByKey(" );
data/icu-68.1/source/test/cintltst/creststn.c:1828:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tag,"array_");
data/icu-68.1/source/test/cintltst/creststn.c:1832:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(action, ".ures_getStringByIndex(");
data/icu-68.1/source/test/cintltst/creststn.c:1865:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tag,"array_2d_");
data/icu-68.1/source/test/cintltst/creststn.c:1869:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(action, ".ures_getByKey(" );
data/icu-68.1/source/test/cintltst/creststn.c:1962:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(tag,"tagged_array_");
data/icu-68.1/source/test/cintltst/creststn.c:1966:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(action,".ures_getByKey(");
data/icu-68.1/source/test/cintltst/creststn.c:2008:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(item_tag, "tag");
data/icu-68.1/source/test/cintltst/creststn.c:2194:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char x[100];
data/icu-68.1/source/test/cintltst/creststn.c:2195:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char g[100];
data/icu-68.1/source/test/cintltst/creststn.c:2230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/icu-68.1/source/test/cintltst/creststn.c:2308:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(buffer, "menu/file/open");
data/icu-68.1/source/test/cintltst/creststn.c:2440:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/icu-68.1/source/test/cintltst/creststn.c:2488:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buffer, "Languages/hr");
data/icu-68.1/source/test/cintltst/creststn.c:2653:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char equivLocale[256];
data/icu-68.1/source/test/cintltst/creststn.c:2739:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char equivLocale[256] = "???";
data/icu-68.1/source/test/cintltst/creststn.c:2824:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resource[256];
data/icu-68.1/source/test/cintltst/creststn.c:2827:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *expects[7] = { "", "a41", "a12", "a03", "ar4" };
data/icu-68.1/source/test/cintltst/creststn.c:2930:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer8[16];
data/icu-68.1/source/test/cintltst/creststn.c:3041:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer8[16];
data/icu-68.1/source/test/cintltst/creststn.c:3092:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[200];
data/icu-68.1/source/test/cintltst/cstrcase.c:365:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char charsOut[21];
data/icu-68.1/source/test/cintltst/cstrcase.c:384:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char charsOut[21];
data/icu-68.1/source/test/cintltst/cstrcase.c:730:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8Out[8];
data/icu-68.1/source/test/cintltst/cstrcase.c:980:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char utf8BeforeTitle[64], utf8TitleSentNoLower[64], utf8[64];
data/icu-68.1/source/test/cintltst/cstrtest.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src[30]="HELLO THERE", dest[30];
data/icu-68.1/source/test/cintltst/cstrtest.c:197:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cs[120];
data/icu-68.1/source/test/cintltst/cucdapi.c:19:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(s, "(no scripts)");
data/icu-68.1/source/test/cintltst/cucdapi.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[80];
data/icu-68.1/source/test/cintltst/cucdapi.c:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s2[80];
data/icu-68.1/source/test/cintltst/cucdtst.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[256];
data/icu-68.1/source/test/cintltst/cucdtst.c:79:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char backupPath[256];
data/icu-68.1/source/test/cintltst/cucdtst.c:563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char icuVersion[U_MAX_VERSION_STRING_LENGTH];
data/icu-68.1/source/test/cintltst/cucdtst.c:967:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/icu-68.1/source/test/cintltst/cucdtst.c:1317:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[15][2];
data/icu-68.1/source/test/cintltst/cucdtst.c:1771:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char name[80];
data/icu-68.1/source/test/cintltst/cucdtst.c:1891:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZE];
data/icu-68.1/source/test/cintltst/cucdtst.c:3204:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[300];
data/icu-68.1/source/test/cintltst/cucdtst.c:3535:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[3][2];
data/icu-68.1/source/test/cintltst/custrtrn.c:508:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char u8Temp[1];
data/icu-68.1/source/test/cintltst/custrtrn.c:686:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char out8[10];
data/icu-68.1/source/test/cintltst/custrtrn.c:855:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static const char src[1]={ (char)0xf8 };
data/icu-68.1/source/test/cintltst/custrtrn.c:1344:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t buffer[10];
data/icu-68.1/source/test/cintltst/custrtrn.c:1386:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t ws[100];
data/icu-68.1/source/test/cintltst/custrtrn.c:1397:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char astr[100];
data/icu-68.1/source/test/cintltst/custrtrn.c:1543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[200];
data/icu-68.1/source/test/cintltst/custrtrn.c:1995:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest8[4]={ 3, 3, 3, 3 };
data/icu-68.1/source/test/cintltst/custrtrn.c:1999:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t destW[4]={ 3, 3, 3, 3 };
data/icu-68.1/source/test/cintltst/custrtst.c:111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char test[512];
data/icu-68.1/source/test/cintltst/custrtst.c:112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempOut[512];
data/icu-68.1/source/test/cintltst/custrtst.c:987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  charOut[40];
data/icu-68.1/source/test/cintltst/custrtst.c:1504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytes[40];
data/icu-68.1/source/test/cintltst/eurocreg.c:145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target[20];
data/icu-68.1/source/test/cintltst/idnatest.c:90:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tSrc,src,tSrcLen * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/cintltst/idnatest.c:870:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest8[10];
data/icu-68.1/source/test/cintltst/nccbtst.c:39:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     gNuConvTestName[1024];
data/icu-68.1/source/test/cintltst/nccbtst.c:2629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junkout[NEW_MAX_BUFFER]; /* FIX */
data/icu-68.1/source/test/cintltst/nccbtst.c:2642:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junk[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:2643:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char offset_str[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:2757:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:2758:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/nccbtst.c:2835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junk[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:2836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char offset_str[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:2921:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char errChars[50]; /* should be sufficient */
data/icu-68.1/source/test/cintltst/nccbtst.c:2953:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:2954:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/nccbtst.c:3020:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junkout[NEW_MAX_BUFFER]; /* FIX */
data/icu-68.1/source/test/cintltst/nccbtst.c:3033:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junk[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:3034:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char offset_str[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:3131:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:3132:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/nccbtst.c:3208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junk[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:3209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char offset_str[9999];
data/icu-68.1/source/test/cintltst/nccbtst.c:3310:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:3311:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     gNuConvTestName[1024];
data/icu-68.1/source/test/cintltst/ncnvfbts.c:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junkout[NEW_MAX_BUFFER]; /* FIX */
data/icu-68.1/source/test/cintltst/ncnvfbts.c:231:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char junk[9999];
data/icu-68.1/source/test/cintltst/ncnvfbts.c:232:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char offset_str[9999];
data/icu-68.1/source/test/cintltst/ncnvfbts.c:238:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + uprv_strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:239:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char junk[9999];
data/icu-68.1/source/test/cintltst/ncnvfbts.c:310:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char offset_str[9999];
data/icu-68.1/source/test/cintltst/ncnvfbts.c:400:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:401:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/ncnvtst.c:38:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     gNuConvTestName[1024];
data/icu-68.1/source/test/cintltst/ncnvtst.c:670:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char input1[INPUT_SIZE]={ 0x70 };
data/icu-68.1/source/test/cintltst/ncnvtst.c:1002:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_LENGTH];
data/icu-68.1/source/test/cintltst/ncnvtst.c:1186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    junkout[MAX_LENGTH]; /* FIX */
data/icu-68.1/source/test/cintltst/ncnvtst.c:1284:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char junk[999];
data/icu-68.1/source/test/cintltst/ncnvtst.c:1285:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char offset_str[999];
data/icu-68.1/source/test/cintltst/ncnvtst.c:1292:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*ptr);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1293:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[ptr-junkout]);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1459:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char junk[999];
data/icu-68.1/source/test/cintltst/ncnvtst.c:1460:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char offset_str[999];
data/icu-68.1/source/test/cintltst/ncnvtst.c:1469:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*ptr);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1470:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[ptr-junkout]);
data/icu-68.1/source/test/cintltst/nfsprep.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  b3Stack[NFS4_MAX_BUFFER_SIZE];
data/icu-68.1/source/test/cintltst/nfsprep.c:215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  pStack[NFS4_MAX_BUFFER_SIZE], 
data/icu-68.1/source/test/cintltst/nucnvtst.c:127:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char     gNuConvTestName[1024];
data/icu-68.1/source/test/cintltst/nucnvtst.c:367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    junkout[NEW_MAX_BUFFER]; /* FIX */
data/icu-68.1/source/test/cintltst/nucnvtst.c:451:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char junk[9999];
data/icu-68.1/source/test/cintltst/nucnvtst.c:452:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char offset_str[9999];
data/icu-68.1/source/test/cintltst/nucnvtst.c:458:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(junk + strlen(junk), "0x%02x, ", (int)(0xFF & *ptr));
data/icu-68.1/source/test/cintltst/nucnvtst.c:459:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(offset_str + strlen(offset_str), "0x%02x, ", (int)(0xFF & junokout[ptr-junkout]));
data/icu-68.1/source/test/cintltst/nucnvtst.c:612:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char junk[9999];
data/icu-68.1/source/test/cintltst/nucnvtst.c:613:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char offset_str[9999];
data/icu-68.1/source/test/cintltst/nucnvtst.c:621:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*ptr);
data/icu-68.1/source/test/cintltst/nucnvtst.c:622:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[ptr-junkout]);
data/icu-68.1/source/test/cintltst/nucnvtst.c:1471:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char inBytes[3]={ 0x61, 0x5B, 0x5c };
data/icu-68.1/source/test/cintltst/nucnvtst.c:3005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[80];
data/icu-68.1/source/test/cintltst/nucnvtst.c:3801:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cTarget[500]={'\0'};
data/icu-68.1/source/test/cintltst/nucnvtst.c:4342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cTarget[500]={'\0'};
data/icu-68.1/source/test/cintltst/nucnvtst.c:4877:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char get_subchars [1];
data/icu-68.1/source/test/cintltst/nucnvtst.c:5160:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char LIn [sizeof(pszLMBCS)];
data/icu-68.1/source/test/cintltst/nucnvtst.c:5163:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char LOut [sizeof(pszLMBCS)];
data/icu-68.1/source/test/cintltst/nucnvtst.c:5470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target[256];
data/icu-68.1/source/test/cintltst/putiltst.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char versionString[17]; /* xxx.xxx.xxx.xxx\0 */
data/icu-68.1/source/test/cintltst/putiltst.c:502:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buf[512];
data/icu-68.1/source/test/cintltst/putiltst.c:505:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf+(i*3), "%02x ", bytes[i]);
data/icu-68.1/source/test/cintltst/putiltst.c:567:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char toolutil_testBuf[TOOLUTIL_TESTBUF_SIZE];
data/icu-68.1/source/test/cintltst/reapits.c:84:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
     char     buf_inside_macro[120];
data/icu-68.1/source/test/cintltst/reapits.c:969:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char  expected[80];
data/icu-68.1/source/test/cintltst/reapits.c:986:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char  expected[80];
data/icu-68.1/source/test/cintltst/reapits.c:1419:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char           patternTextUTF8[5] = { 0x61, 0x62, 0x63, 0x2a, 0x00 };
data/icu-68.1/source/test/cintltst/spooftest.c:143:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/test/cintltst/spooftest.c:153:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/test/cintltst/spooftest.c:450:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    utf8buf[200];
data/icu-68.1/source/test/cintltst/spooftest.c:485:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char utf8buf[200];
data/icu-68.1/source/test/cintltst/spooftest.c:552:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char s1[200];
data/icu-68.1/source/test/cintltst/spooftest.c:553:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char s2[200];
data/icu-68.1/source/test/cintltst/spreptst.c:445:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char src[MAX_BUFFER_SIZE];
data/icu-68.1/source/test/cintltst/spreptst.c:474:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dest[MAX_BUFFER_SIZE];
data/icu-68.1/source/test/cintltst/spreptst.c:475:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char src[MAX_BUFFER_SIZE] = {0};
data/icu-68.1/source/test/cintltst/spreptst.c:504:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char src[MAX_BUFFER_SIZE]={'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:508:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char dest[MAX_BUFFER_SIZE] = {'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:527:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char src[MAX_BUFFER_SIZE]={'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:531:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char dest[MAX_BUFFER_SIZE] = {'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:550:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char src[MAX_BUFFER_SIZE]={'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:554:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char dest[MAX_BUFFER_SIZE] = {'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:574:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char src[MAX_BUFFER_SIZE]={'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:575:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char exp[MAX_BUFFER_SIZE]={'\0'};
data/icu-68.1/source/test/cintltst/spreptst.c:580:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char dest[MAX_BUFFER_SIZE] = {'\0'};
data/icu-68.1/source/test/cintltst/sprpdata.c:97:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[3][2];
data/icu-68.1/source/test/cintltst/tracetst.c:77:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  buf[300];
data/icu-68.1/source/test/cintltst/tracetst.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  expectedResult[300];
data/icu-68.1/source/test/cintltst/tracetst.c:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        buf[1000];
data/icu-68.1/source/test/cintltst/tracetst.c:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        buf[1000];
data/icu-68.1/source/test/cintltst/tracetst.c:361:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char      buf[100];
data/icu-68.1/source/test/cintltst/trie2test.c:788:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[40];
data/icu-68.1/source/test/cintltst/trie2test.c:1345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[40];
data/icu-68.1/source/test/cintltst/trietest.c:658:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[40];
data/icu-68.1/source/test/cintltst/trietest.c:685:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[40];
data/icu-68.1/source/test/cintltst/ucnvseltst.c:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnbuf[FILENAME_BUFFER];
data/icu-68.1/source/test/cintltst/ucnvseltst.c:180:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fnbuf, "rb");
data/icu-68.1/source/test/cintltst/ucptrietest.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[80];
data/icu-68.1/source/test/cintltst/ucptrietest.c:888:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[40];
data/icu-68.1/source/test/cintltst/ucsdetst.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/test/cintltst/udatatst.c:167:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(icuDataFilePath, ".dat");
data/icu-68.1/source/test/cintltst/udatatst.c:196:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(path, "tmp");
data/icu-68.1/source/test/cintltst/udatatst.c:207:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
      strcat(icuDataFilePath, ".dat");
data/icu-68.1/source/test/cintltst/udatatst.c:248:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(icuDataFilePath, "build");
data/icu-68.1/source/test/cintltst/udatatst.c:252:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(icuDataFilePath, "cnvalias.icu");
data/icu-68.1/source/test/cintltst/udatatst.c:260:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(icuDataFilePath, "build");
data/icu-68.1/source/test/cintltst/udatatst.c:348:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char longTestPath[1024];    /* Implementation goes to heap at length of 128.  */
data/icu-68.1/source/test/cintltst/udatatst.c:349:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char longName[1024];
data/icu-68.1/source/test/cintltst/udatatst.c:357:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(longTestPath, "bogus_directory_name");
data/icu-68.1/source/test/cintltst/udatatst.c:360:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(longTestPath, "bogus_directory_name");
data/icu-68.1/source/test/cintltst/udatatst.c:399:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char padding[8];
data/icu-68.1/source/test/cintltst/udatatst.c:1047:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testMsgBuf[256];
data/icu-68.1/source/test/cintltst/udatatst.c:1126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expectDataName[20];
data/icu-68.1/source/test/cintltst/udatatst.c:1254:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char padding[8];
data/icu-68.1/source/test/cintltst/udatatst.c:1634:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];
data/icu-68.1/source/test/cintltst/udatatst.c:1804:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char badBuffer[sizeof(gOffsetTOCAppData_dat)];
data/icu-68.1/source/test/cintltst/udatatst.c:1807:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(badBuffer, "Hello! I'm not good data.");
data/icu-68.1/source/test/cintltst/udatpg_test.c:432:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char skelBytes[kTestOptionsPatLenMax];
data/icu-68.1/source/test/cintltst/udatpg_test.c:433:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char expectedPatternBytes[kTestOptionsPatLenMax];
data/icu-68.1/source/test/cintltst/udatpg_test.c:434:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char patternBytes[kTestOptionsPatLenMax];
data/icu-68.1/source/test/cintltst/udatpg_test.c:490:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char expNameB[kFieldDisplayNameBytesMax];
data/icu-68.1/source/test/cintltst/udatpg_test.c:491:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char getNameB[kFieldDisplayNameBytesMax];
data/icu-68.1/source/test/cintltst/uenumtst.c:25:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char quikBuf[256];
data/icu-68.1/source/test/cintltst/uenumtst.c:209:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &chEnum, sizeof(UEnumeration));
data/icu-68.1/source/test/cintltst/uenumtst.c:280:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(en, &uchEnum, sizeof(UEnumeration));
data/icu-68.1/source/test/cintltst/uformattedvaluetst.c:146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message[256];
data/icu-68.1/source/test/cintltst/unumberformattertst.c:282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[CAPACITY];
data/icu-68.1/source/test/cintltst/unumberformattertst.c:341:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFFER_LEN];
data/icu-68.1/source/test/cintltst/unumberrangeformattertst.c:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[CAPACITY];
data/icu-68.1/source/test/cintltst/usettest.c:275:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char strCopy[64];
data/icu-68.1/source/test/cintltst/usettest.c:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1];
data/icu-68.1/source/test/cintltst/usettest.c:360:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4096];
data/icu-68.1/source/test/cintltst/usettest.c:422:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char strCopy[64];
data/icu-68.1/source/test/cintltst/usrchtst.c:53:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
static void open(UErrorCode* status)
data/icu-68.1/source/test/cintltst/usrchtst.c:97:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:138:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char result[1024];
data/icu-68.1/source/test/cintltst/usrchtst.c:149:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(temp, "\\u%04x", ch);
data/icu-68.1/source/test/cintltst/usrchtst.c:253:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:312:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:654:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:672:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:710:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:734:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:833:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:859:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:962:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1022:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1131:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1200:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1225:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1327:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1415:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1507:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1593:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1638:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1796:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1814:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1835:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1857:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1934:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:1960:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:2039:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:2111:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:2189:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:2249:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:2276:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:2366:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/usrchtst.c:3033:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    open(&status);
data/icu-68.1/source/test/cintltst/utransts.c:146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUF_CAP], buf2[BUF_CAP];
data/icu-68.1/source/test/cintltst/utransts.c:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[BUF_CAP];
data/icu-68.1/source/test/cintltst/utransts.c:306:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf1[BUF_CAP], buf2[BUF_CAP], buf3[BUF_CAP];
data/icu-68.1/source/test/cintltst/utransts.c:695:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char btext[kBBufMax], bexpect[kBBufMax];
data/icu-68.1/source/test/cintltst/utransts.c:772:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actual[CAP];
data/icu-68.1/source/test/cintltst/utransts.c:794:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actual[CAP];
data/icu-68.1/source/test/cintltst/utransts.c:816:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actual[CAP];
data/icu-68.1/source/test/cintltst/utransts.c:840:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char actual[CAP];
data/icu-68.1/source/test/compat/tzdate.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char systime[SIZE];
data/icu-68.1/source/test/compat/tzdate.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char icutime[SIZE];
data/icu-68.1/source/test/compat/tzdate.c:53:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    year = atoi(argv[1]);
data/icu-68.1/source/test/compat/tzdate.c:54:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    month = atoi(argv[2]);
data/icu-68.1/source/test/compat/tzdate.c:55:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    day = atoi(argv[3]);
data/icu-68.1/source/test/compat/tzdate.c:56:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    hour = atoi(argv[4]);
data/icu-68.1/source/test/compat/tzdate.c:57:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    minute = atoi(argv[5]);
data/icu-68.1/source/test/compat/tzdate.c:58:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    useCurrentTime = atoi(argv[6]);
data/icu-68.1/source/test/fuzzer/break_iterator_fuzzer.cpp:33:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fuzzbuff.get(), data, unistr_size * 2);
data/icu-68.1/source/test/fuzzer/collator_compare_fuzzer.cpp:20:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(compbuff1.get(), data, (size/4)*2);
data/icu-68.1/source/test/fuzzer/collator_compare_fuzzer.cpp:23:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(compbuff2.get(), data, (size/4)*2);
data/icu-68.1/source/test/fuzzer/collator_rulebased_fuzzer.cpp:19:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fuzzbuff.get(), data, unistr_size * 2);
data/icu-68.1/source/test/fuzzer/converter_fuzzer.cpp:37:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fuzzbuff.get(), data, unistr_size * 2);
data/icu-68.1/source/test/fuzzer/number_format_fuzzer.cpp:30:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fuzzbuff.get(), data, unistr_size * 2);
data/icu-68.1/source/test/fuzzer/ucasemap_fuzzer.cpp:39:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fuzzbuff.get(), data, size);
data/icu-68.1/source/test/fuzzer/uloc_canonicalize_fuzzer.cpp:11:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/fuzzer/uloc_for_language_tag_fuzzer.cpp:11:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char locale_id[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/fuzzer/uloc_get_name_fuzzer.cpp:11:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/fuzzer/unicode_string_codepage_create_fuzzer.cpp:79:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fuzzbuff.get(), data, size);
data/icu-68.1/source/test/intltest/alphaindextst.cpp:649:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[100];
data/icu-68.1/source/test/intltest/alphaindextst.cpp:677:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[100];
data/icu-68.1/source/test/intltest/alphaindextst.cpp:700:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[40];
data/icu-68.1/source/test/intltest/alphaindextst.cpp:701:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "kanji[%d]=U+%04lX in overflow bucket", (int)i, (long)kanji[i]);
data/icu-68.1/source/test/intltest/apicoll.cpp:1129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(key2primary.getAlias(), key2primary_alias, keylength);
data/icu-68.1/source/test/intltest/apicoll.cpp:1889:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                if(strcmp((const char *)lower, (const char *)tests[k].key) > 0) {
data/icu-68.1/source/test/intltest/apicoll.cpp:1889:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                if(strcmp((const char *)lower, (const char *)tests[k].key) > 0) {
data/icu-68.1/source/test/intltest/apicoll.cpp:1892:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                if(strcmp((const char *)upper, (const char *)tests[k].key) <= 0) {
data/icu-68.1/source/test/intltest/apicoll.cpp:1892:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                if(strcmp((const char *)upper, (const char *)tests[k].key) <= 0) {
data/icu-68.1/source/test/intltest/apicoll.cpp:1924:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *tests[20];
data/icu-68.1/source/test/intltest/apicoll.cpp:2111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[100];
data/icu-68.1/source/test/intltest/bidiconf.cpp:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[10000];
data/icu-68.1/source/test/intltest/bidiconf.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char levelNameString[12];
data/icu-68.1/source/test/intltest/bidiconf.cpp:267:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bidiTestPath[400];
data/icu-68.1/source/test/intltest/bidiconf.cpp:269:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(bidiTestPath, "BidiTest.txt");
data/icu-68.1/source/test/intltest/bidiconf.cpp:270:40:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LocalStdioFilePointer bidiTestFile(fopen(bidiTestPath, "r"));
data/icu-68.1/source/test/intltest/bidiconf.cpp:436:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bidiTestPath[400];
data/icu-68.1/source/test/intltest/bidiconf.cpp:438:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(bidiTestPath, "BidiCharacterTest.txt");
data/icu-68.1/source/test/intltest/bidiconf.cpp:439:40:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LocalStdioFilePointer bidiTestFile(fopen(bidiTestPath, "r"));
data/icu-68.1/source/test/intltest/bidiconf.cpp:500:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(levelNameString, "%d", (int)paraLevel);
data/icu-68.1/source/test/intltest/bytestrietest.cpp:351:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[40];
data/icu-68.1/source/test/intltest/callimts.cpp:211:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64];
data/icu-68.1/source/test/intltest/caltest.cpp:2515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char local[32];
data/icu-68.1/source/test/intltest/caltest.cpp:2516:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(local, "%04d-%02d-%02d %02d:%02d:%02d.%03d", year, month, day, hour, min, sec, ms);
data/icu-68.1/source/test/intltest/caltest.cpp:2593:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[32];
data/icu-68.1/source/test/intltest/caltest.cpp:2695:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[32];
data/icu-68.1/source/test/intltest/caltest.cpp:3695:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[32];
data/icu-68.1/source/test/intltest/compactdecimalformattest.cpp:510:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char description[256];
data/icu-68.1/source/test/intltest/compactdecimalformattest.cpp:529:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char description[256];
data/icu-68.1/source/test/intltest/convtest.cpp:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charset[100], cbopt[4];
data/icu-68.1/source/test/intltest/convtest.cpp:201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charset[100], cbopt[4];
data/icu-68.1/source/test/intltest/convtest.cpp:355:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charset[100];
data/icu-68.1/source/test/intltest/convtest.cpp:554:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/test/intltest/convtest.cpp:677:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char output[10];
data/icu-68.1/source/test/intltest/convtest.cpp:721:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[20];
data/icu-68.1/source/test/intltest/convtest.cpp:799:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char errorBytes[10];
data/icu-68.1/source/test/intltest/convtest.cpp:851:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[128];
data/icu-68.1/source/test/intltest/convtest.cpp:1326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char resultInvalidChars[8];
data/icu-68.1/source/test/intltest/convtest.cpp:1362:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[2000]; // one buffer for all strings
data/icu-68.1/source/test/intltest/convtest.cpp:1651:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8[256];
data/icu-68.1/source/test/intltest/convtest.cpp:1664:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[256];
data/icu-68.1/source/test/intltest/convtest.cpp:1817:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[2000]; // one buffer for all strings
data/icu-68.1/source/test/intltest/convtest.h:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subchar[8];
data/icu-68.1/source/test/intltest/csdetest.cpp:164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char codepage[64];
data/icu-68.1/source/test/intltest/csdetest.cpp:237:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *CharsetDetectionTest::getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/intltest/csdetest.cpp:526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[2048];
data/icu-68.1/source/test/intltest/csdetest.cpp:765:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char latin1Text[sizeof(charText)];
data/icu-68.1/source/test/intltest/csdetest.h:41:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/csdetest.h:41:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/dadrcal.cpp:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char toCalLoc[256] = "";
data/icu-68.1/source/test/intltest/dadrcal.cpp:105:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char theCase[200];
data/icu-68.1/source/test/intltest/dadrcal.cpp:106:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(theCase, "[case %d]", n);
data/icu-68.1/source/test/intltest/dadrcal.cpp:371:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char toCalLoc[256] = "";
data/icu-68.1/source/test/intltest/dadrcal.cpp:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fromCalLoc[256] = "";
data/icu-68.1/source/test/intltest/dadrcal.cpp:451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testType[256] = "";
data/icu-68.1/source/test/intltest/dadrfmt.cpp:115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char calLoc[256] = "";
data/icu-68.1/source/test/intltest/dadrfmt.cpp:128:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char theCase[200];
data/icu-68.1/source/test/intltest/dadrfmt.cpp:129:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(theCase, "case %d:", n);
data/icu-68.1/source/test/intltest/dadrfmt.cpp:333:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testType[256] = "";
data/icu-68.1/source/test/intltest/dcfmapts.cpp:650:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[200]; \
data/icu-68.1/source/test/intltest/dcfmapts.cpp:651:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "(%g==%g)", (double)lhs, (double)rhs); \
data/icu-68.1/source/test/intltest/dcfmtest.cpp:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tdd[2048];
data/icu-68.1/source/test/intltest/dcfmtest.cpp:366:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   expectedTypeC[2];
data/icu-68.1/source/test/intltest/dcfmtest.cpp:507:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/test/intltest/dcfmtest.h:39:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/dcfmtest.h:39:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/dtfmrgts.cpp:1538:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char getFormat[32];
data/icu-68.1/source/test/intltest/dtfmrgts.cpp:1554:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char getFormat[32];
data/icu-68.1/source/test/intltest/dtfmtrtts.cpp:559:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf [12];
data/icu-68.1/source/test/intltest/dtfmtrtts.cpp:560:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%#04x", c);
data/icu-68.1/source/test/intltest/dtfmttst.cpp:2389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char banner[25];
data/icu-68.1/source/test/intltest/dtfmttst.cpp:2390:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(banner, "%d", daysdelta);
data/icu-68.1/source/test/intltest/dtfmttst.cpp:4450:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bExpected[kBBufMax];
data/icu-68.1/source/test/intltest/dtfmttst.cpp:4451:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bResult[kBBufMax];
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1499:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char result[1000];
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1500:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mesg[1000];
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1570:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char locName[32];
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1624:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[1000];
data/icu-68.1/source/test/intltest/dtifmtts.cpp:1625:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[1000];
data/icu-68.1/source/test/intltest/dtptngts.cpp:1005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mustIncludeOneOf[MUST_INCLUDE_COUNT+1];// resulting pattern must include at least one of
data/icu-68.1/source/test/intltest/dtptngts.cpp:1085:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char skelBuf[FIELD_LENGTH_MAX];
data/icu-68.1/source/test/intltest/dtptngts.cpp:1196:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char message[100] = "\0";
data/icu-68.1/source/test/intltest/dtptngts.cpp:1271:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char charResult[kCharBufMax+1];
data/icu-68.1/source/test/intltest/dtptngts.cpp:1394:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     char jcBuf[2], spBuf[32], jpBuf[32];
data/icu-68.1/source/test/intltest/dtptngts.cpp:1464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char original[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/intltest/fldset.cpp:118:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ch[256];
data/icu-68.1/source/test/intltest/fldset.cpp:133:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char ch[256];
data/icu-68.1/source/test/intltest/icusvtst.cpp:159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[128];
data/icu-68.1/source/test/intltest/icusvtst.cpp:171:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buffer, "%d", (int)i->_val);
data/icu-68.1/source/test/intltest/icusvtst.cpp:174:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buffer, "%p", (const void*)obj);
data/icu-68.1/source/test/intltest/icusvtst.cpp:594:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[128];
data/icu-68.1/source/test/intltest/idnaconf.cpp:81:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(absolute_name, "rb");
data/icu-68.1/source/test/intltest/idnaref.cpp:137:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b2Stack[MAX_LABEL_BUFFER_SIZE];
data/icu-68.1/source/test/intltest/idnaref.cpp:215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char b1Stack[MAX_LABEL_BUFFER_SIZE];
data/icu-68.1/source/test/intltest/incaltst.cpp:44:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf [8];
data/icu-68.1/source/test/intltest/incaltst.cpp:45:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(buf, "%#x", c);
data/icu-68.1/source/test/intltest/incaltst.cpp:125:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *locs [40] = { "en_US_VALLEYGIRL",     
data/icu-68.1/source/test/intltest/incaltst.cpp:138:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *types[40] = { "gregorian", 
data/icu-68.1/source/test/intltest/intltest.cpp:77:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];    // nos changed from 10 to 64
data/icu-68.1/source/test/intltest/intltest.cpp:80:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%ld", num);
data/icu-68.1/source/test/intltest/intltest.cpp:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];    // nos changed from 10 to 64
data/icu-68.1/source/test/intltest/intltest.cpp:93:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%lu", num);
data/icu-68.1/source/test/intltest/intltest.cpp:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];    // nos changed from 10 to 64
data/icu-68.1/source/test/intltest/intltest.cpp:106:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%I64d", num);
data/icu-68.1/source/test/intltest/intltest.cpp:108:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%lld", (long long)num);
data/icu-68.1/source/test/intltest/intltest.cpp:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];    // nos changed from 10 to 64
data/icu-68.1/source/test/intltest/intltest.cpp:121:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%1.14e", num);
data/icu-68.1/source/test/intltest/intltest.cpp:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];   // was 32, made it arbitrarily bigger (rtg)
data/icu-68.1/source/test/intltest/intltest.cpp:139:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%.17g", num);
data/icu-68.1/source/test/intltest/intltest.cpp:456:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char p[sizeof(__FILE__) + 10];
data/icu-68.1/source/test/intltest/intltest.cpp:782:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[256];
data/icu-68.1/source/test/intltest/intltest.cpp:795:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char secs[256];
data/icu-68.1/source/test/intltest/intltest.cpp:797:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
              sprintf(secs, "%f", (timeStop-timeStart)/1000.0);
data/icu-68.1/source/test/intltest/intltest.cpp:969:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:983:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:997:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1014:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fullpath[2048];
data/icu-68.1/source/test/intltest/intltest.cpp:1035:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1047:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1070:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1081:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1092:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4000];
data/icu-68.1/source/test/intltest/intltest.cpp:1150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[30000];
data/icu-68.1/source/test/intltest/intltest.cpp:1245:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *props[IntlTest::kMaxProps];
data/icu-68.1/source/test/intltest/intltest.cpp:1297:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                threadCount = atoi(str + 8);
data/icu-68.1/source/test/intltest/intltest.cpp:1507:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char baseName[1024];
data/icu-68.1/source/test/intltest/intltest.cpp:1562:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          FILE *summf = fopen(summary_file, "w");
data/icu-68.1/source/test/intltest/intltest.cpp:1564:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[10000];
data/icu-68.1/source/test/intltest/intltest.cpp:1630:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(tdpath,"testdata");
data/icu-68.1/source/test/intltest/intltest.cpp:1657:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(".." U_FILE_SEP_STRING ".." U_FILE_SEP_STRING "test" U_FILE_SEP_STRING "testdata" U_FILE_SEP_STRING "rbbitst.txt", "r");
data/icu-68.1/source/test/intltest/intltest.cpp:1676:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(path, "unidata" U_FILE_SEP_STRING "UnicodeData.txt");
data/icu-68.1/source/test/intltest/intltest.cpp:1677:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(path, "r");
data/icu-68.1/source/test/intltest/intltest.cpp:1703:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(path, "unidata" U_FILE_SEP_STRING "UnicodeData.txt");
data/icu-68.1/source/test/intltest/intltest.cpp:1704:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(path, "r");
data/icu-68.1/source/test/intltest/intltest.cpp:1742:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char p[sizeof(__FILE__) + 10];
data/icu-68.1/source/test/intltest/intltest.cpp:1765:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(".." U_FILE_SEP_STRING ".." U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "Makefile.in", "r");
data/icu-68.1/source/test/intltest/intltest.cpp:2200:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ASSERT_BUF[256];
data/icu-68.1/source/test/intltest/intltest.h:384:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char basePath[1024];
data/icu-68.1/source/test/intltest/intltest.h:385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char currName[1024]; // current test name
data/icu-68.1/source/test/intltest/itrbnf.cpp:1117:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64]; // ascii
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:280:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:286:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buf, "%.12g", i);
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:303:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(buf, "Round-trip status failure: %.12g, status: %d", i, status);
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:312:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "Round-trip failed: %.12g -> %.12g", i, rt);
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:330:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "Round-trip status failure: %.12g, status: %d", d, status);
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:340:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(buf, "Round-trip failed: %.12g -> ", d);
data/icu-68.1/source/test/intltest/itrbnfrt.cpp:343:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(buf, " -> %.12g", rt);
data/icu-68.1/source/test/intltest/itspoof.cpp:343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2000];
data/icu-68.1/source/test/intltest/itspoof.cpp:350:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LocalStdioFilePointer f(fopen(buffer, "rb"));
data/icu-68.1/source/test/intltest/itspoof.cpp:576:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgBuffer[100];
data/icu-68.1/source/test/intltest/itspoof.cpp:606:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msgBuffer, "testNum = %d, levelIndex = %d, expected = %#x, actual = %#x",
data/icu-68.1/source/test/intltest/itspoof.cpp:649:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msgBuf[100];
data/icu-68.1/source/test/intltest/itspoof.cpp:650:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msgBuf, "testNum = %d ", testNum);
data/icu-68.1/source/test/intltest/listformattertest.cpp:84:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/icu-68.1/source/test/intltest/listformattertest.cpp:554:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char * badStyles[4] = { "", "duration", "duration-short", "something-clearly-wrong" };
data/icu-68.1/source/test/intltest/loctest.cpp:468:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            temp2[20];
data/icu-68.1/source/test/intltest/loctest.cpp:483:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(temp2, "%x", (int)testLocale.getLCID());
data/icu-68.1/source/test/intltest/loctest.cpp:910:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char spotCheck1[ ][4] = { "en", "es", "fr", "de", "it",
data/icu-68.1/source/test/intltest/loctest.cpp:988:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char        szName[200];
data/icu-68.1/source/test/intltest/loctest.cpp:3860:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *expectedKeywords[10];
data/icu-68.1/source/test/intltest/loctest.cpp:4034:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/intltest/loctest.cpp:4161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/intltest/loctest.cpp:5237:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[50];
data/icu-68.1/source/test/intltest/loctest.cpp:5292:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  posixID[BUFFER_SIZE];
data/icu-68.1/source/test/intltest/loctest.cpp:5361:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testPath[400];
data/icu-68.1/source/test/intltest/loctest.cpp:5362:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[256];
data/icu-68.1/source/test/intltest/loctest.cpp:5364:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(testPath, "localeCanonicalization.txt");
data/icu-68.1/source/test/intltest/loctest.cpp:5365:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LocalStdioFilePointer testFile(fopen(testPath, "r"));
data/icu-68.1/source/test/intltest/loctest.cpp:6009:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/intltest/loctest.cpp:6308:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keyword[3];
data/icu-68.1/source/test/intltest/measfmttest.cpp:2763:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *expected[2][3] = {
data/icu-68.1/source/test/intltest/nmfmtrt.cpp:360:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char temp[16];
data/icu-68.1/source/test/intltest/nmfmtrt.cpp:361:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(temp, "%4X", c);        // might not work
data/icu-68.1/source/test/intltest/normconf.cpp:71:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char unidataPath[2000];
data/icu-68.1/source/test/intltest/normconf.cpp:164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuf[BUF_SIZE];
data/icu-68.1/source/test/intltest/normconf.cpp:259:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(lineBuf, "not mentioned code point U+%04lx", (long)c);
data/icu-68.1/source/test/intltest/normconf.cpp:438:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const kModeStrings[UNORM_MODE_COUNT] = {
data/icu-68.1/source/test/intltest/normconf.cpp:442:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const kMessages[UNORM_MODE_COUNT] = {
data/icu-68.1/source/test/intltest/normconf.cpp:451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[20];
data/icu-68.1/source/test/intltest/numberformattesttuple.cpp:193:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/intltest/numberformattesttuple.cpp:195:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%f", x);
data/icu-68.1/source/test/intltest/numbertest_doubleconversion.cpp:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[DoubleToStringConverter::kBase10MaximalLength + 1];
data/icu-68.1/source/test/intltest/numbertest_permutation.cpp:192:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        outFile.open(goldenFilePath.data());
data/icu-68.1/source/test/intltest/numfmtst.cpp:938:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[256]={0};
data/icu-68.1/source/test/intltest/numfmtst.cpp:964:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char loc[256]={0};
data/icu-68.1/source/test/intltest/numfmtst.cpp:3120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char theInfo[100];
data/icu-68.1/source/test/intltest/numfmtst.cpp:3126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char theOperation[100];
data/icu-68.1/source/test/intltest/numfmtst.cpp:6658:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/icu-68.1/source/test/intltest/numfmtst.cpp:7056:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char loc[256]={0};
data/icu-68.1/source/test/intltest/numfmtst.cpp:7418:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char decNumChars[200];
data/icu-68.1/source/test/intltest/numfmtst.cpp:8286:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  buf[50];
data/icu-68.1/source/test/intltest/numfmtst.cpp:8288:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%lld", (long long)num);
data/icu-68.1/source/test/intltest/numfmtst.cpp:8298:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buf, "%lld", (long long)num);
data/icu-68.1/source/test/intltest/numrgts.cpp:852:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[256] = {0};
data/icu-68.1/source/test/intltest/numrgts.cpp:918:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[256]={0};
data/icu-68.1/source/test/intltest/numrgts.cpp:1061:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[256]={0};
data/icu-68.1/source/test/intltest/numrgts.cpp:1127:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char loc[256]={0};
data/icu-68.1/source/test/intltest/numrgts.cpp:1577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf [128];
data/icu-68.1/source/test/intltest/numrgts.cpp:1578:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%g", bigN);
data/icu-68.1/source/test/intltest/numrgts.cpp:2749:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char _msg[1000]; \
data/icu-68.1/source/test/intltest/plurults.cpp:185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result[100];
data/icu-68.1/source/test/intltest/plurults.cpp:574:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char errMsg[1000];
data/icu-68.1/source/test/intltest/plurults.cpp:865:60:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int fractionDigits = fractionDigitCount == 0 ? 0 : atoi(decimalPoint + 1);
data/icu-68.1/source/test/intltest/rbbiapts.cpp:1104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(clonedRules, binRules, ruleLength);
data/icu-68.1/source/test/intltest/rbbiapts.cpp:1201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[100];
data/icu-68.1/source/test/intltest/rbbiapts.cpp:1202:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp,"%d ",pos[i]);
data/icu-68.1/source/test/intltest/rbbimonkeytest.cpp:594:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cName[200];
data/icu-68.1/source/test/intltest/rbbitst.cpp:171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[100];
data/icu-68.1/source/test/intltest/rbbitst.cpp:854:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char localeName8[100];
data/icu-68.1/source/test/intltest/rbbitst.cpp:954:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char charNameBuf[200];
data/icu-68.1/source/test/intltest/rbbitst.cpp:1203:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/test/intltest/rbbitst.cpp:1400:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testFileName[1000];
data/icu-68.1/source/test/intltest/rbbitst.cpp:1468:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[10];
data/icu-68.1/source/test/intltest/rbbitst.cpp:1497:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char token[16];
data/icu-68.1/source/test/intltest/rbbitst.cpp:3500:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char valString[100];
data/icu-68.1/source/test/intltest/rbbitst.cpp:3953:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[100];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4045:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             expectedBreaks[TESTSTRINGLEN*2 + 1];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4046:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             forwardBreaks[TESTSTRINGLEN*2 + 1];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4047:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             reverseBreaks[TESTSTRINGLEN*2+1];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4048:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             isBoundaryBreaks[TESTSTRINGLEN*2+1];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4049:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             followingBreaks[TESTSTRINGLEN*2+1];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4050:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             precedingBreaks[TESTSTRINGLEN*2+1];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4292:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char hexCodePoint[12];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4300:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char cName[200];
data/icu-68.1/source/test/intltest/rbbitst.cpp:4304:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buffer[200];
data/icu-68.1/source/test/intltest/regextst.cpp:137:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf(bufPtr,"U+%04X", c);
data/icu-68.1/source/test/intltest/regextst.cpp:157:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ASSERT_BUF[1024];
data/icu-68.1/source/test/intltest/regextst.cpp:161:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(ASSERT_BUF, "[[empty UnicodeString]]");
data/icu-68.1/source/test/intltest/regextst.cpp:166:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(ASSERT_BUF, "[[escape() returned 0 chars]]");
data/icu-68.1/source/test/intltest/regextst.cpp:173:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(ASSERT_BUF+strlen(ASSERT_BUF),"\\u%02x",ch);
data/icu-68.1/source/test/intltest/regextst.cpp:183:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200]; \
data/icu-68.1/source/test/intltest/regextst.cpp:267:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[201 /*21*/];
data/icu-68.1/source/test/intltest/regextst.cpp:268:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char expectedBuf[201];
data/icu-68.1/source/test/intltest/regextst.cpp:289:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[201 /*21*/];
data/icu-68.1/source/test/intltest/regextst.cpp:290:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char expectedBuf[201];
data/icu-68.1/source/test/intltest/regextst.cpp:318:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char inv_buf[INV_BUFSIZ];
data/icu-68.1/source/test/intltest/regextst.cpp:2608:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char str_v[24] = { 0x54, 0x68, 0x65, 0x20, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x5c, 0x24, 0x31, 0x20, 0x69, 0x73, 0x20, 0x24, 0x31, 0x2e, 0x00 }; /* The value of \$1 is $1. */
data/icu-68.1/source/test/intltest/regextst.cpp:3150:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
RegexTest::getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/intltest/regextst.cpp:3164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tdd[2048];
data/icu-68.1/source/test/intltest/regextst.cpp:3890:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/test/intltest/regextst.cpp:4022:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tdd[2048];
data/icu-68.1/source/test/intltest/regextst.cpp:4382:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tdd[2048];
data/icu-68.1/source/test/intltest/regextst.cpp:5453:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nnbuf[100];
data/icu-68.1/source/test/intltest/regextst.cpp:5458:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(nnbuf, "(?<nn%d>)", nn);
data/icu-68.1/source/test/intltest/regextst.cpp:5465:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(nnbuf, "nn%d", nn);
data/icu-68.1/source/test/intltest/regextst.cpp:5476:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(nnbuf, "(?<nn%d>)", nn);
data/icu-68.1/source/test/intltest/regextst.h:75:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/regextst.h:75:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/regiontst.cpp:606:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *testData[6][17] = {
data/icu-68.1/source/test/intltest/regiontst.cpp:686:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char availableTerritoriesString[1024] = "";
data/icu-68.1/source/test/intltest/regiontst.cpp:687:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char containedInWorldString[1024] = "";
data/icu-68.1/source/test/intltest/reldatefmttest.cpp:1201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/intltest/reldatefmttest.cpp:1230:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/intltest/reldatefmttest.cpp:1253:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/intltest/restest.cpp:307:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(versionID1, "44.0");  // hardcoded, please change if the default.txt file or ResourceBundle::kVersionSeparater is changed.
data/icu-68.1/source/test/intltest/restest.cpp:309:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(versionID2, "55.0");  // hardcoded, please change if the te_IN.txt file or ResourceBundle::kVersionSeparater is changed.
data/icu-68.1/source/test/intltest/restest.cpp:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[100];
data/icu-68.1/source/test/intltest/restest.cpp:456:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[32];
data/icu-68.1/source/test/intltest/restest.cpp:479:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[32];
data/icu-68.1/source/test/intltest/restsnew.cpp:326:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(versionID1, "44.0");  // hardcoded, please change if the default.txt file or ResourceBundle::kVersionSeparater is changed.
data/icu-68.1/source/test/intltest/restsnew.cpp:328:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(versionID2, "55.0");  // hardcoded, please change if the te_IN.txt file or ResourceBundle::kVersionSeparater is changed.
data/icu-68.1/source/test/intltest/restsnew.cpp:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/icu-68.1/source/test/intltest/restsnew.cpp:429:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            CONFIRM_EQ(count, atoi(data[i+1]));
data/icu-68.1/source/test/intltest/restsnew.cpp:585:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[5];
data/icu-68.1/source/test/intltest/restsnew.cpp:694:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[100];
data/icu-68.1/source/test/intltest/restsnew.cpp:812:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[32];
data/icu-68.1/source/test/intltest/restsnew.cpp:847:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[32];
data/icu-68.1/source/test/intltest/restsnew.cpp:897:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           char buf[32];
data/icu-68.1/source/test/intltest/restsnew.cpp:937:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char buf[32];
data/icu-68.1/source/test/intltest/restsnew.cpp:1016:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[32];
data/icu-68.1/source/test/intltest/restsnew.cpp:1019:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char item_tag[8];
data/icu-68.1/source/test/intltest/restsnew.cpp:1070:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char action[256];
data/icu-68.1/source/test/intltest/restsnew.cpp:1104:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of string with embeded zero");
data/icu-68.1/source/test/intltest/restsnew.cpp:1121:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of binary type");
data/icu-68.1/source/test/intltest/restsnew.cpp:1134:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of imported binary type");
data/icu-68.1/source/test/intltest/restsnew.cpp:1147:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting and testing of integer types");
data/icu-68.1/source/test/intltest/restsnew.cpp:1159:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting minusone");
data/icu-68.1/source/test/intltest/restsnew.cpp:1172:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(action, "getting plusone");
data/icu-68.1/source/test/intltest/srchtest.cpp:221:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char   result[1024];
data/icu-68.1/source/test/intltest/srchtest.cpp:232:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(result+index, "\\u%04x", ch);
data/icu-68.1/source/test/intltest/ssearch.cpp:33:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char testId[100];
data/icu-68.1/source/test/intltest/ssearch.cpp:109:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *SSearchTest::getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/intltest/ssearch.cpp:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_BUFFER_SIZE];
data/icu-68.1/source/test/intltest/ssearch.cpp:210:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char  clocale[100];
data/icu-68.1/source/test/intltest/ssearch.cpp:536:18:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            s += sprintf(s, ", ");
data/icu-68.1/source/test/intltest/ssearch.cpp:539:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        s += sprintf(s, "(%d, %d)", order->lowOffset, order->highOffset);
data/icu-68.1/source/test/intltest/ssearch.cpp:554:18:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            s += sprintf(s, ", ");
data/icu-68.1/source/test/intltest/ssearch.cpp:557:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        s += sprintf(s, "%8.8X", order->order);
data/icu-68.1/source/test/intltest/ssearch.cpp:634:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096];  // A bit of a hack... just happens to be long enough for all the test cases...
data/icu-68.1/source/test/intltest/ssearch.cpp:711:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char cbuffer[12];
data/icu-68.1/source/test/intltest/ssearch.cpp:714:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(cbuffer, "\\u%4.4X", ch);
data/icu-68.1/source/test/intltest/ssearch.cpp:716:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(cbuffer, "\\U%8.8X", ch);
data/icu-68.1/source/test/intltest/ssearch.cpp:1289:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char valString[100];
data/icu-68.1/source/test/intltest/ssearch.cpp:1440:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[100];
data/icu-68.1/source/test/intltest/ssearch.h:43:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char   *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/ssearch.h:43:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    virtual const char   *getPath(char buffer[2048], const char *filename);
data/icu-68.1/source/test/intltest/strcase.cpp:410:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const dataNames[TEST_COUNT+1]={
data/icu-68.1/source/test/intltest/strcase.cpp:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8In[100], utf8Out[100];
data/icu-68.1/source/test/intltest/strcase.cpp:532:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cLocaleID[100];
data/icu-68.1/source/test/intltest/strcase.cpp:750:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest8[1000];
data/icu-68.1/source/test/intltest/strcase.cpp:763:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest8b[1000];
data/icu-68.1/source/test/intltest/strcase.cpp:874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char src[1] = { (char)0x85 };  // malformed UTF-8
data/icu-68.1/source/test/intltest/strcase.cpp:875:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[3] = { 0, 0, 0 };
data/icu-68.1/source/test/intltest/strcase.cpp:1335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[50];
data/icu-68.1/source/test/intltest/strtest.cpp:578:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(fOutbuf, bytes, n);
data/icu-68.1/source/test/intltest/strtest.cpp:593:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/icu-68.1/source/test/intltest/strtest.cpp:602:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scratch[20];
data/icu-68.1/source/test/intltest/strtest.cpp:622:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];  // < 26 for the test code to work
data/icu-68.1/source/test/intltest/strtest.cpp:633:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scratch[10];
data/icu-68.1/source/test/intltest/strtest.cpp:650:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, "defghijklm", 10);
data/icu-68.1/source/test/intltest/strtest.cpp:663:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, "nopqrstuvw", 10);
data/icu-68.1/source/test/intltest/strtest.cpp:734:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expected[400];
data/icu-68.1/source/test/intltest/strtest.cpp:764:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(expected, "abcdef");
data/icu-68.1/source/test/intltest/strtest.cpp:774:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, "*****", 5);
data/icu-68.1/source/test/intltest/strtest.cpp:777:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(expected, "**");
data/icu-68.1/source/test/intltest/strtest.cpp:818:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[10];
data/icu-68.1/source/test/intltest/strtest.cpp:824:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buffer, "012345");
data/icu-68.1/source/test/intltest/strtest.cpp:830:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buffer, "012345");
data/icu-68.1/source/test/intltest/testidn.cpp:205:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[3][2];
data/icu-68.1/source/test/intltest/testidna.cpp:471:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tSrc,src,tSrcLen * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1017:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(odd,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1018:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(even,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1054:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(odd,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1055:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(even,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1092:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(odd,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1093:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(even,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1127:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(odd,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/testidna.cpp:1128:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(even,expected,(expectedLen+1) * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/intltest/tfsmalls.cpp:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[tempLen];
data/icu-68.1/source/test/intltest/thcoll.cpp:356:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *tests[LINES] = {
data/icu-68.1/source/test/intltest/tmsgfmt.cpp:228:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char convert[20];
data/icu-68.1/source/test/intltest/tmsgfmt.cpp:229:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( convert, "%lf", obj.getDouble() );
data/icu-68.1/source/test/intltest/tmsgfmt.cpp:1018:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bbuf[96];
data/icu-68.1/source/test/intltest/tmsgfmt.cpp:1719:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/icu-68.1/source/test/intltest/tmsgfmt.cpp:1720:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf2[BUF2_LEN];
data/icu-68.1/source/test/intltest/transapi.cpp:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/icu-68.1/source/test/intltest/transapi.cpp:40:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(buffer);
data/icu-68.1/source/test/intltest/transrt.cpp:541:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[100];
data/icu-68.1/source/test/intltest/transrt.cpp:546:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char str[100];
data/icu-68.1/source/test/intltest/transrt.cpp:981:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[TEMP_MAX];
data/icu-68.1/source/test/intltest/transrt.cpp:1004:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[TEMP_MAX];
data/icu-68.1/source/test/intltest/transrt.cpp:1122:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE *out = fopen(filename, "w");
data/icu-68.1/source/test/intltest/transtst.cpp:3528:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buffer, "\\u%04x", (int)ch);
data/icu-68.1/source/test/intltest/transtst.cpp:3530:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buffer, "\\U%08x", (int)ch);
data/icu-68.1/source/test/intltest/transtst.cpp:3538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/icu-68.1/source/test/intltest/transtst.cpp:4092:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[256]={'\0'};
data/icu-68.1/source/test/intltest/transtst.cpp:4093:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char abbr[256]={'\0'};
data/icu-68.1/source/test/intltest/transtst.cpp:4094:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newId[256]={'\0'};
data/icu-68.1/source/test/intltest/transtst.cpp:4095:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newAbbrId[256]={'\0'};
data/icu-68.1/source/test/intltest/transtst.cpp:4096:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldId[256]={'\0'};
data/icu-68.1/source/test/intltest/transtst.cpp:4097:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char oldAbbrId[256]={'\0'};
data/icu-68.1/source/test/intltest/tscoll.cpp:164:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char utf8Source[256], utf8Target[256];
data/icu-68.1/source/test/intltest/tsmthred.cpp:110:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char threadTestChars[THREADTEST_NRTHREADS + 1];
data/icu-68.1/source/test/intltest/tsmthred.cpp:798:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testDataPath[1024];
data/icu-68.1/source/test/intltest/tsmthred.cpp:804:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(testDataPath, "CollationTest_");
data/icu-68.1/source/test/intltest/tsmthred.cpp:812:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/test/intltest/tsmthred.cpp:825:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    testFile = fopen(buffer, "rb");
data/icu-68.1/source/test/intltest/tsmthred.cpp:828:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(buffer+bufLen, "_SHORT");
data/icu-68.1/source/test/intltest/tsmthred.cpp:830:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        testFile = fopen(buffer, "rb");
data/icu-68.1/source/test/intltest/tsmthred.cpp:833:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(buffer+bufLen, "_STUB");
data/icu-68.1/source/test/intltest/tsmthred.cpp:835:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            testFile = fopen(buffer, "rb");
data/icu-68.1/source/test/intltest/tstnorm.cpp:694:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char history[64];
data/icu-68.1/source/test/intltest/tstnorm.cpp:706:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char history[64];
data/icu-68.1/source/test/intltest/tstnorm.cpp:1406:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const kModeStrings[UNORM_MODE_COUNT] = {
data/icu-68.1/source/test/intltest/tufmtts.cpp:140:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char formatResult[1000];
data/icu-68.1/source/test/intltest/tufmtts.cpp:420:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char tmp[128];    //output
data/icu-68.1/source/test/intltest/tufmtts.cpp:421:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char tmp1[128];    //expected
data/icu-68.1/source/test/intltest/tztest.cpp:540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[4] = {0};
data/icu-68.1/source/test/intltest/tztest.cpp:2297:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char  name[100];
data/icu-68.1/source/test/intltest/tztest.cpp:2358:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region[4];
data/icu-68.1/source/test/intltest/tztest.cpp:2385:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region2[2];
data/icu-68.1/source/test/intltest/tztest.cpp:2403:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char region1[1];
data/icu-68.1/source/test/intltest/ucaconf.cpp:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/test/intltest/ucaconf.cpp:128:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    testFile = fopen(buffer, "rb");
data/icu-68.1/source/test/intltest/ucaconf.cpp:133:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        testFile = fopen(buffer, "rb");
data/icu-68.1/source/test/intltest/ucaconf.cpp:138:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            testFile = fopen(buffer, "rb");
data/icu-68.1/source/test/intltest/ucaconf.cpp:194:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineB1[1024], lineB2[1024];
data/icu-68.1/source/test/intltest/ucaconf.h:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char testDataPath[1024];
data/icu-68.1/source/test/intltest/ucdtest.cpp:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[500];
data/icu-68.1/source/test/intltest/ucdtest.cpp:219:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(basename, "DerivedCoreProperties.txt");
data/icu-68.1/source/test/intltest/ucdtest.cpp:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[2][2];
data/icu-68.1/source/test/intltest/ucdtest.cpp:229:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(basename, "DerivedNormalizationProps.txt");
data/icu-68.1/source/test/intltest/ucharstrietest.cpp:1095:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[1000];
data/icu-68.1/source/test/intltest/units_test.cpp:380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[kNumFields][2];
data/icu-68.1/source/test/intltest/units_test.cpp:726:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[10000];
data/icu-68.1/source/test/intltest/units_test.cpp:824:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[maxFields][2];
data/icu-68.1/source/test/intltest/uobjtest.cpp:102:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *ids_factory[MAX_CLASS_ID];
data/icu-68.1/source/test/intltest/uobjtest.cpp:103:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *ids_class[MAX_CLASS_ID];
data/icu-68.1/source/test/intltest/uobjtest.cpp:115:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char count[100];
data/icu-68.1/source/test/intltest/uobjtest.cpp:116:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(count, " (currently %d) ", MAX_CLASS_ID);
data/icu-68.1/source/test/intltest/uobjtest.cpp:126:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[500];
data/icu-68.1/source/test/intltest/uobjtest.cpp:127:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(tmp, " [static=%p, dynamic=%p] ", staticID, dynamicID);
data/icu-68.1/source/test/intltest/uobjtest.cpp:184:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmp[500];
data/icu-68.1/source/test/intltest/uobjtest.cpp:185:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(tmp, " [dynamic=%p] ", dynamicID);
data/icu-68.1/source/test/intltest/uobjtest.cpp:499:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char junk[800];
data/icu-68.1/source/test/intltest/uobjtest.cpp:510:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(UnicodeString) char bytes[sizeof(UnicodeString)];
data/icu-68.1/source/test/intltest/usettest.cpp:2423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char utf8[1024];
data/icu-68.1/source/test/intltest/usettest.cpp:3025:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     ((const char *)s)[start]==0
data/icu-68.1/source/test/intltest/usettest.cpp:3091:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *const setNames[SET_COUNT]={
data/icu-68.1/source/test/intltest/usettest.cpp:3151:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(expectLimits, limits, limitsCount*4);
data/icu-68.1/source/test/intltest/usettest.cpp:3672:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testName[1024];
data/icu-68.1/source/test/intltest/usettest.cpp:3756:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(testNameLimit, "bad_string");
data/icu-68.1/source/test/intltest/usettest.cpp:3759:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(testNameLimit+10 /* strlen("bad_string") */,
data/icu-68.1/source/test/intltest/usettest.cpp:3767:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(testNameLimit, "contents");
data/icu-68.1/source/test/intltest/usettest.cpp:3770:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(testNameLimit+8 /* strlen("contents") */,
data/icu-68.1/source/test/intltest/usettest.cpp:3778:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(testNameLimit, "test_string");
data/icu-68.1/source/test/intltest/usettest.cpp:3781:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(testNameLimit+11 /* strlen("test_string") */,
data/icu-68.1/source/test/intltest/ustrtest.cpp:252:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[16];
data/icu-68.1/source/test/intltest/ustrtest.cpp:471:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           test4[13] = {1, 2, 3, 4, 5, 6, 7, 8, 8, 10, 11, 12, 13};
data/icu-68.1/source/test/intltest/ustrtest.cpp:473:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char           test6[13] = {1, 2, 3, 4, 5, 6, 7, 8, 8, 10, 11, 12, 13};
data/icu-68.1/source/test/intltest/ustrtest.cpp:584:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[32];
data/icu-68.1/source/test/intltest/ustrtest.cpp:1914:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[64];
data/icu-68.1/source/test/intltest/ustrtest.cpp:2223:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t arr[4];
data/icu-68.1/source/test/intltest/uts46test.cpp:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[100];
data/icu-68.1/source/test/intltest/uts46test.cpp:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400];
data/icu-68.1/source/test/intltest/uts46test.cpp:716:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[400], buffer2[400];
data/icu-68.1/source/test/intltest/uts46test.cpp:1146:40:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    LocalStdioFilePointer idnaTestFile(fopen(path.data(), "r"));
data/icu-68.1/source/test/intltest/uts46test.cpp:1155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[kNumFields][2];
data/icu-68.1/source/test/intltest/windttst.cpp:147:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char localeID[64];
data/icu-68.1/source/test/intltest/winnmtst.cpp:139:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t nStackBuffer[STACK_BUFFER_SIZE];
data/icu-68.1/source/test/intltest/winnmtst.cpp:186:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t stackBuffer[STACK_BUFFER_SIZE];
data/icu-68.1/source/test/intltest/winnmtst.cpp:282:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char localeID[128];
data/icu-68.1/source/test/intltest/winnmtst.cpp:312:9:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
        strcat(localeID, "compat=host");
data/icu-68.1/source/test/intltest/winutil.cpp:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeID[ULOC_FULLNAME_CAPACITY];
data/icu-68.1/source/test/intltest/winutil.cpp:63:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lcidRecords[lcidCount].localeID, localeID, localeIDLen);
data/icu-68.1/source/test/iotest/filetst.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myString[256] = "";
data/icu-68.1/source/test/iotest/filetst.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testBuf[256] = "";
data/icu-68.1/source/test/iotest/filetst.c:355:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    standardFile = fopen(STANDARD_TEST_FILE, "w");
data/icu-68.1/source/test/iotest/filetst.c:364:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    standardFile = fopen(STANDARD_TEST_FILE, "w");
data/icu-68.1/source/test/iotest/filetst.c:627:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charBuffer[2048];
data/icu-68.1/source/test/iotest/filetst.c:630:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *stdFile = fopen(STANDARD_TEST_FILE, "w");
data/icu-68.1/source/test/iotest/filetst.c:650:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    stdFile = fopen(STANDARD_TEST_FILE, "r");
data/icu-68.1/source/test/iotest/filetst.c:766:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *stdFile = fopen(STANDARD_TEST_FILE, "wb");
data/icu-68.1/source/test/iotest/filetst.c:830:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *stdFile = fopen(STANDARD_TEST_FILE, "wb");
data/icu-68.1/source/test/iotest/filetst.c:870:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char convName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/test/iotest/filetst.c:971:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    myCFile = fopen(STANDARD_TEST_FILE, "rb");
data/icu-68.1/source/test/iotest/filetst.c:1019:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char readBuf[512] = "";
data/icu-68.1/source/test/iotest/filetst.c:1020:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testBuf[512] = "";
data/icu-68.1/source/test/iotest/filetst.c:1055:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    myCFile = fopen(STANDARD_TEST_FILE, "rb");
data/icu-68.1/source/test/iotest/filetst.c:1064:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%x", (int)num);
data/icu-68.1/source/test/iotest/filetst.c:1070:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%X", (int)num);
data/icu-68.1/source/test/iotest/filetst.c:1076:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%o", (int)num);
data/icu-68.1/source/test/iotest/filetst.c:1083:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%d", (int)num);
data/icu-68.1/source/test/iotest/filetst.c:1089:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%i", (int)num);
data/icu-68.1/source/test/iotest/filetst.c:1095:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%f", (double)num);
data/icu-68.1/source/test/iotest/filetst.c:1113:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%g", (double)num);
data/icu-68.1/source/test/iotest/filetst.c:1119:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%G", (double)num);
data/icu-68.1/source/test/iotest/filetst.c:1184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/iotest/filetst.c:1185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char compBuffer[256];
data/icu-68.1/source/test/iotest/filetst.c:1306:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cNumPrinted = sprintf(buffer, "%d % d %d", -1234, 1234, 1234);
data/icu-68.1/source/test/iotest/filetst.c:1325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/iotest/filetst.c:1326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char compBuffer[256];
data/icu-68.1/source/test/iotest/iotest.cpp:46:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[4000];
data/icu-68.1/source/test/iotest/iotest.cpp:53:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[4000];
data/icu-68.1/source/test/iotest/iotest.cpp:60:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[4000];
data/icu-68.1/source/test/iotest/iotest.cpp:92:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            static char p[sizeof(__FILE__) + 10];
data/icu-68.1/source/test/iotest/iotest.cpp:115:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                FILE *file = fopen(".." U_FILE_SEP_STRING".." U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "Makefile.in", "r");
data/icu-68.1/source/test/iotest/iotest.cpp:154:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(tdpath,"testdata");
data/icu-68.1/source/test/iotest/iotest.cpp:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cBuffer[512];
data/icu-68.1/source/test/iotest/iotest.cpp:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cFormat[sizeof(cBuffer)];
data/icu-68.1/source/test/iotest/iotest.cpp:208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cExpected[sizeof(cBuffer)];
data/icu-68.1/source/test/iotest/iotest.cpp:407:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cBuffer[512];
data/icu-68.1/source/test/iotest/iotest.cpp:408:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cExpected[sizeof(cBuffer)];
data/icu-68.1/source/test/iotest/iotest.cpp:609:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cBuffer[512];
data/icu-68.1/source/test/iotest/iotest.cpp:610:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cFormat[sizeof(cBuffer)];
data/icu-68.1/source/test/iotest/iotest.cpp:611:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cExpected[sizeof(cBuffer)];
data/icu-68.1/source/test/iotest/iotest.cpp:768:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char p[sizeof(__FILE__) + 20];
data/icu-68.1/source/test/iotest/iotest.cpp:791:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(".." U_FILE_SEP_STRING ".." U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "Makefile.in", "r");
data/icu-68.1/source/test/iotest/iotest.cpp:898:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* fileToRemove = fopen(filenameToRemove, "r");
data/icu-68.1/source/test/iotest/stream.cpp:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defConvName[UCNV_MAX_CONVERTER_NAME_LENGTH*2];
data/icu-68.1/source/test/iotest/stream.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inStrC[128];
data/icu-68.1/source/test/iotest/stream.cpp:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testStreamBuf[512];
data/icu-68.1/source/test/iotest/stream.cpp:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testFormatStreamBuf[512];
data/icu-68.1/source/test/iotest/stream.cpp:151:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testLargeStreamBuf[512];
data/icu-68.1/source/test/iotest/stream.cpp:168:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expectedLargeStreamBuf[300];
data/icu-68.1/source/test/iotest/stream.cpp:309:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testcase[10];
data/icu-68.1/source/test/iotest/strtst.c:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myString[512] = "";
data/icu-68.1/source/test/iotest/strtst.c:254:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cBuffer[256];
data/icu-68.1/source/test/iotest/strtst.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cTestResult[256];
data/icu-68.1/source/test/iotest/strtst.c:388:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/iotest/strtst.c:389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char compBuffer[256];
data/icu-68.1/source/test/iotest/strtst.c:515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myString[256] = "";
data/icu-68.1/source/test/iotest/strtst.c:516:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testBuf[256] = "";
data/icu-68.1/source/test/iotest/strtst.c:524:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%x", (int)num);
data/icu-68.1/source/test/iotest/strtst.c:531:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%X", (int)num);
data/icu-68.1/source/test/iotest/strtst.c:538:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%o", (int)num);
data/icu-68.1/source/test/iotest/strtst.c:546:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%d", (int)num);
data/icu-68.1/source/test/iotest/strtst.c:553:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%i", (int)num);
data/icu-68.1/source/test/iotest/strtst.c:560:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%f", (double)num);
data/icu-68.1/source/test/iotest/strtst.c:581:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%g", (double)num);
data/icu-68.1/source/test/iotest/strtst.c:588:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%G", (double)num);
data/icu-68.1/source/test/iotest/strtst.c:599:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(testBuf, "%c", (char)num);
data/icu-68.1/source/test/iotest/strtst.c:612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/icu-68.1/source/test/iotest/strtst.c:613:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char compBuffer[256];
data/icu-68.1/source/test/iotest/trnstst.c:189:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    infile = fopen(STANDARD_TEST_FILE, "rb");
data/icu-68.1/source/test/letest/FontObject.cpp:22:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(fileName, "rb");
data/icu-68.1/source/test/letest/PortableFontInstance.cpp:90:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fFile = fopen(fileName, "rb");
data/icu-68.1/source/test/letest/cletest.c:375:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(".."U_FILE_SEP_STRING".."U_FILE_SEP_STRING"test"U_FILE_SEP_STRING"testdata"U_FILE_SEP_STRING"rbbitst.txt", "r");
data/icu-68.1/source/test/letest/cletest.c:389:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/letest/cletest.c:389:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/letest/cletest.c:400:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[2048];
data/icu-68.1/source/test/letest/cletest.c:498:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[2048];
data/icu-68.1/source/test/letest/gendata.cpp:57:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(".."U_FILE_SEP_STRING".."U_FILE_SEP_STRING"test"U_FILE_SEP_STRING"testdata"U_FILE_SEP_STRING"rbbitst.txt", "r");
data/icu-68.1/source/test/letest/gendata.cpp:71:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/letest/gendata.cpp:71:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/letest/gendata.cpp:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuffer[8 * 12 + 2];
data/icu-68.1/source/test/letest/gendata.cpp:112:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        bufp += sprintf(&lineBuffer[bufp], "0x%8.8X, ", longs[i]);
data/icu-68.1/source/test/letest/gendata.cpp:124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuffer[8 * 16 + 2];
data/icu-68.1/source/test/letest/gendata.cpp:135:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        bufp += sprintf(&lineBuffer[bufp], "%f, ", floats[i]);
data/icu-68.1/source/test/letest/gendata.cpp:150:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *outputFile = fopen(argv[1], "w");
data/icu-68.1/source/test/letest/gendata.cpp:157:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  tmString[64];
data/icu-68.1/source/test/letest/gendata.cpp:239:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char buf[2048];
data/icu-68.1/source/test/letest/gendata.cpp:258:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          char uversion_utf8[300];
data/icu-68.1/source/test/letest/letest.cpp:421:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(".." U_FILE_SEP_STRING ".." U_FILE_SEP_STRING "test" U_FILE_SEP_STRING "testdata" U_FILE_SEP_STRING "rbbitst.txt", "r");
data/icu-68.1/source/test/letest/letest.cpp:436:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/letest/letest.cpp:436:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *getPath(char buffer[2048], const char *filename) {
data/icu-68.1/source/test/letest/letest.cpp:455:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[16];
data/icu-68.1/source/test/letest/letest.cpp:501:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[32];
data/icu-68.1/source/test/letest/letest.cpp:543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[2048];
data/icu-68.1/source/test/letest/letest.cpp:570:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[2048];
data/icu-68.1/source/test/letest/letest.cpp:1011:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char p[sizeof(__FILE__) + 20];
data/icu-68.1/source/test/letest/letest.cpp:1034:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *file = fopen(".." U_FILE_SEP_STRING ".." U_FILE_SEP_STRING "data" U_FILE_SEP_STRING "Makefile.in", "r");
data/icu-68.1/source/test/letest/letest.h:34:37:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define ARRAY_COPY(dst, src, count) memcpy((void *) (dst), (void *) (src), (count) * sizeof (src)[0])
data/icu-68.1/source/test/letest/xmlreader.cpp:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[16];
data/icu-68.1/source/test/letest/xmlreader.cpp:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[32];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.cpp:238:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          out.open(argv[2]);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char charBuf[1000];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:244:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:469:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:516:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:628:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[256];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:629:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buf, "%gD", f.getDouble());
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:635:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[256];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:636:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buf, "%ldL", f.getLong());
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:667:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char stackBuffer[100];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:693:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char locale[25];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:716:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[500];
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:727:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(outbuf, "%lg", result);
data/icu-68.1/source/test/perf/DateFmtPerf/DateFmtPerf.h:752:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locale[25];
data/icu-68.1/source/test/perf/charperf/charperf.cpp:86:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        MIN_ = atoi(options[MIN_OPTION_].value);
data/icu-68.1/source/test/perf/charperf/charperf.cpp:89:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        MAX_ = atoi(options[MAX_OPTION_].value);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:409:81:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    ucol_getSortKey(gCol, gFileLines[line].name, len, (unsigned char *)gFileLines[line].icuSortKey, 5000);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:715:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:722:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:730:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:737:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:744:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:752:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:759:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sortBuf, gRandomLines, gNumFileLines * sizeof(Line *));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:902:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str + strindex, gFileLines[linecount].name, 
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1066:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str + strindex, gFileLines[linecount].name, 
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1235:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fFile                = fopen(fName, "rb");
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1331:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char  bytes[10];
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1575:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(gFileLines[gNumFileLines].name, buf, column * sizeof(UChar));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1622:77:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
             t = ucol_getSortKey(gCol, gFileLines[line].name, -1, (unsigned char *)gFileLines[line].icuSortKey , t);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1626:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
             memcpy(gFileLines[line].icuSortKey, buf, t);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1643:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
             memcpy(gFileLines[line].winSortKey, buf, t);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1652:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            t=strxfrm((char *)buf,  gFileLines[line].unixName,  sizeof(buf));
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1659:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(gFileLines[line].unixSortKey, buf, t);
data/icu-68.1/source/test/perf/collperf/collperf.cpp:98:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        posix_key[MAX_KEY_LENGTH];
data/icu-68.1/source/test/perf/collperf/collperf.cpp:369:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(base, backup, num * width);
data/icu-68.1/source/test/perf/collperf/collperf.cpp:384:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(base, backup, num * width);
data/icu-68.1/source/test/perf/collperf/collperf.cpp:455:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            return strcmp( (char *) rnd[i].icu_key, (char *) ord[j].icu_key );
data/icu-68.1/source/test/perf/collperf/collperf.cpp:455:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            return strcmp( (char *) rnd[i].icu_key, (char *) ord[j].icu_key );
data/icu-68.1/source/test/perf/collperf/collperf.cpp:771:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(icu_data->last(), line, len * sizeof(UChar));
data/icu-68.1/source/test/perf/collperf/collperf.cpp:805:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p, icu_data->dataOf(i), s);
data/icu-68.1/source/test/perf/collperf/collperf.cpp:840:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(win_data->last(), icu_data->dataOf(i), sizeof(WCHAR) * s);
data/icu-68.1/source/test/perf/collperf/collperf.cpp:871:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, rnd_index, count * sizeof(DataIndex));\
data/icu-68.1/source/test/perf/collperf2/collperf2.cpp:838:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, source, count * sizeof(UnicodeString *));
data/icu-68.1/source/test/perf/collperf2/collperf2.cpp:923:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, source, count * sizeof(StringPiece));
data/icu-68.1/source/test/perf/collperf2/collperf2.cpp:947:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, source, count * sizeof(StringPiece));
data/icu-68.1/source/test/perf/convperf/convperf.h:130:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        convNames = new const char *[availableConverters];
data/icu-68.1/source/test/perf/convperf/convperf.h:197:22:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
        int winSize =MultiByteToWideChar(uiCodePage,CONVERSION_FLAGS,src,srcLen,dest,dstLen);
data/icu-68.1/source/test/perf/convperf/convperf.h:210:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dest[MAX_BUF_SIZE];
data/icu-68.1/source/test/perf/convperf/convperf.h:335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst[MAX_BUF_SIZE];
data/icu-68.1/source/test/perf/convperf/convperf.h:444:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst[MAX_BUF_SIZE];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:112:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out=fopen(outName,"w");
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:274:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[100];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:335:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name2[100];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:338:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name2,"AttrNumTest:%d=%d", fAttr,fAttrValue);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:363:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name2[100];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:366:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name2,"NOXNumTest:%d=%d", fAttr,fAttrValue);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:402:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[100];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:442:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char strBuf[200];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:487:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[100];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:566:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char strBuf[200];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:614:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[100];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:657:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char strBuf[200];
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:735:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
OpenCloseTest(pattern,unum,open,{},(UNUM_PATTERN_DECIMAL,pattern,1,TEST_LOCALE,0,&setupStatus),{})
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:736:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
OpenCloseTest(default,unum,open,{},(UNUM_DEFAULT,NULL,-1,TEST_LOCALE,0,&setupStatus),{})
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:739:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
OpenCloseTest(gb18030,ucnv,open,{},("gb18030",&setupStatus),{})
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:742:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
OpenCloseTest(root,ures,open,{},(NULL,"root",&setupStatus),{})
data/icu-68.1/source/test/perf/howExpensiveIs/sieve.cpp:30:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sieve[SIEVE_SIZE];
data/icu-68.1/source/test/perf/leperf/FontObject.cpp:26:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(fileName, "rb");
data/icu-68.1/source/test/perf/leperf/PortableFontInstance.cpp:94:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fFile = fopen(fileName, "rb");
data/icu-68.1/source/test/perf/leperf/xmlreader.cpp:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[16];
data/icu-68.1/source/test/perf/leperf/xmlreader.cpp:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char number[32];
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:508:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fFile                = fopen(fName, "rb");
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:604:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char  bytes[10];
data/icu-68.1/source/test/perf/unisetperf/unisetperf.cpp:319:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char utf8[4];
data/icu-68.1/source/test/perf/unisetperf/unisetperf.cpp:365:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char utf8[4];
data/icu-68.1/source/test/perf/ustrperf/stringperf.cpp:101:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(filelines_[i].name, filelines[i].name, len * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/perf/ustrperf/stringperf.cpp:114:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(StrBuffer, src, srcLen * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:40:1:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
wchar_t simulate[2]={wTESTCHAR1, 0};
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:57:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t   name[100];
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:196:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(src_, source, sourceLen * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:218:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(src_, source, sourceLen * U_SIZEOF_UCHAR);
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:249:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t ws[100];
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:258:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(wlines_[i].name, wcs, wl * sizeof(wchar_t));
data/icu-68.1/source/test/perf/ustrperf/stringperf.h:263:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(wlines_[i].name, wcs, wl*sizeof(wchar_t));
data/icu-68.1/source/test/perf/utfperf/utfperf.cpp:36:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char utf8[INPUT_CAPACITY];
data/icu-68.1/source/test/perf/utfperf/utfperf.cpp:40:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char intermediate[OUTPUT_CAPACITY];
data/icu-68.1/source/test/perf/utfperf/utfperf.cpp:77:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            chunkLength = atoi(options[CHUNK_LENGTH].value);
data/icu-68.1/source/test/perf/utfperf/utfperf.cpp:83:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pivotLength = atoi(options[PIVOT_LENGTH].value);
data/icu-68.1/source/test/thaitest/thaitest.cpp:315:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fileName, "rb");
data/icu-68.1/source/test/thaitest/thaitest.cpp:407:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[1024];
data/icu-68.1/source/tools/ctestfw/ctest.c:49:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[1]; /* This is dynamically allocated off the end with malloc. */
data/icu-68.1/source/tools/ctestfw/ctest.c:64:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ERROR_LOG[MAX_TEST_LOG][MAXTESTNAME];
data/icu-68.1/source/tools/ctestfw/ctest.c:118:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char gTestName[1024] = "";
data/icu-68.1/source/tools/ctestfw/ctest.c:133:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char XML_PREFIX[256];
data/icu-68.1/source/tools/ctestfw/ctest.c:160:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char n[255];
data/icu-68.1/source/tools/ctestfw/ctest.c:299:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "[(%.0fm %.1fs)]", mins, (deltaTime-(mins*60000.0))/1000.0);
data/icu-68.1/source/tools/ctestfw/ctest.c:301:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "((%.1fs))", deltaTime/1000.0);
data/icu-68.1/source/tools/ctestfw/ctest.c:303:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, "( %.2fs )", deltaTime/1000.0);
data/icu-68.1/source/tools/ctestfw/ctest.c:305:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(str, " (%.0fms) ", deltaTime);
data/icu-68.1/source/tools/ctestfw/ctest.c:312:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[256];
data/icu-68.1/source/tools/ctestfw/ctest.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pathToFunction[MAXTESTNAME] = "";
data/icu-68.1/source/tools/ctestfw/ctest.c:335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char separatorString[2] = { TEST_SEPARATOR, '\0'};
data/icu-68.1/source/tools/ctestfw/ctest.c:376:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char timeDelta[256];
data/icu-68.1/source/tools/ctestfw/ctest.c:377:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char timeSeconds[256];
data/icu-68.1/source/tools/ctestfw/ctest.c:407:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(timeSeconds, "%f", (stopTime-startTime)/1000.0);
data/icu-68.1/source/tools/ctestfw/ctest.c:541:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	  FILE *summf = fopen(SUMMARY_FILE, "w");
data/icu-68.1/source/tools/ctestfw/ctest.c:700:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/icu-68.1/source/tools/ctestfw/ctest.c:895:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[500];
data/icu-68.1/source/tools/ctestfw/ctest.c:904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[500];
data/icu-68.1/source/tools/ctestfw/ctest.c:923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[500];
data/icu-68.1/source/tools/ctestfw/ctest.c:1273:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  XML_FILE = fopen(XML_FILE_NAME,"w");
data/icu-68.1/source/tools/ctestfw/datamap.cpp:23:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ch[256];
data/icu-68.1/source/tools/ctestfw/datamap.cpp:28:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  return atoi(ch);
data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp:41:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[4000];
data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp:68:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[4000];
data/icu-68.1/source/tools/ctestfw/tstdtmod.cpp:93:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[4000];
data/icu-68.1/source/tools/ctestfw/uperf.cpp:122:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(options+optionsCount, addOptions, addOptionsCount*sizeof(UOption));
data/icu-68.1/source/tools/ctestfw/uperf.cpp:131:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(addOptions, options+OPTIONS_COUNT, addOptionsCount*sizeof(UOption));
data/icu-68.1/source/tools/ctestfw/uperf.cpp:161:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        passes = atoi(options[PASSES].value);
data/icu-68.1/source/tools/ctestfw/uperf.cpp:164:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        iterations = atoi(options[ITERATIONS].value);
data/icu-68.1/source/tools/ctestfw/uperf.cpp:170:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        time = atoi(options[TIME].value);
data/icu-68.1/source/tools/ctestfw/uperf.cpp:230:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lines[numLines].name, line, len * U_SIZEOF_UCHAR);
data/icu-68.1/source/tools/ctestfw/uperf.cpp:244:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(newLines, lines, numLines*sizeof(ULine));
data/icu-68.1/source/tools/escapesrc/cptbl.h:4:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char cp1047_8859_1[256] = { 
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp2[5];
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:116:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp2, "\\x%02X", 0xFF & (int)(byte));
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:132:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[9];
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:297:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char newSeq[20];
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:299:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(newSeq, "\\u%04X", c);
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:301:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(newSeq, "\\U%08X", c);
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:372:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  inf.open(infile.c_str(), std::ios::in);
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:382:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  outf.open(outfile.c_str(), std::ios::out);
data/icu-68.1/source/tools/escapesrc/tblgen.cpp:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cp1047[1];
data/icu-68.1/source/tools/genbrk/genbrk.cpp:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[1024];
data/icu-68.1/source/tools/genbrk/genbrk.cpp:209:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(ruleFileName, "rb");
data/icu-68.1/source/tools/gencfu/gencfu.cpp:193:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[1024];
data/icu-68.1/source/tools/gencfu/gencfu.cpp:309:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(fileName, "rb");
data/icu-68.1/source/tools/gencnval/gencnval.c:100:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char stringStore[STRING_STORE_SIZE];
data/icu-68.1/source/tools/gencnval/gencnval.c:116:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char tagStore[TAG_STORE_SIZE];
data/icu-68.1/source/tools/gencnval/gencnval.c:227:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pathBuf[512];
data/icu-68.1/source/tools/gencnval/gencnval.c:333:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAX_LINE_SIZE];
data/icu-68.1/source/tools/gencnval/gencnval.c:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lastLine[MAX_LINE_SIZE];
data/icu-68.1/source/tools/gencolusb/extract_unsafe_backwards.cpp:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char verString[20];
data/icu-68.1/source/tools/gencolusb/extract_unsafe_backwards.cpp:84:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf2[2048];
data/icu-68.1/source/tools/gendict/gendict.cpp:300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[1024];
data/icu-68.1/source/tools/gendict/gendict.cpp:365:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char s[16];
data/icu-68.1/source/tools/gendict/gendict.cpp:471:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmp[1024];
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:116:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[U_MAX_VERSION_STRING_LENGTH];
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:122:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(unicodeVersion, version, U_MAX_VERSION_LENGTH);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:774:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dataInfo.dataVersion, unicodeVersion, 4);
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:830:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[100];
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:881:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(filename, "w");
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:891:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char uv[U_MAX_VERSION_STRING_LENGTH];
data/icu-68.1/source/tools/gennorm2/n2builder.cpp:989:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(diff.unicodeVersion, b1.unicodeVersion, U_MAX_VERSION_LENGTH);
data/icu-68.1/source/tools/genrb/derb.cpp:145:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            truncsize = atoi(options[4].value); /* user defined printable size */
data/icu-68.1/source/tools/genrb/derb.cpp:392:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[128];
data/icu-68.1/source/tools/genrb/derb.cpp:394:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "// WARNING: this resource, size %li is truncated to %li\n",
data/icu-68.1/source/tools/genrb/derb.cpp:436:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[128];
data/icu-68.1/source/tools/genrb/derb.cpp:438:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "// WARNING: this resource, size %li is truncated to %li\n",
data/icu-68.1/source/tools/genrb/derb.cpp:495:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[128];
data/icu-68.1/source/tools/genrb/derb.cpp:497:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "// WARNING: this resource, size %li is truncated to %li\n",
data/icu-68.1/source/tools/genrb/genrb.cpp:558:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char outputFileName[256];
data/icu-68.1/source/tools/genrb/genrb.cpp:587:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outputFileName[256];
data/icu-68.1/source/tools/genrb/parse.cpp:95:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *tokenNames[TOK_TOKEN_COUNT] =
data/icu-68.1/source/tools/genrb/parse.cpp:315:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              filename[256] = { '\0' };
data/icu-68.1/source/tools/genrb/parse.cpp:316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              cs[128]       = { '\0' };
data/icu-68.1/source/tools/genrb/parse.cpp:459:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              filename[256] = { '\0' };
data/icu-68.1/source/tools/genrb/parse.cpp:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              cs[128]       = { '\0' };
data/icu-68.1/source/tools/genrb/parse.cpp:538:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              filename[256] = { '\0' };
data/icu-68.1/source/tools/genrb/parse.cpp:539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              cs[128]       = { '\0' };
data/icu-68.1/source/tools/genrb/parse.cpp:803:23:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            buffer += sprintf(buffer, "\\u%04X", (int)c);
data/icu-68.1/source/tools/genrb/parse.cpp:821:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char               subtag[1024];
data/icu-68.1/source/tools/genrb/parse.cpp:879:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char     ver[40];
data/icu-68.1/source/tools/genrb/parse.cpp:969:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char preBuffer[100], postBuffer[100];
data/icu-68.1/source/tools/genrb/parse.cpp:1050:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char               subtag[1024], typeKeyword[1024];
data/icu-68.1/source/tools/genrb/parse.cpp:1178:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char              subtag[1024];
data/icu-68.1/source/tools/genrb/parse.cpp:1482:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char toConv[3] = {'\0', '\0', '\0'};
data/icu-68.1/source/tools/genrb/parse.cpp:1827:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tokenBuffer[1024];
data/icu-68.1/source/tools/genrb/prscmnts.cpp:41:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *patternStrings[UPC_LIMIT]={
data/icu-68.1/source/tools/genrb/rbutil.c:70:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char digits[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
data/icu-68.1/source/tools/genrb/reslist.cpp:844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            dataName[1024];
data/icu-68.1/source/tools/genrb/wrtjava.cpp:109:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[30]={'\0'};
data/icu-68.1/source/tools/genrb/wrtjava.cpp:189:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char dest[30] = {0};
data/icu-68.1/source/tools/genrb/wrtjava.cpp:397:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/icu-68.1/source/tools/genrb/wrtjava.cpp:434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[100];
data/icu-68.1/source/tools/genrb/wrtjava.cpp:451:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char byteBuffer[100] = { 0 };
data/icu-68.1/source/tools/genrb/wrtjava.cpp:624:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[256] = {'\0'};
data/icu-68.1/source/tools/genrb/wrtjava.cpp:625:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char className[256]={'\0'};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:702:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char c[256] = {0};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:733:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256] = {'0'};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:738:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char c[256] = {0};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:779:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256] = {0};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:810:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fileName[1024] ={0};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:870:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char temp[256] = {0};
data/icu-68.1/source/tools/genrb/wrtxml.cpp:1037:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timeBuf[128];
data/icu-68.1/source/tools/gensprep/gensprep.c:327:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[4][2];
data/icu-68.1/source/tools/gensprep/gensprep.c:433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *fields[3][2];
data/icu-68.1/source/tools/gentest/genres32.c:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[20]="ooooooooooooooooo";
data/icu-68.1/source/tools/gentest/genres32.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[512];
data/icu-68.1/source/tools/gentest/genres32.c:63:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(file, "w");
data/icu-68.1/source/tools/gentest/gentest.c:145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[512];
data/icu-68.1/source/tools/gentest/gentest.c:154:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(file, "w");
data/icu-68.1/source/tools/icuinfo/icuinfo.cpp:283:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE *out = fopen(options[7].value, "w");
data/icu-68.1/source/tools/icupkg/icupkg.cpp:520:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char outFilenameBuffer[1024]; // for auto-generated output filename, if necessary
data/icu-68.1/source/tools/icupkg/icupkg.cpp:534:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char suffix[6]="?.dat";
data/icu-68.1/source/tools/icuswap/icuswap.cpp:141:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    data=(char *)options[OPT_OUT_TYPE].value;
data/icu-68.1/source/tools/icuswap/icuswap.cpp:167:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in=fopen(argv[1], "rb");
data/icu-68.1/source/tools/icuswap/icuswap.cpp:255:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out=fopen(argv[2], "wb");
data/icu-68.1/source/tools/icuswap/icuswap.cpp:354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inPkgName[32], outPkgName[32];
data/icu-68.1/source/tools/makeconv/genmbcs.cpp:378:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[10];
data/icu-68.1/source/tools/makeconv/genmbcs.cpp:688:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[10];
data/icu-68.1/source/tools/makeconv/makeconv.cpp:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cnvName[UCNV_MAX_FULL_FILE_NAME_LENGTH];
data/icu-68.1/source/tools/makeconv/makeconv.cpp:440:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/icu-68.1/source/tools/makeconv/makeconv.cpp:567:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/icu-68.1/source/tools/makeconv/makeconv.cpp:725:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char baseFilename[500];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:236:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char libFileNames[LIB_FILENAMES_SIZE][256];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdBuffer[SMALL_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:573:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char targetDir[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:574:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpDir[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:575:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datFileName[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:576:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char datFileNamePath[LARGE_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char checkLibFile[LARGE_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:622:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char targetFileNamePath[LARGE_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:658:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char gencFilePath[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:659:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char version_major[10] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:770:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char optMatchArch[10] = { 0 };
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1043:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[LARGE_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1044:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name1[SMALL_BUFFER_MAX_SIZE]; /* symlink file name */
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1045:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name2[SMALL_BUFFER_MAX_SIZE]; /* file name to symlink */
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[SMALL_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1205:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1237:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1249:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1305:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[LARGE_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1469:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char PDS_LibName[512];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1470:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char PDS_Name[512];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempObjectFile[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1592:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const static char DATA_PREFIX[DATA_PREFIX_LENGTH][10] = {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1611:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gencmnFile[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tempObjectFile[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char icudtAll[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1675:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char newName[SMALL_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1676:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char dataName[SMALL_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1677:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char dataDirName[SMALL_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1689:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char newNameTmp[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1817:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[LARGE_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1819:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char staticLibFilePath[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1842:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dllFilePath[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1843:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char libFilePath[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1844:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char resFilePath[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1845:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tmpResFilePath[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1889:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char extraFlags[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1932:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuffer[SMALL_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:1935:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mapFile[SMALL_BUFFER_MAX_SIZE] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2069:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        line[16384];
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2205:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[512] = "";
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2263:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cmd[LARGE_BUFFER_MAX_SIZE];
data/icu-68.1/source/tools/pkgdata/pkgtypes.c:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/tools/pkgdata/pkgtypes.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/tools/pkgdata/pkgtypes.c:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char aBuf[1024];
data/icu-68.1/source/tools/toolutil/dbgutil.cpp:119:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ch[256];
data/icu-68.1/source/tools/toolutil/dbgutil.cpp:124:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    return atoi(ch);
data/icu-68.1/source/tools/toolutil/dbgutil.cpp:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ch[256];
data/icu-68.1/source/tools/toolutil/filestrm.cpp:36:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE *file = fopen(filename, mode);
data/icu-68.1/source/tools/toolutil/filestrm.cpp:84:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* temp = fopen(filename, "r");
data/icu-68.1/source/tools/toolutil/package.cpp:197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pkg, basename, len);
data/icu-68.1/source/tools/toolutil/package.cpp:307:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024];
data/icu-68.1/source/tools/toolutil/package.cpp:315:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file=fopen(filename, "rb");
data/icu-68.1/source/tools/toolutil/package.cpp:409:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&pHeader->info, &dataInfo, sizeof(dataInfo));
data/icu-68.1/source/tools/toolutil/package.cpp:540:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prefix[MAX_PKG_NAME_LENGTH+4];
data/icu-68.1/source/tools/toolutil/package.cpp:608:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pkgPrefix, s, prefixLength);
data/icu-68.1/source/tools/toolutil/package.cpp:610:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(prefix, s, ++prefixLength);  // include the /
data/icu-68.1/source/tools/toolutil/package.cpp:614:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(prefix, inPkgName, inPkgNameLength);
data/icu-68.1/source/tools/toolutil/package.cpp:687:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[MAX_PKG_NAME_LENGTH+4];
data/icu-68.1/source/tools/toolutil/package.cpp:713:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(header+headerLength, comment, length+1);
data/icu-68.1/source/tools/toolutil/package.cpp:749:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file=fopen(filename, "wb");
data/icu-68.1/source/tools/toolutil/package.cpp:775:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(prefix, pkgPrefix, prefixLength);
data/icu-68.1/source/tools/toolutil/package.cpp:802:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(name, prefix, prefixLength);
data/icu-68.1/source/tools/toolutil/package.cpp:803:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(name+prefixLength, items[i].name, length+1);
data/icu-68.1/source/tools/toolutil/package.cpp:1128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024];
data/icu-68.1/source/tools/toolutil/package.cpp:1170:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file=fopen(filename, "wb");
data/icu-68.1/source/tools/toolutil/package.h:159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inPkgName[MAX_PKG_NAME_LENGTH];
data/icu-68.1/source/tools/toolutil/package.h:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pkgPrefix[MAX_PKG_NAME_LENGTH];
data/icu-68.1/source/tools/toolutil/package.h:175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char inStrings[STRING_STORE_SIZE], outStrings[STRING_STORE_SIZE];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:283:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entry[96];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:286:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char chars[4096];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:398:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096], entry[96];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:544:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bitFieldStr[64]; /* This is more bits than needed for a 32-bit number */
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:547:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char hexToStr[16] = {
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:608:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[4];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:641:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[8];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:644:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(s, "\\x%X", byte);
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:646:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(s, "\\%X", byte);
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:749:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        bytes[2048];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:887:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096], entry[96]={ 0 };
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:995:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char sectionStrings[40]=
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:1012:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char padding[16]={ 0 };
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:1128:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char linkerOptions[100];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:1133:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char longNames[100];
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:1296:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        uprv_strncpy((char *)symbols[0].N.ShortName, entry, entryLength);
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:81:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char stringStore[STRING_STORE_SIZE];
data/icu-68.1/source/tools/toolutil/pkg_gencmn.cpp:122:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[4096];
data/icu-68.1/source/tools/toolutil/pkg_icu.cpp:80:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char line[1024];
data/icu-68.1/source/tools/toolutil/pkg_icu.cpp:84:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file=fopen(listname, "r");
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(target, itemName, treeLength);
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:159:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(target+treeLength, id, idLength);
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(target+treeLength+idLength, suffix, suffixLength+1); // +1 includes the terminating NUL
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char target[200];
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:263:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char localeID[32];
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:397:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char poolName[200];
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:521:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char baseName[32];
data/icu-68.1/source/tools/toolutil/ppucd.cpp:70:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        file=fopen(filename, "r");
data/icu-68.1/source/tools/toolutil/ppucd.h:176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lines[kNumLineBuffers][4096];
data/icu-68.1/source/tools/toolutil/swapimpl.cpp:859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dataFormatChars[4];
data/icu-68.1/source/tools/toolutil/toolutil.cpp:242:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/icu-68.1/source/tools/toolutil/toolutil.cpp:245:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(std::max_align_t) char staticArray[1];
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char start[8];
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  carr[MAX_IN_BUF] = {'\0'};
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:227:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char context[CONTEXT_LEN+1];
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:228:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char preContext[CONTEXT_LEN+1];
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:229:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char postContext[CONTEXT_LEN+1];
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:254:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(preContext,cbuf+start,stop-start);
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:262:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(postContext,source,stop-start);
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:422:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char context[CONTEXT_LEN+1];
data/icu-68.1/source/tools/toolutil/ucbuf.cpp:590:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char start[8];
data/icu-68.1/source/tools/toolutil/ucm.cpp:1153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[500];
data/icu-68.1/source/tools/toolutil/ucm.h:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char baseName[UCNV_MAX_CONVERTER_NAME_LENGTH];
data/icu-68.1/source/tools/toolutil/ucmstate.cpp:51:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *
data/icu-68.1/source/tools/toolutil/ucmstate.cpp:52:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
parseState(const char *s, int32_t state[256], uint32_t *pFlags) {
data/icu-68.1/source/tools/toolutil/udbgutil.cpp:432:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[300];
data/icu-68.1/source/tools/toolutil/udbgutil.cpp:458:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[200]="";
data/icu-68.1/source/tools/toolutil/udbgutil.cpp:476:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf2[100];
data/icu-68.1/source/tools/toolutil/udbgutil.cpp:581:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[2000];
data/icu-68.1/source/tools/toolutil/unewdata.cpp:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/icu-68.1/source/tools/toolutil/uparse.cpp:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[10000];
data/icu-68.1/source/tools/toolutil/writesrc.cpp:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/icu-68.1/source/tools/toolutil/writesrc.cpp:52:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f=fopen(p, "w");
data/icu-68.1/source/tools/toolutil/writesrc.cpp:77:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[200];
data/icu-68.1/source/tools/toolutil/writesrc.cpp:298:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[100], line2[100], line3[100];
data/icu-68.1/source/tools/toolutil/xmlparser.cpp:166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytes[4096], charsetBuffer[100];
data/icu-68.1/source/tools/tzcode/asctime.c:65:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char	buf_asctime[MAX_ASCTIME_BUF_SIZE];
data/icu-68.1/source/tools/tzcode/asctime.c:83:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			year[INT_STRLEN_MAXIMUM(int) + 2];
data/icu-68.1/source/tools/tzcode/asctime.c:84:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			result[MAX_ASCTIME_BUF_SIZE];
data/icu-68.1/source/tools/tzcode/asctime.c:88:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		return strcpy(buf, "??? ??? ?? ??:??:?? ????\n");
data/icu-68.1/source/tools/tzcode/icuzdump.cpp:340:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            high = atoi(options[kOptCutover].value);
data/icu-68.1/source/tools/tzcode/icuzdump.cpp:343:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            low = atoi(options[kOptCutover].value);
data/icu-68.1/source/tools/tzcode/icuzdump.cpp:344:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            high = atoi(comma + 1);
data/icu-68.1/source/tools/tzcode/localtime.c:109:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char	types[TZ_MAX_TIMES];
data/icu-68.1/source/tools/tzcode/localtime.c:111:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char		chars[BIGGEST(BIGGEST(TZ_MAX_CHARS + 1, sizeof gmt),
data/icu-68.1/source/tools/tzcode/localtime.c:199:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		lcl_TZname[TZ_STRLEN_MAX + 1];
data/icu-68.1/source/tools/tzcode/localtime.c:203:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *			tzname[2] = {
data/icu-68.1/source/tools/tzcode/localtime.c:334:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		buf[2 * sizeof(struct tzhead) +
data/icu-68.1/source/tools/tzcode/localtime.c:361:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		fullname[FILENAME_MAX + 1];
data/icu-68.1/source/tools/tzcode/localtime.c:383:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fid = open(name, OPEN_MODE)) == -1)
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:243:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4]; // must be UNSIGNED
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:261:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[8]; // must be UNSIGNED
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:649:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pwd[512];
data/icu-68.1/source/tools/tzcode/tzfile.h:41:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_magic[4];		/* TZ_MAGIC */
data/icu-68.1/source/tools/tzcode/tzfile.h:42:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_version[1];		/* '\0' or '2' or '3' as of 2013 */
data/icu-68.1/source/tools/tzcode/tzfile.h:43:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_reserved[15];	/* reserved--must be zero */
data/icu-68.1/source/tools/tzcode/tzfile.h:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_ttisgmtcnt[4];	/* coded number of trans. time flags */
data/icu-68.1/source/tools/tzcode/tzfile.h:45:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_ttisstdcnt[4];	/* coded number of trans. time flags */
data/icu-68.1/source/tools/tzcode/tzfile.h:46:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_leapcnt[4];		/* coded number of leap seconds */
data/icu-68.1/source/tools/tzcode/tzfile.h:47:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_timecnt[4];		/* coded number of transition times */
data/icu-68.1/source/tools/tzcode/tzfile.h:48:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_typecnt[4];		/* coded number of local time types */
data/icu-68.1/source/tools/tzcode/tzfile.h:49:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	tzh_charcnt[4];		/* coded number of abbr. chars */
data/icu-68.1/source/tools/tzcode/zdump.c:216:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char *	tzname[2];
data/icu-68.1/source/tools/tzcode/zdump.c:534:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		(void) strcpy(fakeenv[to++], "TZ=");
data/icu-68.1/source/tools/tzcode/zdump.c:542:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		static char	buf[MAX_STRING_LENGTH];
data/icu-68.1/source/tools/tzcode/zdump.c:560:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				char	path[FILENAME_MAX + 1];
data/icu-68.1/source/tools/tzcode/zdump.c:571:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if ((fp = fopen(path, "w")) == NULL) {
data/icu-68.1/source/tools/tzcode/zdump.c:740:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			loab[MAX_STRING_LENGTH];
data/icu-68.1/source/tools/tzcode/zdump.c:935:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char			loab[MAX_STRING_LENGTH];
data/icu-68.1/source/tools/tzcode/zdump.c:1043:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	path[FILENAME_MAX + 1];
data/icu-68.1/source/tools/tzcode/zdump.c:1077:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char	subpath[FILENAME_MAX + 1];
data/icu-68.1/source/tools/tzcode/zic.c:407:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		isdsts[TZ_MAX_TYPES];
data/icu-68.1/source/tools/tzcode/zic.c:408:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char	abbrinds[TZ_MAX_TYPES];
data/icu-68.1/source/tools/tzcode/zic.c:409:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		ttisstds[TZ_MAX_TYPES];
data/icu-68.1/source/tools/tzcode/zic.c:410:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		ttisgmts[TZ_MAX_TYPES];
data/icu-68.1/source/tools/tzcode/zic.c:411:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		chars[TZ_MAX_CHARS];
data/icu-68.1/source/tools/tzcode/zic.c:414:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char		roll[TZ_MAX_LEAPS];
data/icu-68.1/source/tools/tzcode/zic.c:713:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((icuFile = fopen(ICU_ZONE_FILE, "w")) == NULL) {
data/icu-68.1/source/tools/tzcode/zic.c:824:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			fp = fopen(fromname, "rb");
data/icu-68.1/source/tools/tzcode/zic.c:832:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
			tp = fopen(toname, "wb");
data/icu-68.1/source/tools/tzcode/zic.c:982:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char				buf[BUFSIZ];
data/icu-68.1/source/tools/tzcode/zic.c:987:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	} else if ((fp = fopen(name, "r")) == NULL) {
data/icu-68.1/source/tools/tzcode/zic.c:1567:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[4];
data/icu-68.1/source/tools/tzcode/zic.c:1576:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char	buf[8];
data/icu-68.1/source/tools/tzcode/zic.c:1699:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(fullname, "wb")) == NULL) {
data/icu-68.1/source/tools/tzcode/zic.c:1702:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((fp = fopen(fullname, "wb")) == NULL) {
data/icu-68.1/source/tools/tzcode/zic.c:1717:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char		thischars[TZ_MAX_CHARS];
data/icu-68.1/source/tools/tzcode/zic.c:2011:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	(void) sprintf(end(result), "%d", hours);
data/icu-68.1/source/tools/tzcode/zic.c:2013:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		(void) sprintf(end(result), ":%02d", minutes);
data/icu-68.1/source/tools/tzcode/zic.c:2015:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			(void) sprintf(end(result), ":%02d", seconds);
data/icu-68.1/source/tools/tzcode/zic.c:2038:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		  (void) sprintf(result, "%d", total + rp->r_dayofmonth - 1);
data/icu-68.1/source/tools/tzcode/zic.c:2040:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		  (void) sprintf(result, "J%d", total + rp->r_dayofmonth);
data/icu-68.1/source/tools/tzcode/zic.c:2067:10:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		(void) sprintf(result, "M%d.%d.%d",
data/icu-68.1/as_is/os400/iculd.c:119:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int n = strlen(argv[i]);
data/icu-68.1/as_is/os400/iculd.c:142:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              nlen=strlen(b);
data/icu-68.1/as_is/os400/iculd.c:151:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(objs,"/");
data/icu-68.1/as_is/os400/iculd.c:152:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(objs,b,nlen);
data/icu-68.1/as_is/os400/iculd.c:153:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(objs, " ");
data/icu-68.1/as_is/os400/iculd.c:176:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              nlen=strlen(b);
data/icu-68.1/as_is/os400/iculd.c:185:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(bnddirs,"/");
data/icu-68.1/as_is/os400/iculd.c:186:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(bnddirs,b,nlen);
data/icu-68.1/as_is/os400/iculd.c:187:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(bnddirs, " ");
data/icu-68.1/as_is/os400/iculd.c:197:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(libs,"/");
data/icu-68.1/as_is/os400/iculd.c:198:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(libs,p+1,strlen(p)-4);
data/icu-68.1/as_is/os400/iculd.c:198:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strncat(libs,p+1,strlen(p)-4);
data/icu-68.1/as_is/os400/iculd.c:199:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(libs," ");
data/icu-68.1/source/common/cstring.h:37:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uprv_strlen(str) U_STANDARD_CPP_NAMESPACE strlen(str)
data/icu-68.1/source/common/cstring.h:43:63:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
#define uprv_strncpy(dst, src, size) U_STANDARD_CPP_NAMESPACE strncpy(dst, src, size)
data/icu-68.1/source/common/cstring.h:45:60:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
#define uprv_strncat(dst, src, n) U_STANDARD_CPP_NAMESPACE strncat(dst, src, n)
data/icu-68.1/source/common/cwchar.h:43:24:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define uprv_wcslen wcslen
data/icu-68.1/source/common/icuplug.cpp:788:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    DBG((stderr, "pluginfile= %s len %d/%d\n", plugin_file, (int)strlen(plugin_file), (int)sizeof(plugin_file)));
data/icu-68.1/source/common/icuplug.cpp:847:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            p = config+strlen(config);
data/icu-68.1/source/common/putil.cpp:2124:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(codepage, nl_langinfo(CODESET),63-strlen(UCNV_SWAP_LFNL_OPTION_STRING));
data/icu-68.1/source/common/putil.cpp:2124:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(codepage, nl_langinfo(CODESET),63-strlen(UCNV_SWAP_LFNL_OPTION_STRING));
data/icu-68.1/source/common/stringtriebuilder.cpp:484:62:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if(units[i]!=o.units[i] || values[i]!=o.values[i] || equal[i]!=o.equal[i]) {
data/icu-68.1/source/common/stringtriebuilder.cpp:484:74:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if(units[i]!=o.units[i] || values[i]!=o.values[i] || equal[i]!=o.equal[i]) {
data/icu-68.1/source/common/stringtriebuilder.cpp:498:24:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            Node *edge=equal[--i];
data/icu-68.1/source/common/stringtriebuilder.cpp:517:21:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    Node *rightEdge=equal[unitNumber];
data/icu-68.1/source/common/stringtriebuilder.cpp:521:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if(equal[unitNumber]!=NULL) {
data/icu-68.1/source/common/stringtriebuilder.cpp:522:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            equal[unitNumber]->writeUnlessInsideRightEdge(firstEdgeNumber, rightEdgeNumber, builder);
data/icu-68.1/source/common/stringtriebuilder.cpp:538:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if(equal[unitNumber]==NULL) {
data/icu-68.1/source/common/stringtriebuilder.cpp:544:22:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            U_ASSERT(equal[unitNumber]->getOffset()>0);
data/icu-68.1/source/common/stringtriebuilder.cpp:545:26:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            value=offset-equal[unitNumber]->getOffset();
data/icu-68.1/source/common/ucnv_lmb.cpp:552:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         if (uprv_strncmp(pTable->LocaleID, LocaleID, strlen(pTable->LocaleID)) == 0)
data/icu-68.1/source/common/unicode/stringtriebuilder.h:350:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            equal[length]=NULL;
data/icu-68.1/source/common/unicode/stringtriebuilder.h:358:13:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            equal[length]=node;
data/icu-68.1/source/common/unicode/stringtriebuilder.h:364:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        Node *equal[kMaxBranchLinearSubNodeLength];  // NULL means "has final value".
data/icu-68.1/source/extra/uconv/uwmsg.c:257:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        msg = (UChar*)malloc((strlen(textMsg)+1)*sizeof(msg[0]));
data/icu-68.1/source/extra/uconv/uwmsg.c:258:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(textMsg, msg, (int32_t)(strlen(textMsg)+1));
data/icu-68.1/source/i18n/collationdatareader.cpp:47:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
CollationDataReader::read(const CollationTailoring *base, const uint8_t *inBytes, int32_t inLength,
data/icu-68.1/source/i18n/collationdatareader.h:102:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    static void read(const CollationTailoring *base, const uint8_t *inBytes, int32_t inLength,
data/icu-68.1/source/i18n/collationroot.cpp:63:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CollationDataReader::read(NULL, inBytes, udata_getLength(t->memory), *t, errorCode);
data/icu-68.1/source/i18n/decNumber.cpp:3665:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(string, "?");
data/icu-68.1/source/i18n/decNumberLocal.h:158:27:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    #error Maximum digits mismatch
data/icu-68.1/source/i18n/decNumberLocal.h:161:29:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    #error Maximum exponent mismatch
data/icu-68.1/source/i18n/decNumberLocal.h:164:29:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    #error Minimum exponent mismatch
data/icu-68.1/source/i18n/double-conversion-utils.h:209:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t length = strlen(string);
data/icu-68.1/source/i18n/double-conversion-utils.h:302:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    DOUBLE_CONVERSION_ASSERT(static_cast<size_t>(n) <= strlen(s));
data/icu-68.1/source/i18n/double-conversion-utils.h:322:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    DOUBLE_CONVERSION_ASSERT(strlen(buffer_.start()) == static_cast<size_t>(position_));
data/icu-68.1/source/i18n/dtitvinf.cpp:178:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    return equal;
data/icu-68.1/source/i18n/dtptngen.cpp:2113:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
       UBool equal;
data/icu-68.1/source/i18n/dtptngen.cpp:2119:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
       if (equal) {
data/icu-68.1/source/i18n/fmtable.cpp:327:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    return equal;
data/icu-68.1/source/i18n/number_compact.cpp:161:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        auto magnitude = static_cast<int8_t> (strlen(key) - 1);
data/icu-68.1/source/i18n/rulebasedcollator.cpp:178:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CollationDataReader::read(base->tailoring, bin, length, *t, errorCode);
data/icu-68.1/source/i18n/ucol_res.cpp:395:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CollationDataReader::read(rootEntry->tailoring, inBytes, length, *t, errorCode);
data/icu-68.1/source/i18n/vtzone.cpp:937:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    UChar read(void);
data/icu-68.1/source/i18n/vtzone.cpp:952:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
VTZReader::read(void) {
data/icu-68.1/source/i18n/vtzone.cpp:1282:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        UChar ch = reader.read();
data/icu-68.1/source/i18n/windtfmt.cpp:331:54:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    appendTo.append((const UChar *)buffer, (int32_t) wcslen(buffer));
data/icu-68.1/source/i18n/windtfmt.cpp:364:54:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    appendTo.append((const UChar *)buffer, (int32_t) wcslen(buffer));
data/icu-68.1/source/i18n/winnmfmt.cpp:443:48:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    appendTo.append((UChar *)buffer, (int32_t) wcslen(buffer));
data/icu-68.1/source/io/locbund.cpp:84:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(loc);
data/icu-68.1/source/io/sprintf.cpp:181:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t size = (int32_t)strlen(patternSpecification) + 1;
data/icu-68.1/source/io/uprintf.cpp:174:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t size = strlen(patternSpecification) + 1;
data/icu-68.1/source/io/uprntf_p.cpp:213:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        argSize = (int32_t)strlen(arg) + 1;
data/icu-68.1/source/io/ustdio.cpp:715:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (dataSize > (count - read)) {
data/icu-68.1/source/io/ustdio.cpp:716:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            dataSize = count - read;
data/icu-68.1/source/io/ustdio.cpp:720:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        memcpy(chars + read, str->fPos, dataSize * sizeof(UChar));
data/icu-68.1/source/io/ustdio.cpp:728:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while (dataSize != 0 && read < count);
data/icu-68.1/source/io/ustdio.cpp:730:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read;
data/icu-68.1/source/samples/cal/cal.c:146:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if(strncmp(arg, "-", strlen("-")) == 0) {
data/icu-68.1/source/samples/csdet/csdet.c:65:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (lang == NULL || strlen(lang) == 0) {
data/icu-68.1/source/samples/date/date.c:150:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if(strncmp(arg, "-", strlen("-")) == 0) {
data/icu-68.1/source/samples/date/date.c:342:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(parsepos > 0 && parsepos <= (int32_t)strlen(parse)) {
data/icu-68.1/source/samples/layout/FontMap.cpp:168:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    le_int32 len = strlen(fontName);
data/icu-68.1/source/samples/layout/FontMap.cpp:180:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);
data/icu-68.1/source/samples/numfmt/main.cpp:110:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(currency==NULL || strlen(currency)!=3) {
data/icu-68.1/source/samples/numfmt/main.cpp:198:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(currency==NULL || strlen(currency)!=3) {
data/icu-68.1/source/samples/uciter8/uit_len8.c:554:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                iter->limit=(int32_t)strlen(s);
data/icu-68.1/source/samples/ucnv/convsamp.cpp:133:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = static_cast<int32_t>(strlen(uch));
data/icu-68.1/source/samples/ucnv/convsamp.cpp:548:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = ucnv_toUChars(conv, target, 100, source, static_cast<int32_t>(strlen(source)), &status);
data/icu-68.1/source/samples/ucnv/convsamp.cpp:556:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  printBytes("src", source, static_cast<int32_t>(strlen(source)) );
data/icu-68.1/source/samples/ucnv/convsamp.cpp:643:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = ucnv_toUChars(conv, uchars, 100, source, static_cast<int32_t>(strlen(source)), &status);
data/icu-68.1/source/samples/ucnv/convsamp.cpp:743:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = ucnv_toUChars(conv, uchars, 100, source, static_cast<int32_t>(strlen(source)), &status);
data/icu-68.1/source/samples/ugrep/ugrep.cpp:206:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        else if(strncmp(arg, "-", strlen("-")) == 0) {
data/icu-68.1/source/test/cintltst/bocu1tst.c:831:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(BOCU1_LENGTH_FROM_LEAD(level[0])!=(int32_t)strlen((const char *)level)) {
data/icu-68.1/source/test/cintltst/bocu1tst.c:833:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   level[0], BOCU1_LENGTH_FROM_LEAD(level[0]), strlen((const char *)level), i);
data/icu-68.1/source/test/cintltst/bocu1tst.c:836:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if(i==0 || i==1 || strlen((const char *)prev)!=strlen((const char *)level)) {
data/icu-68.1/source/test/cintltst/bocu1tst.c:836:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if(i==0 || i==1 || strlen((const char *)prev)!=strlen((const char *)level)) {
data/icu-68.1/source/test/cintltst/callcoll.c:748:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(str);
data/icu-68.1/source/test/cintltst/callcoll.c:773:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(str);
data/icu-68.1/source/test/cintltst/callcoll.c:800:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(str);
data/icu-68.1/source/test/cintltst/callcoll.c:825:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(str);
data/icu-68.1/source/test/cintltst/callcoll.c:849:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(str);
data/icu-68.1/source/test/cintltst/callcoll.c:1028:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          int         len          = strlen(str);
data/icu-68.1/source/test/cintltst/callcoll.c:1105:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          int         len          = (int)strlen(str);
data/icu-68.1/source/test/cintltst/capitst.c:50:21:  [1] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source is a constant character.
        position += sprintf(buffer + position, "[");
data/icu-68.1/source/test/cintltst/capitst.c:1164:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          sprintf(junk2+strlen(junk2), "%02X ",(int)( 0xFF & sortk2[i]));
data/icu-68.1/source/test/cintltst/capitst.c:1165:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          sprintf(junk3+strlen(junk3), "%02X ",(int)( 0xFF & sortk3[i]));
data/icu-68.1/source/test/cintltst/capitst.c:1888:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int32_t firstLen = (int32_t)strlen((const char *)first);
data/icu-68.1/source/test/cintltst/capitst.c:1889:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int32_t secondLen = (int32_t)strlen((const char *)second);
data/icu-68.1/source/test/cintltst/cbiditst.c:517:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int)strlen(mates1Chars);
data/icu-68.1/source/test/cintltst/cbiditst.c:743:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcSize = (int32_t)strlen(logicalOrder[i]);
data/icu-68.1/source/test/cintltst/cbiditst.c:778:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcSize = (int32_t)strlen(logicalOrder[i]);
data/icu-68.1/source/test/cintltst/cbiditst.c:812:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcSize = (int32_t)strlen(logicalOrder[i]);
data/icu-68.1/source/test/cintltst/cbiditst.c:843:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcSize = (int32_t)strlen(logicalOrder[i]);
data/icu-68.1/source/test/cintltst/cbiditst.c:877:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcSize = (int32_t)strlen(logicalOrder[i]);
data/icu-68.1/source/test/cintltst/cbiditst.c:4130:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        actualLen = (int32_t)strlen(destChars);
data/icu-68.1/source/test/cintltst/cbiditst.c:4210:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            srcLen = (int32_t)strlen(testCases[i].textIn);
data/icu-68.1/source/test/cintltst/cbiditst.c:4296:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        srcLen = (int32_t)strlen(srcChars);
data/icu-68.1/source/test/cintltst/cbiditst.c:4449:11:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    UBool mismatch, testOK = TRUE;
data/icu-68.1/source/test/cintltst/cbiditst.c:4486:17:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
                mismatch |= (UBool)(j >= nPortions ||
data/icu-68.1/source/test/cintltst/cbiditst.c:4493:17:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (mismatch || j != nPortions) {
data/icu-68.1/source/test/cintltst/cbiditst.c:4868:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        proLength = (int32_t)strlen(cc.prologue);
data/icu-68.1/source/test/cintltst/cbiditst.c:4870:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        epiLength = (int32_t)strlen(cc.epilogue);
data/icu-68.1/source/test/cintltst/cbiditst.c:4879:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        srcLen = (int32_t)strlen(cc.source);
data/icu-68.1/source/test/cintltst/ccapitst.c:203:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                } else if(strlen(alias) > 20) {
data/icu-68.1/source/test/cintltst/ccapitst.c:533:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if((unsigned int)(index-ucs_file_name) != (strlen(ucs_file_name)-1)){
data/icu-68.1/source/test/cintltst/ccapitst.c:901:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     (int32_t)strlen(output_cp_buffer),
data/icu-68.1/source/test/cintltst/ccapitst.c:913:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   (int32_t)strlen(output_cp_buffer),
data/icu-68.1/source/test/cintltst/ccapitst.c:953:96:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        targetsize = ucnv_toUChars(myConverter, uchar2, targetsize, output_cp_buffer, (int32_t)strlen(output_cp_buffer), &err);
data/icu-68.1/source/test/cintltst/ccapitst.c:958:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        targetsize = ucnv_toUChars(myConverter, uchar2, -1, output_cp_buffer, (int32_t)strlen(output_cp_buffer), &err);
data/icu-68.1/source/test/cintltst/ccapitst.c:968:99:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        targetsize = ucnv_toUChars(myConverter, NULL, targetcapacity2, output_cp_buffer, (int32_t)strlen(output_cp_buffer), &err);
data/icu-68.1/source/test/cintltst/ccapitst.c:2566:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t length = (int32_t)strlen(badUTF8[i]);
data/icu-68.1/source/test/cintltst/ccapitst.c:2629:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t length = (int32_t)strlen(badUTF8[i]);
data/icu-68.1/source/test/cintltst/ccapitst.c:3397:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* sourceLimit = source + strlen(head); 
data/icu-68.1/source/test/cintltst/ccapitst.c:3414:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sourceLimit = source+strlen(mid);
data/icu-68.1/source/test/cintltst/ccapitst.c:3425:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sourceLimit = source+strlen(tail);
data/icu-68.1/source/test/cintltst/ccolltst.c:60:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uint32_t kLen = (uint32_t)strlen((const char *)sourceKey);
data/icu-68.1/source/test/cintltst/cdattst.c:1070:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t patternSize = (int32_t)strlen(expected) + 1;
data/icu-68.1/source/test/cintltst/cdattst.c:1105:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t valueLen, valueSize = (int32_t)strlen(expected) + 1;
data/icu-68.1/source/test/cintltst/cdtdptst.c:62:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pattern=(UChar*)malloc(sizeof(UChar) * (strlen("EEE MMM dd HH:mm:ss.SSS zzz yyyy G")+1 ));
data/icu-68.1/source/test/cintltst/cdtdptst.c:76:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s=(UChar*)malloc(sizeof(UChar) * (strlen("03-Apr-04 2:20:47 o'clock AM PST")+1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:133:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s=(UChar*)malloc(sizeof(UChar) * (strlen("01/01/1997 10:11:42 AM")+1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:167:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    str=(UChar*)malloc(sizeof(UChar) * (strlen(s) + 1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:169:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pat=(UChar*)malloc(sizeof(UChar) * (strlen(pattern) + 1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:205:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pattern=(UChar*)malloc(sizeof(UChar) * (strlen("yyyyMMddHHmmssSSS")+1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:320:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pattern=(UChar*)malloc(sizeof(UChar) * (strlen("MM/dd/yyyy 'at' hh:mm:ss a zzz")+1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:342:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        exp=(UChar*)malloc(sizeof(UChar) * (strlen(expStr) + 1) );
data/icu-68.1/source/test/cintltst/cdtdptst.c:346:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(u_strncmp(dateString, exp, (int32_t)strlen(expStr)) !=0) {
data/icu-68.1/source/test/cintltst/cdtrgtst.c:403:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        datestr=(UChar*)malloc(sizeof(UChar) * (strlen(tests[i])+1));
data/icu-68.1/source/test/cintltst/cdtrgtst.c:413:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        datestr=(UChar*)malloc(sizeof(UChar) * (strlen(tests[i+1])+1));
data/icu-68.1/source/test/cintltst/cg7coll.c:203:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len=(int32_t)strlen(rules);
data/icu-68.1/source/test/cintltst/cg7coll.c:234:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len=(int32_t)strlen(rules);
data/icu-68.1/source/test/cintltst/cg7coll.c:263:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len=(int32_t)strlen(rules);
data/icu-68.1/source/test/cintltst/cg7coll.c:293:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len=(int32_t)strlen(rules);
data/icu-68.1/source/test/cintltst/cintltst.c:457:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        retStr = (char *)malloc(strlen(dataDir)+1);
data/icu-68.1/source/test/cintltst/cintltst.c:550:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tdpath = (char*) ctst_malloc(sizeof(char) *(( strlen(directory) * strlen(tdrelativepath)) + 10));
data/icu-68.1/source/test/cintltst/cintltst.c:550:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tdpath = (char*) ctst_malloc(sizeof(char) *(( strlen(directory) * strlen(tdrelativepath)) + 10));
data/icu-68.1/source/test/cintltst/cldrtest.c:809:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        patternLen = (int32_t)strlen(pattern);
data/icu-68.1/source/test/cintltst/cloctst.c:295:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        testLocale=(char*)malloc(sizeof(char) * (strlen(rawData2[NAME][i])+1));
data/icu-68.1/source/test/cintltst/cloctst.c:533:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if(len != (int32_t)strlen(buf)) {
data/icu-68.1/source/test/cintltst/cloctst.c:535:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        row, testTitles[n], loc, buf, len, strlen(buf)+1);
data/icu-68.1/source/test/cintltst/cloctst.c:582:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        expected=(UChar*)realloc(expected, sizeof(UChar) * (strlen(temp) + 1));
data/icu-68.1/source/test/cintltst/cloctst.c:590:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        expected=(UChar*)realloc(expected, sizeof(UChar) * (strlen(temp) + 1));
data/icu-68.1/source/test/cintltst/cloctst.c:1394:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while (key != NULL && strlen(key) != 2);
data/icu-68.1/source/test/cintltst/cloctst.c:1430:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (U_SUCCESS(status) && key != NULL && strlen(key) != 2);
data/icu-68.1/source/test/cintltst/cloctst.c:1526:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        expectedLang=(UChar*)malloc(sizeof(UChar) * (strlen(languageNames[i])+1));
data/icu-68.1/source/test/cintltst/cloctst.c:2174:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        } else if(strcmp(buffer,kwSetTestCases[i].x) || ((int32_t)strlen(buffer)!=resultLen)) {
data/icu-68.1/source/test/cintltst/cloctst.c:2176:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  kwSetTestCases[i].v, buffer, resultLen, kwSetTestCases[i].x, strlen(buffer));
data/icu-68.1/source/test/cintltst/cloctst.c:2241:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        blen=(int32_t)strlen(kwSetTestCases[i].l)+1;
data/icu-68.1/source/test/cintltst/cloctst.c:2255:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(res!=(int32_t)strlen(kwSetTestCases[i].x)) {
data/icu-68.1/source/test/cintltst/cloctst.c:2256:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            log_err("expected result %d got %d\n", strlen(kwSetTestCases[i].x), res);
data/icu-68.1/source/test/cintltst/cloctst.c:2268:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        blen=(int32_t)strlen(kwSetTestCases[i].l)+1;
data/icu-68.1/source/test/cintltst/cloctst.c:2281:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(res!=(int32_t)strlen(kwSetTestCases[i].x)) {
data/icu-68.1/source/test/cintltst/cloctst.c:2282:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            log_err("expected result %d got %d\n", strlen(kwSetTestCases[i].x), res);
data/icu-68.1/source/test/cintltst/cloctst.c:2285:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(strcmp(buffer,kwSetTestCases[i].x) || ((int32_t)strlen(buffer)!=res)) {
data/icu-68.1/source/test/cintltst/cloctst.c:2287:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                kwSetTestCases[i].v, buffer, res, kwSetTestCases[i].x, strlen(buffer));
data/icu-68.1/source/test/cintltst/cloctst.c:2444:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (resultLen != (int32_t)strlen(buffer)) {
data/icu-68.1/source/test/cintltst/cloctst.c:2446:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        label[j], testCases[i].localeID, resultLen, strlen(buffer));
data/icu-68.1/source/test/cintltst/cloctst.c:5924:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return (int32_t)strlen(data->expected);
data/icu-68.1/source/test/cintltst/cloctst.c:5940:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return (int32_t)strlen(data->expected) + 1;
data/icu-68.1/source/test/cintltst/cloctst.c:6038:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(maximal) > 0) {
data/icu-68.1/source/test/cintltst/cmsgtst.c:65:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uint32_t strSize = (uint32_t)strlen(txt_testCasePatterns[i]) + 1;
data/icu-68.1/source/test/cintltst/cmsgtst.c:70:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uint32_t strSize = (uint32_t)strlen(txt_testResultStrings[i]) + 1;
data/icu-68.1/source/test/cintltst/cmsgtst.c:1090:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    umsg_applyPattern(f1,pattern,(int32_t)strlen(PAT),NULL,&status);
data/icu-68.1/source/test/cintltst/cnmdptst.c:254:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        upat=(UChar*)malloc(sizeof(UChar) * (strlen(pat[p])+1) );
data/icu-68.1/source/test/cintltst/cnmdptst.c:351:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pattern=(UChar*)malloc(sizeof(UChar) * (strlen("*#,##0.00;-*#,##0.00") + 1) );
data/icu-68.1/source/test/cintltst/cnmdptst.c:378:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        res=(UChar*)malloc(sizeof(UChar) * (strlen("$1,234.56")+1) );
data/icu-68.1/source/test/cintltst/cnmdptst.c:399:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        res=(UChar*)malloc(sizeof(UChar) * (strlen("-$1,234.56")+1) );
data/icu-68.1/source/test/cintltst/cnmdptst.c:445:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                u_unescape(result[i], res, (int32_t)strlen(result[i])+1);
data/icu-68.1/source/test/cintltst/cnmdptst.c:530:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                res=(UChar*)malloc(sizeof(UChar) * (strlen(result[i])+1) );
data/icu-68.1/source/test/cintltst/cnmdptst.c:531:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                u_unescape(result[i],res, (int32_t)(strlen(result[i])+1));
data/icu-68.1/source/test/cintltst/cnmdptst.c:595:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    res=(UChar*)malloc(sizeof(UChar) * (strlen(expected)+1) );
data/icu-68.1/source/test/cintltst/cnmdptst.c:1025:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    res=(UChar*)malloc(sizeof(UChar) * (strlen(expected)+1) );
data/icu-68.1/source/test/cintltst/cnumtst.c:888:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int32_t)strlen(numFormatted) != resultSize) {
data/icu-68.1/source/test/cintltst/cnumtst.c:890:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                     __FILE__, __LINE__, (int32_t)strlen(numFormatted), resultSize);
data/icu-68.1/source/test/cintltst/cnumtst.c:929:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int32_t)strlen(parseExpected) != resultSize) {
data/icu-68.1/source/test/cintltst/cnumtst.c:931:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    __FILE__, __LINE__, (int32_t)strlen(parseExpected), resultSize);
data/icu-68.1/source/test/cintltst/cnumtst.c:951:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ((int32_t)strlen(numFormatted) != parsePos) {
data/icu-68.1/source/test/cintltst/cnumtst.c:953:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    __FILE__, __LINE__, (int32_t)strlen(parseExpected), parsePos);
data/icu-68.1/source/test/cintltst/crestst.c:368:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                base=(UChar*)malloc(sizeof(UChar)*(strlen(NAME[j]) + 1));
data/icu-68.1/source/test/cintltst/crestst.c:392:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(action, ")");
data/icu-68.1/source/test/cintltst/crestst.c:853:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t bufLen = (int32_t)strlen(testline)+10;
data/icu-68.1/source/test/cintltst/crestst.c:944:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      T_FileStream_write(stream,testline,(int32_t)strlen(testline));
data/icu-68.1/source/test/cintltst/creststn.c:615:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            u_charsToUChars(expect,uExpect,(int32_t)strlen(expect)+1);
data/icu-68.1/source/test/cintltst/creststn.c:670:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(expect,uExpect,(int32_t)strlen(expect)+1);
data/icu-68.1/source/test/cintltst/creststn.c:697:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcPathLen = (int32_t)strlen(sourcePath);
data/icu-68.1/source/test/cintltst/creststn.c:699:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t deltaPathLen = (int32_t)strlen(deltaPath);
data/icu-68.1/source/test/cintltst/creststn.c:712:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            path[strlen("riwords.txt")]=0;
data/icu-68.1/source/test/cintltst/creststn.c:749:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            path[strlen("translit_rules.txt")]=0;
data/icu-68.1/source/test/cintltst/creststn.c:1032:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len =(int32_t)strlen(testdatapath);
data/icu-68.1/source/test/cintltst/creststn.c:1035:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_charsToUChars(testdatapath, utestdatapath, (int32_t)strlen(testdatapath)+1);
data/icu-68.1/source/test/cintltst/creststn.c:1195:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int32_t)strlen(testdatapath);
data/icu-68.1/source/test/cintltst/creststn.c:1739:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                base=(UChar*)malloc(sizeof(UChar)*(strlen(NAME[j]) + 1));
data/icu-68.1/source/test/cintltst/creststn.c:1762:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(action, ")");
data/icu-68.1/source/test/cintltst/creststn.c:1793:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(action, ")");
data/icu-68.1/source/test/cintltst/creststn.c:1834:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(action, ")");
data/icu-68.1/source/test/cintltst/creststn.c:1871:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(action, ")");
data/icu-68.1/source/test/cintltst/creststn.c:1968:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(action,")");
data/icu-68.1/source/test/cintltst/creststn.c:2853:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      u_charsToUChars(expects[i], expected, (int32_t)strlen(expects[i])+1);
data/icu-68.1/source/test/cintltst/cstrtest.c:276:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(!uprv_isInvariantString(invariantChars+strlen(invariantChars), 1)) {
data/icu-68.1/source/test/cintltst/cucdapi.c:25:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(s, " ");
data/icu-68.1/source/test/cintltst/cucdtst.c:602:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(icuVersion, U_ICU_VERSION, uprv_min((int32_t)strlen(icuVersion), (int32_t)strlen(U_ICU_VERSION))) != 0)
data/icu-68.1/source/test/cintltst/cucdtst.c:602:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(icuVersion, U_ICU_VERSION, uprv_min((int32_t)strlen(icuVersion), (int32_t)strlen(U_ICU_VERSION))) != 0)
data/icu-68.1/source/test/cintltst/cucdtst.c:1689:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(length<=0 || length!=(int32_t)strlen(name)) {
data/icu-68.1/source/test/cintltst/cucdtst.c:1798:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(length<0 || 0!=strcmp(name, names[i].name) || length!=(uint16_t)strlen(name)) {
data/icu-68.1/source/test/cintltst/cucdtst.c:1820:93:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(length<0 || (length>0 && 0!=strcmp(name, names[i].oldName)) || length!=(uint16_t)strlen(name)) {
data/icu-68.1/source/test/cintltst/cucdtst.c:1846:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if(length<0 || (length>0 && 0!=strcmp(name, expected)) || length!=(uint16_t)strlen(name)) {
data/icu-68.1/source/test/cintltst/currtest.c:125:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (str == NULL || len != expectedLen || (int32_t)strlen(str) != expectedLen) {
data/icu-68.1/source/test/cintltst/currtest.c:174:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_unescape(expectedFirst, expectedBuf, (int32_t)strlen(expectedFirst)+1);
data/icu-68.1/source/test/cintltst/currtest.c:181:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_unescape(expectedSecond, expectedBuf, (int32_t)strlen(expectedSecond)+1);
data/icu-68.1/source/test/cintltst/currtest.c:188:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_unescape(expectedThird, expectedBuf, (int32_t)strlen(expectedThird)+1);
data/icu-68.1/source/test/cintltst/custrtst.c:83:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    dataTable[i][j] = (UChar*) malloc(sizeof(UChar)*(strlen(raw[i][j])+1));
data/icu-68.1/source/test/cintltst/hpmufn.c:69:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        retStr = (char *)malloc(strlen(dataDir)+1);
data/icu-68.1/source/test/cintltst/idnatest.c:436:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf, (int32_t)strlen(asciiIn[i])+1);
data/icu-68.1/source/test/cintltst/idnatest.c:450:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf, (int32_t)strlen(asciiIn[i])+1);
data/icu-68.1/source/test/cintltst/idnatest.c:467:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufLen = (int32_t)strlen(domainNames[i]);
data/icu-68.1/source/test/cintltst/idnatest.c:497:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufLen = (int32_t)strlen(domainNames[i]);
data/icu-68.1/source/test/cintltst/idnatest.c:589:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_charsToUChars(asciiIn[0], temp, (int32_t)strlen(asciiIn[0]));
data/icu-68.1/source/test/cintltst/idnatest.c:595:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_charsToUChars(asciiIn[1], temp, (int32_t)strlen(asciiIn[1]));
data/icu-68.1/source/test/cintltst/idnatest.c:608:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf+4, (int32_t)strlen(asciiIn[i]));
data/icu-68.1/source/test/cintltst/idnatest.c:730:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t len = (int32_t)strlen(cl);
data/icu-68.1/source/test/cintltst/idnatest.c:746:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = (int32_t)strlen(cl);
data/icu-68.1/source/test/cintltst/idnatest.c:782:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t len = (int32_t)strlen(cl);
data/icu-68.1/source/test/cintltst/idnatest.c:800:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = (int32_t)strlen(cl);
data/icu-68.1/source/test/cintltst/idnatest.c:828:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len = u_unescape(INVALID_DOMAIN_NAME, invalid_idn, (int32_t)strlen(INVALID_DOMAIN_NAME));
data/icu-68.1/source/test/cintltst/idnatest.c:926:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = uidna_labelToUnicodeUTF8(uts46, fA_sharps8, (int32_t)strlen(fA_sharps8),
data/icu-68.1/source/test/cintltst/idnatest.c:934:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = uidna_nameToASCII_UTF8(uts46, fA_sharps8, (int32_t)strlen(fA_sharps8),
data/icu-68.1/source/test/cintltst/idnatest.c:1004:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = uidna_labelToUnicodeUTF8(uts46, fA_sharps8, (int32_t)strlen(fA_sharps8),
data/icu-68.1/source/test/cintltst/idnatest.c:1010:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = uidna_nameToASCII_UTF8(uts46, dest8, (int32_t)strlen(fA_sharps8),
data/icu-68.1/source/test/cintltst/nccbtst.c:2757:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:2758:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/nccbtst.c:2953:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:2954:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/nccbtst.c:3131:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:3132:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/nccbtst.c:3310:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/nccbtst.c:3311:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:239:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:400:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*p);
data/icu-68.1/source/test/cintltst/ncnvfbts.c:401:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[p-junkout]);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1292:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%02x, ", (0xFF) & (unsigned int)*ptr);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1293:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%02x, ", (0xFF) & (unsigned int)junokout[ptr-junkout]);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1469:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*ptr);
data/icu-68.1/source/test/cintltst/ncnvtst.c:1470:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[ptr-junkout]);
data/icu-68.1/source/test/cintltst/nfsprep.c:231:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        srcLength = (int32_t)strlen(src);
data/icu-68.1/source/test/cintltst/nucnvtst.c:458:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf(junk + strlen(junk), "0x%02x, ", (int)(0xFF & *ptr));
data/icu-68.1/source/test/cintltst/nucnvtst.c:459:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sprintf(offset_str + strlen(offset_str), "0x%02x, ", (int)(0xFF & junokout[ptr-junkout]));
data/icu-68.1/source/test/cintltst/nucnvtst.c:621:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(junk + strlen(junk), "0x%04x, ", (0xFFFF) & (unsigned int)*ptr);
data/icu-68.1/source/test/cintltst/nucnvtst.c:622:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(offset_str + strlen(offset_str), "0x%04x, ", (0xFFFF) & (unsigned int)junokout[ptr-junkout]);
data/icu-68.1/source/test/cintltst/nucnvtst.c:1264:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* saveDirectory = (char*)malloc(sizeof(char) *(strlen(u_getDataDirectory())+1));
data/icu-68.1/source/test/cintltst/nucnvtst.c:1265:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(directory);
data/icu-68.1/source/test/cintltst/nucnvtst.c:1274:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((unsigned int)(index-tdpath) != (strlen(tdpath)-1)){
data/icu-68.1/source/test/cintltst/nucnvtst.c:1561:98:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sjisLength = ucnv_toUChars(sjis_cnv, sjisResult, UPRV_LENGTHOF(sjisResult), target, (int32_t)strlen(target), &status);
data/icu-68.1/source/test/cintltst/nucnvtst.c:1570:106:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    /*asciiLength =*/ ucnv_toUChars(ascii_cnv, asciiResult, UPRV_LENGTHOF(asciiResult), target, (int32_t)strlen(target), &status);
data/icu-68.1/source/test/cintltst/nucnvtst.c:5519:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char* sourceLimit = data+strlen(data);
data/icu-68.1/source/test/cintltst/nucnvtst.c:5572:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char* sourceLimit = data+strlen(data);
data/icu-68.1/source/test/cintltst/putiltst.c:190:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dataDirectoryLen=(int32_t)strlen(dataDirectory);
data/icu-68.1/source/test/cintltst/reapits.c:64:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t testStringLen = (int32_t)strlen(testString); \
data/icu-68.1/source/test/cintltst/reapits.c:85:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
     int32_t  len = (int32_t)strlen(expected);
data/icu-68.1/source/test/cintltst/reapits.c:275:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            TEST_ASSERT(len==(int32_t)strlen("abc*"));
data/icu-68.1/source/test/cintltst/reapits.c:654:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("abc interior def"));
data/icu-68.1/source/test/cintltst/reapits.c:661:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen(" interior "));
data/icu-68.1/source/test/cintltst/reapits.c:672:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("abc interior def"));
data/icu-68.1/source/test/cintltst/reapits.c:681:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("abc interior def"));
data/icu-68.1/source/test/cintltst/reapits.c:685:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        resultSz = uregex_group(re, 0, buf, (int32_t)strlen("abc interior def"), &status);
data/icu-68.1/source/test/cintltst/reapits.c:688:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("abc interior def"));
data/icu-68.1/source/test/cintltst/reapits.c:689:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(buf[strlen("abc interior def")] == (UChar)0xffff);
data/icu-68.1/source/test/cintltst/reapits.c:846:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("Replace xaax x1x x...x."));
data/icu-68.1/source/test/cintltst/reapits.c:854:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("No match here."));
data/icu-68.1/source/test/cintltst/reapits.c:860:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        resultSz = uregex_replaceFirst(re, replText, -1, buf, (int32_t)strlen("Replace <aa> x1x x...x."), &status);
data/icu-68.1/source/test/cintltst/reapits.c:863:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("Replace xaax x1x x...x."));
data/icu-68.1/source/test/cintltst/reapits.c:871:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        resultSz = uregex_replaceFirst(re, replText, -1, buf, (int32_t)strlen("Replace <aa> x1x x...x."), &status);
data/icu-68.1/source/test/cintltst/reapits.c:874:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("Replace xaax x1x x...x."));
data/icu-68.1/source/test/cintltst/reapits.c:881:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("Replace xaax x1x x...x."));
data/icu-68.1/source/test/cintltst/reapits.c:886:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        resultSz = uregex_replaceFirst(re, replText, -1, buf, (int32_t)strlen("Replace <aa> x1x x...x.")-1, &status);
data/icu-68.1/source/test/cintltst/reapits.c:889:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSz == (int32_t)strlen("Replace xaax x1x x...x."));
data/icu-68.1/source/test/cintltst/reapits.c:917:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        expectedResultSize = (int32_t)strlen(expectedResult);
data/icu-68.1/source/test/cintltst/reapits.c:918:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        expectedResultSize2 = (int32_t)strlen(expectedResult2);
data/icu-68.1/source/test/cintltst/reapits.c:954:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        resultSize = uregex_replaceAll(re, replText, -1, buf, (int32_t)strlen("Replace xaax x1x x...x."), &status);
data/icu-68.1/source/test/cintltst/reapits.c:957:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSize == (int32_t)strlen("Replace <aa> <1> <...>."));
data/icu-68.1/source/test/cintltst/reapits.c:964:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        TEST_ASSERT(resultSize == (int32_t)strlen("Replace <aa> <1> <...>."));
data/icu-68.1/source/test/cintltst/reapits.c:1201:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                spaceNeeded = (int32_t)strlen("first .tag-a. second.tag-b.  third.");  /* "." at NUL positions */
data/icu-68.1/source/test/cintltst/reapits.c:1220:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            spaceNeeded = (int32_t)strlen("first . second<tag-b>  third.");  /* "." at NUL positions */
data/icu-68.1/source/test/cintltst/reapits.c:1239:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            spaceNeeded = (int32_t)strlen("first .tag-a. second<tag-b>  third.");  /* "." at NUL positions */
data/icu-68.1/source/test/cintltst/reapits.c:1260:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            spaceNeeded = (int32_t)strlen("first .tag-a. second.tag-b.  third.");  /* "." at NUL positions */
data/icu-68.1/source/test/cintltst/reapits.c:1266:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sz = (int32_t)strlen("first <tag-a> second<tag-b>");
data/icu-68.1/source/test/cintltst/reapits.c:1288:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                spaceNeeded = (int32_t)strlen("first .tag-a. second.tag-b..");  /* "." at NUL positions */
data/icu-68.1/source/test/cintltst/reapits.c:2153:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uregex_setText(re, textToSplit, (int32_t)strlen("first <tag-a> second<tag-b>"), &status);
data/icu-68.1/source/test/cintltst/spooftest.c:140:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fileName = malloc(strlen(dataSrcDir) + 100);
data/icu-68.1/source/test/cintltst/spreptst.c:333:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        destLen = nfs4_cis_prepare(src , (int32_t)strlen(src), dest, destLen, &parseError, &status); 
data/icu-68.1/source/test/cintltst/spreptst.c:337:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            destLen = nfs4_cis_prepare( src , (int32_t)strlen(src), dest, destLen, &parseError, &status); 
data/icu-68.1/source/test/cintltst/spreptst.c:453:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            srcLen = unescapeData(mixed_prep_data[i], (int32_t)strlen(mixed_prep_data[i]), src, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:479:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcLen = unescapeData(source, (int32_t)strlen(source), src, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:506:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcLen = unescapeData(source, (int32_t)strlen(source), src, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:529:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcLen = unescapeData(source, (int32_t)strlen(source), src, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:552:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcLen = unescapeData(source, (int32_t)strlen(source), src, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:577:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t srcLen = unescapeData(source, (int32_t)strlen(source), src, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:578:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t expLen = unescapeData(expected, (int32_t)strlen(expected), exp, MAX_BUFFER_SIZE, &status);
data/icu-68.1/source/test/cintltst/spreptst.c:589:131:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                log_err("Did not get the expected length for the outputfor case: Case Mapping Turned On. Expected: %i Got: %i\n", strlen(expected), destLen);
data/icu-68.1/source/test/cintltst/sprpdata.c:301:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename = (char*) malloc(strlen(srcdatapath)+strlen(relativepath)+strlen(txtFileName)+10 );
data/icu-68.1/source/test/cintltst/sprpdata.c:301:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename = (char*) malloc(strlen(srcdatapath)+strlen(relativepath)+strlen(txtFileName)+10 );
data/icu-68.1/source/test/cintltst/sprpdata.c:301:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename = (char*) malloc(strlen(srcdatapath)+strlen(relativepath)+strlen(txtFileName)+10 );
data/icu-68.1/source/test/cintltst/tracetst.c:85:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(result) >= sizeof(expectedResult)) {
data/icu-68.1/source/test/cintltst/tracetst.c:154:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(buf) == 0) {
data/icu-68.1/source/test/cintltst/tracetst.c:183:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(buf) == 0) {
data/icu-68.1/source/test/cintltst/udatatst.c:134:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* path=(char*)malloc(sizeof(char) * (strlen(ctest_dataOutDir())
data/icu-68.1/source/test/cintltst/udatatst.c:135:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                           + strlen(U_ICUDATA_NAME)
data/icu-68.1/source/test/cintltst/udatatst.c:136:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                           + strlen("/build/tmp/..")+1 ) );
data/icu-68.1/source/test/cintltst/udatatst.c:165:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      icuDataFilePath = (char *)uprv_malloc(strlen(path) + 10);
data/icu-68.1/source/test/cintltst/udatatst.c:205:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      icuDataFilePath = (char *)malloc(strlen(path) + 10);
data/icu-68.1/source/test/cintltst/udatatst.c:246:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    icuDataFilePath = (char *)malloc(strlen(ctest_dataOutDir()) + 50);
data/icu-68.1/source/test/cintltst/udatatst.c:358:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while (strlen(longTestPath) < 500) {
data/icu-68.1/source/test/cintltst/udatatst.c:376:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        while (strlen(longName) < 500) {
data/icu-68.1/source/test/cintltst/udatatst.c:378:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(longName, "_");
data/icu-68.1/source/test/cintltst/udatatst.c:503:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        retStr = (char *)malloc(strlen(dataDir)+1);
data/icu-68.1/source/test/cintltst/uenumtst.c:78:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *resultLength = (int32_t)strlen(cont->currChar);
data/icu-68.1/source/test/cintltst/uenumtst.c:92:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *resultLength = (int32_t)strlen(cont->currChar);
data/icu-68.1/source/test/cintltst/uenumtst.c:353:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(len!=(int32_t)strlen(compareToChar[i])) {
data/icu-68.1/source/test/cintltst/uenumtst.c:354:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        log_err("%s:%d: FAIL: string #%d expected len %d got %d\n", __FILE__, line, i, strlen(compareToChar[i]), len);
data/icu-68.1/source/test/cintltst/uenumtst.c:379:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      u_charsToUChars(compareToChar[i], buf, (int32_t)strlen(compareToChar[i])+1);
data/icu-68.1/source/test/cintltst/uenumtst.c:390:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(len!=(int32_t)strlen(compareToChar[i])) {
data/icu-68.1/source/test/cintltst/uenumtst.c:391:89:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        log_err("%s:%d: FAIL: ustring #%d expected len %d got %d\n", __FILE__, line, i, strlen(compareToChar[i]), len);
data/icu-68.1/source/test/cintltst/unumberformattertst.c:285:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assertIntEquals("Length should be as expected", strlen(buffer), len);
data/icu-68.1/source/test/cintltst/unumberformattertst.c:356:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            u_strFromUTF8(ubuffer, BUFFER_LEN, &outputlen, buffer, (int32_t)strlen(buffer), &status);
data/icu-68.1/source/test/cintltst/unumberrangeformattertst.c:183:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assertIntEquals("First len should be as expected", strlen(buffer), len);
data/icu-68.1/source/test/cintltst/unumberrangeformattertst.c:187:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assertIntEquals("Second len should be as expected", strlen(buffer), len);
data/icu-68.1/source/test/cintltst/usettest.c:280:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(strCopy, stringStart, stringLength);
data/icu-68.1/source/test/cintltst/usettest.c:377:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (uset_isEmpty(set) != (strlen(items)==0)) {
data/icu-68.1/source/test/cintltst/usettest.c:380:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(items)==0 ? "TRUE" : "FALSE");
data/icu-68.1/source/test/cintltst/usettest.c:427:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(strCopy, stringStart, stringLength);
data/icu-68.1/source/test/cintltst/utf8tst.c:995:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t length = (int32_t)strlen(s);
data/icu-68.1/source/test/cintltst/utransts.c:70:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    rep->text = malloc(sizeof(UChar) * (strlen(cstring)+1));
data/icu-68.1/source/test/cintltst/utransts.c:523:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(DATA[i], filt, (int32_t)strlen(DATA[i])+1);
data/icu-68.1/source/test/cintltst/utransts.c:533:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(DATA[i+1], buf, (int32_t)strlen(DATA[i+1])+1);
data/icu-68.1/source/test/cintltst/utransts.c:544:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(DATA[i+2], exp, (int32_t)strlen(DATA[i+2])+1);
data/icu-68.1/source/test/intltest/bytestrietest.cpp:696:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t stringLength= (i&1) ? -1 : static_cast<int32_t>(strlen(data[i].s));
data/icu-68.1/source/test/intltest/bytestrietest.cpp:711:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        stringLength = static_cast<int32_t>(strlen(data[i].s));
data/icu-68.1/source/test/intltest/bytestrietest.cpp:781:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t stringLength= static_cast<int32_t>(strlen(expectedString));
data/icu-68.1/source/test/intltest/bytestrietest.cpp:835:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t stringLength= static_cast<int32_t>(strlen(expectedString));
data/icu-68.1/source/test/intltest/bytestrietest.cpp:891:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t stringLength = static_cast<int32_t>(strlen(expectedString));
data/icu-68.1/source/test/intltest/convtest.cpp:720:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *sourceLimit = text + strlen(text);
data/icu-68.1/source/test/intltest/convtest.cpp:759:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sourceLimit = text2 + strlen(text2);
data/icu-68.1/source/test/intltest/convtest.cpp:792:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sourceLimit = illFormed + strlen(illFormed);
data/icu-68.1/source/test/intltest/convtest.cpp:853:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t sourceLen = (int32_t)strlen(text);
data/icu-68.1/source/test/intltest/convtest.cpp:1632:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length=(int32_t)strlen(cc.subchar);
data/icu-68.1/source/test/intltest/dtptngts.cpp:1198:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(message, "/");
data/icu-68.1/source/test/intltest/idnaconf.cpp:77:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int t = static_cast<int>(strlen(path) + strlen(name) + 1);
data/icu-68.1/source/test/intltest/idnaconf.cpp:77:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int t = static_cast<int>(strlen(path) + strlen(name) + 1);
data/icu-68.1/source/test/intltest/intltest.cpp:584:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(basePath, "/");
data/icu-68.1/source/test/intltest/intltest.cpp:698:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(baseName, "/");
data/icu-68.1/source/test/intltest/intltest.cpp:762:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char * saveBaseLoc = baseName+strlen(baseName);
data/icu-68.1/source/test/intltest/intltest.cpp:787:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(saveBaseLoc,"/");
data/icu-68.1/source/test/intltest/intltest.cpp:813:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if(!no_time) str_timeDelta(msg+strlen(msg),timeStop-timeStart);
data/icu-68.1/source/test/intltest/intltest.cpp:817:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if(!no_time) str_timeDelta(msg+strlen(msg),timeStop-timeStart);
data/icu-68.1/source/test/intltest/intltest.cpp:1622:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tdpath = (char*) malloc(sizeof(char) *(( strlen(directory) * strlen(tdrelativepath)) + 100));
data/icu-68.1/source/test/intltest/intltest.cpp:1622:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tdpath = (char*) malloc(sizeof(char) *(( strlen(directory) * strlen(tdrelativepath)) + 100));
data/icu-68.1/source/test/intltest/loctest.cpp:993:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(loc.getISO3Language()) == 0) {
data/icu-68.1/source/test/intltest/loctest.cpp:4272:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t slen = (int32_t)strlen(string),
data/icu-68.1/source/test/intltest/loctest.cpp:4273:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            plen = (int32_t)strlen(prefix);
data/icu-68.1/source/test/intltest/loctest.cpp:5261:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(loc.getName(), loc.getBaseName(), strlen(loc.getBaseName()))) {
data/icu-68.1/source/test/intltest/plurults.cpp:864:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int fractionDigitCount = decimalPoint == NULL ? 0 : static_cast<int>((num + strlen(num) - 1) - decimalPoint);
data/icu-68.1/source/test/intltest/rbbitst.cpp:1401:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (testDataDirectory == NULL || strlen(testDataDirectory) >= sizeof(testFileName)) {
data/icu-68.1/source/test/intltest/regextst.cpp:138:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      bufPtr+= strlen(bufPtr)-1;
data/icu-68.1/source/test/intltest/regextst.cpp:173:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          sprintf(ASSERT_BUF+strlen(ASSERT_BUF),"\\u%02x",ch);
data/icu-68.1/source/test/intltest/regextst.cpp:258:123:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      errln("%s:%d: assertUText: error %s calling utext_openUTF8(expected: %d chars)\n", file, line, u_errorName(status), strlen(expected));
data/icu-68.1/source/test/intltest/regextst.cpp:261:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(utext_nativeLength(&expectedText)==0 && (strlen(expected)!=0)) {
data/icu-68.1/source/test/intltest/regextst.cpp:262:126:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      errln("%s:%d: assertUText:  expected is %d utf-8 bytes, but utext_nativeLength(expectedText) returned 0.", file, line, strlen(expected));
data/icu-68.1/source/test/intltest/regextst.cpp:284:148:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      errln("%s:%d: assertUTextInvariant: error %s calling regextst_openUTF8FromInvariant(expected: %d chars)\n", file, line, u_errorName(status), strlen(expected));
data/icu-68.1/source/test/intltest/regextst.cpp:322:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(length==-1) length=strlen(inv);
data/icu-68.1/source/test/intltest/regextst.cpp:1857:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t input1Len = static_cast<int32_t>(strlen("abcdef this is a test")); /* TODO: why not nativelen (input1) ? */
data/icu-68.1/source/test/intltest/regextst.cpp:1858:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int32_t input2Len = static_cast<int32_t>(strlen("not abc"));
data/icu-68.1/source/test/intltest/regextst.cpp:2323:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        REGEX_ASSERT(m.regionEnd() == (int32_t)strlen("This is test data"));
data/icu-68.1/source/test/intltest/regextst.cpp:2336:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        REGEX_ASSERT(m.regionEnd() == (int32_t)strlen("This is test data"));
data/icu-68.1/source/test/intltest/regextst.cpp:2342:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        REGEX_ASSERT(m.regionEnd() == (int32_t)strlen("short"));
data/icu-68.1/source/test/intltest/restest.cpp:304:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *versionID1 = new char[1+strlen(version1)]; // + 1 for zero byte
data/icu-68.1/source/test/intltest/restest.cpp:305:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *versionID2 = new char[1+ strlen(version2)]; // + 1 for zero byte
data/icu-68.1/source/test/intltest/restsnew.cpp:323:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *versionID1 = new char[1 + strlen(U_ICU_VERSION) + strlen(version1)]; // + 1 for zero byte
data/icu-68.1/source/test/intltest/restsnew.cpp:323:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *versionID1 = new char[1 + strlen(U_ICU_VERSION) + strlen(version1)]; // + 1 for zero byte
data/icu-68.1/source/test/intltest/restsnew.cpp:324:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *versionID2 = new char[1 + strlen(U_ICU_VERSION) + strlen(version2)]; // + 1 for zero byte
data/icu-68.1/source/test/intltest/restsnew.cpp:324:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *versionID2 = new char[1 + strlen(U_ICU_VERSION) + strlen(version2)]; // + 1 for zero byte
data/icu-68.1/source/test/intltest/ssearch.cpp:113:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (U_FAILURE(status) || strlen(testDataDirectory) + strlen(filename) + 1 >= PATH_BUFFER_SIZE) {
data/icu-68.1/source/test/intltest/ssearch.cpp:113:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (U_FAILURE(status) || strlen(testDataDirectory) + strlen(filename) + 1 >= PATH_BUFFER_SIZE) {
data/icu-68.1/source/test/intltest/strcase.cpp:1242:11:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    Edits mismatch;
data/icu-68.1/source/test/intltest/strcase.cpp:1243:5:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    mismatch.addReplace(1, 1);
data/icu-68.1/source/test/intltest/strcase.cpp:1244:28:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    ac.mergeAndAppend(ab2, mismatch, errorCode);
data/icu-68.1/source/test/intltest/strcase.cpp:1247:23:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    ac.mergeAndAppend(mismatch, bc2, errorCode);
data/icu-68.1/source/test/intltest/strtest.cpp:738:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (0 != strcmp(longStr, chStr.data()) || (int32_t)strlen(longStr) != chStr.length()) {
data/icu-68.1/source/test/intltest/strtest.cpp:744:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (0 != strcmp(longStr, copy.data()) || (int32_t)strlen(longStr) != copy.length()) {
data/icu-68.1/source/test/intltest/strtest.cpp:754:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (0 != strcmp(expected, chStr.data()) || (int32_t)strlen(expected) != chStr.length()) {
data/icu-68.1/source/test/intltest/strtest.cpp:766:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (0 != strcmp(expected, chStr.data()) || (int32_t)strlen(expected) != chStr.length()) {
data/icu-68.1/source/test/intltest/strtest.cpp:778:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (0 != strcmp(expected, chStr.data()) || (int32_t)strlen(expected) != chStr.length()) {
data/icu-68.1/source/test/intltest/testidn.cpp:91:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* filename = (char*) malloc(strlen(IntlTest::pathToDataDirectory())*1024);
data/icu-68.1/source/test/intltest/testidna.cpp:706:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf, (int32_t)(strlen(asciiIn[i])+1));
data/icu-68.1/source/test/intltest/testidna.cpp:718:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf, (int32_t)(strlen(asciiIn[i])+1));
data/icu-68.1/source/test/intltest/testidna.cpp:732:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufLen = (int32_t)strlen(domainNames[i]);
data/icu-68.1/source/test/intltest/testidna.cpp:758:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        bufLen = (int32_t)strlen(domainNames[i]);
data/icu-68.1/source/test/intltest/testidna.cpp:804:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf+4, (int32_t)(strlen(asciiIn[i])+1));
data/icu-68.1/source/test/intltest/testidna.cpp:915:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            bufLen =  (int32_t)strlen(errorCase.ascii);
data/icu-68.1/source/test/intltest/testidna.cpp:1164:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf, (int32_t)(strlen(asciiIn[i])+1));
data/icu-68.1/source/test/intltest/testidna.cpp:1203:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_charsToUChars(asciiIn[i],buf+4, (int32_t)(strlen(asciiIn[i])+1));
data/icu-68.1/source/test/intltest/transrt.cpp:523:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (roundtripExclusions != NULL && strlen(roundtripExclusions) > 0) {
data/icu-68.1/source/test/intltest/transrt.cpp:982:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(temp, "[");
data/icu-68.1/source/test/intltest/transrt.cpp:985:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(temp, "]");
data/icu-68.1/source/test/intltest/transrt.cpp:1005:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(temp, "[");
data/icu-68.1/source/test/intltest/transrt.cpp:1008:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(temp, "]");
data/icu-68.1/source/test/intltest/tsmthred.cpp:815:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t bufLen = strlen(buffer);
data/icu-68.1/source/test/intltest/usettest.cpp:2901:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return isUTF16 ? u_strlen((const UChar *)s) : static_cast<int32_t>(strlen((const char *)s));
data/icu-68.1/source/test/intltest/winnmtst.cpp:221:54:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    appendTo.append((const UChar *)buffer, (int32_t) wcslen(buffer));
data/icu-68.1/source/test/intltest/winnmtst.cpp:307:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(localeID, ";");
data/icu-68.1/source/test/intltest/winnmtst.cpp:309:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(localeID, "@");
data/icu-68.1/source/test/iotest/filetst.c:473:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t expectedSize = (int32_t)strlen(testStr);
data/icu-68.1/source/test/iotest/filetst.c:631:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t expectedSize = (int32_t)strlen(testStr);
data/icu-68.1/source/test/iotest/filetst.c:668:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        u_uastrncpy(expectedBuffer, charBuffer, (int32_t)strlen(charBuffer)+1);
data/icu-68.1/source/test/iotest/filetst.c:762:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t lineLen = (int32_t)strlen(line);
data/icu-68.1/source/test/iotest/filetst.c:773:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fwrite(prefixLine, strlen(prefixLine), 1, stdFile);
data/icu-68.1/source/test/iotest/filetst.c:786:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_uastrncpy(expectedBuffer, prefixLine, (int32_t)strlen(prefixLine)+1);
data/icu-68.1/source/test/iotest/filetst.c:793:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    u_uastrncpy(expectedBuffer, line, (int32_t)strlen(line)+1);
data/icu-68.1/source/test/iotest/filetst.c:1126:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (num = 0; num < (int32_t)strlen(C_NEW_LINE); num++) {
data/icu-68.1/source/test/iotest/filetst.c:1132:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (num = 0; num < (int32_t)strlen(C_NEW_LINE); num++) {
data/icu-68.1/source/test/iotest/iotest.cpp:146:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tdpath = (char*) malloc(sizeof(char) *(( strlen(directory) * strlen(tdrelativepath)) + 100));
data/icu-68.1/source/test/iotest/iotest.cpp:146:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            tdpath = (char*) malloc(sizeof(char) *(( strlen(directory) * strlen(tdrelativepath)) + 100));
data/icu-68.1/source/test/iotest/stream.cpp:79:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(defConvName, ucnv_getDefaultName(), UPRV_LENGTHOF(defConvName));
data/icu-68.1/source/test/iotest/strtst.c:212:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (retVal != (int32_t)strlen(longStr)) {
data/icu-68.1/source/test/iotest/strtst.c:213:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            log_err("%%S returned different sizes. Got: %d  Expected: %d\n", retVal, strlen(longStr));
data/icu-68.1/source/test/iotest/strtst.c:221:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (retVal != (int32_t)strlen(longStr)) {
data/icu-68.1/source/test/iotest/strtst.c:222:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            log_err("%%S returned different sizes. Got: %d  Expected: %d\n", retVal, strlen(longStr));
data/icu-68.1/source/test/iotest/strtst.c:236:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (retVal != (int32_t)strlen(longStr + 10)) {
data/icu-68.1/source/test/iotest/strtst.c:237:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            log_err("%%S returned different sizes. Got: %d  Expected: %d\n", retVal, strlen(longStr));
data/icu-68.1/source/test/letest/PortableFontInstance.cpp:420:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while((r = fgetc(fFile)) != EOF) {
data/icu-68.1/source/test/letest/letsutil.cpp:103:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(lang) != 3) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:441:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            totalKeyLen += strlen(gFileLines[line].winSortKey);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:444:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            totalKeyLen += strlen(gFileLines[line].icuSortKey);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:447:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            totalKeyLen += strlen(gFileLines[line].unixSortKey);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:802:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        accumulatedLen[len] += strlen(gFileLines[i].icuSortKey);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:849:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ucol_setText(iter, str, strlen, &error);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:869:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ucol_setText(iter, str, strlen, &error);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:895:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    str = (UChar *)malloc(sizeof(UChar) * strlen);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:898:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strindex < strlen) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:908:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("Total size of strings %d\n", strlen);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:916:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iter = ucol_openElements(gCol, str, strlen, &error);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:936:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strindex > strlen) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:962:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strindex > strlen) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1012:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ucol_setText(iter, str, strlen, &error);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1033:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            ucol_setText(iter, str, strlen, &error);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1059:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    str = (UChar *)malloc(sizeof(UChar) * strlen);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1062:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    while (strindex < strlen) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1072:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    printf("Total size of strings %d\n", strlen);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1081:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iter = ucol_openElements(gCol, str, strlen, &error);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1099:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 if (strindex > strlen) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1125:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 if (strindex > strlen) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1246:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    BOMC1 = fgetc(fFile);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1247:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    BOMC2 = fgetc(fFile);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1253:57:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    else if (BOMC1 == 0xEF && BOMC2 == 0xBB && (BOMC3 = fgetc(fFile)) == 0xBF ) {
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1277:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cL = fgetc(fFile);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1278:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cH = fgetc(fFile);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1289:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cH = fgetc(fFile);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1290:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cL = fgetc(fFile);
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1306:22:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            int ch = fgetc(fFile);   // Note:  c and ch are separate cause eof test doesn't work on UChar type.
data/icu-68.1/source/test/perf/collationperf/collperf.cpp:1335:28:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                bytes[i] = fgetc(fFile);
data/icu-68.1/source/test/perf/collperf/collperf.cpp:237:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strindex > strlen) {
data/icu-68.1/source/test/perf/collperf/collperf.cpp:259:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strindex > strlen) {
data/icu-68.1/source/test/perf/dicttrieperf/dicttrieperf.cpp:152:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            itemNames.append(name, strlen(name)+1, errorCode);
data/icu-68.1/source/test/perf/howExpensiveIs/howExpensiveIs.cpp:52:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = strlen(testName);
data/icu-68.1/source/test/perf/leperf/PortableFontInstance.cpp:428:14:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while((r = fgetc(fFile)) != EOF) {
data/icu-68.1/source/test/perf/leperf/leperf.cpp:70:7:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      getchar();
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:519:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    BOMC1 = fgetc(fFile);
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:520:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    BOMC2 = fgetc(fFile);
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:526:57:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    else if (BOMC1 == 0xEF && BOMC2 == 0xBB && (BOMC3 = fgetc(fFile)) == 0xBF ) {
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:550:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cL = fgetc(fFile);
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:551:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cH = fgetc(fFile);
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:562:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cH = fgetc(fFile);
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:563:18:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            cL = fgetc(fFile);
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:579:22:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            int ch = fgetc(fFile);   // Note:  c and ch are separate cause eof test doesn't work on UChar type.
data/icu-68.1/source/test/perf/ubrkperf/ubrkperfold.cpp:608:28:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                bytes[i] = fgetc(fFile);
data/icu-68.1/source/tools/ctestfw/ctest.c:143:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((int)strlen(s2) >= n) && s2[n] != 0) {
data/icu-68.1/source/tools/ctestfw/ctest.c:163:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(n, name, *nameLen);
data/icu-68.1/source/tools/ctestfw/ctest.c:168:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *nameLen = (int)strlen(name);
data/icu-68.1/source/tools/ctestfw/ctest.c:182:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( newNode->name, name, nameLen );
data/icu-68.1/source/tools/ctestfw/ctest.c:423:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int spaces = FLAG_INDENT - ((int)strlen(root->name) + depth);
data/icu-68.1/source/tools/ctestfw/ctest.c:690:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((*pattern==0) || (pattern[strlen(pattern)-1]!='\n')) {
data/icu-68.1/source/tools/ctestfw/ctest.c:732:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((*pattern==0) || (pattern[strlen(pattern)-1]!='\n')) {
data/icu-68.1/source/tools/ctestfw/ctest.c:782:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((*pattern==0) || (pattern[strlen(pattern)-1]!='\n')) {
data/icu-68.1/source/tools/ctestfw/ctest.c:1284:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *p = XML_PREFIX+strlen(XML_PREFIX);
data/icu-68.1/source/tools/escapesrc/escapesrc.cpp:304:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      pos += strlen(newSeq) - 1;
data/icu-68.1/source/tools/genbrk/genbrk.cpp:187:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    udata_writeBlock(pData, msg, strlen(msg));
data/icu-68.1/source/tools/gencfu/gencfu.cpp:201:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    udata_writeBlock(pData, msg, strlen(msg));
data/icu-68.1/source/tools/gendict/gendict.cpp:309:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    udata_writeBlock(pData, msg, strlen(msg));
data/icu-68.1/source/tools/genrb/wrtxml.cpp:749:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        printAttribute("restype", integer_restype, (int32_t) strlen(integer_restype));
data/icu-68.1/source/tools/gentest/genres32.c:59:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(file[strlen(file)-1]!=U_FILE_SEP_CHAR) {
data/icu-68.1/source/tools/gentest/gentest.c:150:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        file[strlen(file)-1]!=U_FILE_SEP_CHAR) {
data/icu-68.1/source/tools/icupkg/icupkg.cpp:255:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len=(int32_t)strlen(filename)-4; /* -4: subtract the length of ".dat" */
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:523:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len = static_cast<int32_t>(strlen(command));
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2220:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (int32_t length = strlen(buf) - 1; length >= 0; length--) {
data/icu-68.1/source/tools/pkgdata/pkgdata.cpp:2238:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf[strlen(buf)] = 0;
data/icu-68.1/source/tools/pkgdata/pkgtypes.c:233:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(aBuf, strAlias,(rPtr-strAlias));
data/icu-68.1/source/tools/toolutil/filestrm.cpp:133:13:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int c = fgetc((FILE*)fileStream);
data/icu-68.1/source/tools/toolutil/filestrm.cpp:148:17:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int32_t c = fgetc((FILE*)fileStream);
data/icu-68.1/source/tools/toolutil/package.cpp:183:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len=(int32_t)strlen(basename)-4; /* -4: subtract the length of ".dat" */
data/icu-68.1/source/tools/toolutil/package.cpp:257:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if((int32_t)(strlen(path)+1)>=capacity) {
data/icu-68.1/source/tools/toolutil/package.cpp:273:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if((int32_t)((s-filename)+strlen(name))>=capacity) {
data/icu-68.1/source/tools/toolutil/package.cpp:291:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sep=strchr(filename, 0)-strlen(name);
data/icu-68.1/source/tools/toolutil/package.cpp:436:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(p)>=sizeof(pkgPrefix)) {
data/icu-68.1/source/tools/toolutil/package.cpp:613:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int32_t inPkgNameLength= static_cast<int32_t>(strlen(inPkgName));
data/icu-68.1/source/tools/toolutil/package.cpp:617:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( (int32_t)strlen(s)>=(inPkgNameLength+2) &&
data/icu-68.1/source/tools/toolutil/package.cpp:708:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length=(int32_t)strlen(comment);
data/icu-68.1/source/tools/toolutil/package.cpp:772:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        prefixLength=(int32_t)strlen(prefix);
data/icu-68.1/source/tools/toolutil/package.cpp:774:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        prefixLength=(int32_t)strlen(pkgPrefix);
data/icu-68.1/source/tools/toolutil/package.cpp:800:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length=(int32_t)strlen(items[i].name);
data/icu-68.1/source/tools/toolutil/package.cpp:951:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        findPrefixLength=(int32_t)strlen(pattern);
data/icu-68.1/source/tools/toolutil/package.cpp:956:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        findSuffixLength=(int32_t)strlen(findSuffix);
data/icu-68.1/source/tools/toolutil/package.cpp:983:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        nameLength=(int32_t)strlen(name);
data/icu-68.1/source/tools/toolutil/package.cpp:1046:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        items[idx].name=allocString(TRUE, static_cast<int32_t>(strlen(name)));
data/icu-68.1/source/tools/toolutil/pkg_genc.cpp:415:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
        strcat(entry, "_");
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:147:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        idLength=(int32_t)strlen(id);
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:149:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    suffixLength=(int32_t)strlen(suffix);
data/icu-68.1/source/tools/toolutil/pkgitems.cpp:534:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            baseNameLength=(int32_t)strlen(inBaseName);
data/icu-68.1/source/tools/toolutil/unewdata.cpp:74:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    	length += static_cast<int32_t>(strlen(dir));
data/icu-68.1/source/tools/toolutil/unewdata.cpp:77:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (dir[strlen(dir) - 1]!= dirSepChar) {
data/icu-68.1/source/tools/toolutil/unewdata.cpp:81:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length += static_cast<int32_t>(strlen(name));		/* Add the filename length */
data/icu-68.1/source/tools/toolutil/unewdata.cpp:84:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        length += static_cast<int32_t>(strlen(type));
data/icu-68.1/source/tools/toolutil/unewdata.cpp:98:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *p=filename+strlen(dir);
data/icu-68.1/source/tools/toolutil/uparse.cpp:371:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        sLen = (int32_t)strlen(source);
data/icu-68.1/source/tools/toolutil/uparse.cpp:374:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while(read < source+sLen) {
data/icu-68.1/source/tools/toolutil/uparse.cpp:375:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        sscanf(read, "%2x", &value);
data/icu-68.1/source/tools/tzcode/asctime.c:107:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		((strlen(year) <= 4) ? ASCTIME_FMT : ASCTIME_FMT_B),
data/icu-68.1/source/tools/tzcode/asctime.c:112:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(result) < STD_ASCTIME_BUF_SIZE || buf == buf_asctime)
data/icu-68.1/source/tools/tzcode/ialloc.c:16:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	newsize = (new == NULL) ? 0 : strlen(new);
data/icu-68.1/source/tools/tzcode/ialloc.c:21:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else	oldsize = strlen(old);
data/icu-68.1/source/tools/tzcode/localtime.c:309:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(cp) > TZ_ABBR_MAX_LEN &&
data/icu-68.1/source/tools/tzcode/localtime.c:369:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(p) + strlen(name) + 1) >= sizeof fullname)
data/icu-68.1/source/tools/tzcode/localtime.c:369:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((strlen(p) + strlen(name) + 1) >= sizeof fullname)
data/icu-68.1/source/tools/tzcode/localtime.c:372:11:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
			(void) strcat(fullname, "/");
data/icu-68.1/source/tools/tzcode/localtime.c:386:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	nread = read(fid, up->buf, sizeof up->buf);
data/icu-68.1/source/tools/tzcode/localtime.c:938:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		stdlen = strlen(name);	/* length of standard zone name */
data/icu-68.1/source/tools/tzcode/localtime.c:1157:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	(void) strncpy(cp, stdname, stdlen);
data/icu-68.1/source/tools/tzcode/localtime.c:1161:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(cp, dstname, dstlen);
data/icu-68.1/source/tools/tzcode/localtime.c:1215:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lcl_is_set = strlen(name) < sizeof lcl_TZname;
data/icu-68.1/source/tools/tzcode/scheck.c:23:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fbuf = malloc(2 * strlen(format) + 4);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:245:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    file.read((char*)buf, 4);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:263:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    file.read((char*)buf, 8);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:279:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    file.read(&c, 1);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:302:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    file.read(buf, 4);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:307:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    file.read(buf, 1);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:315:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    file.read(buf, 15);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:353:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        file.read((char*) &c, 1);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:409:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        file.read((char*) &c, 1);
data/icu-68.1/source/tools/tzcode/tz2icu.cpp:455:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        file.read(str, charcnt);
data/icu-68.1/source/tools/tzcode/zdump.c:519:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(argv[i]) > longest)
data/icu-68.1/source/tools/tzcode/zdump.c:520:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			longest = strlen(argv[i]);
data/icu-68.1/source/tools/tzcode/zdump.c:562:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(path, "/");
data/icu-68.1/source/tools/tzcode/zdump.c:563:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				zstart = strlen(path);
data/icu-68.1/source/tools/tzcode/zdump.c:598:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			(void) strncpy(buf, abbr(&tm), (sizeof buf) - 1);
data/icu-68.1/source/tools/tzcode/zdump.c:620:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
							(void) strncpy(buf,
data/icu-68.1/source/tools/tzcode/zdump.c:635:14:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
						(void) strncpy(buf,
data/icu-68.1/source/tools/tzcode/zdump.c:745:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(loab, abbr(&lotm), (sizeof loab) - 1);
data/icu-68.1/source/tools/tzcode/zdump.c:940:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(loab, abbr(&lotm), (sizeof loab) - 1);
data/icu-68.1/source/tools/tzcode/zdump.c:1049:3:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		strcat(path, "/");
data/icu-68.1/source/tools/tzcode/zdump.c:1059:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if ((pzonename = malloc(strlen(relpath) + 1)) == NULL) {
data/icu-68.1/source/tools/tzcode/zdump.c:1085:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
				strcat(subpath, "/");
data/icu-68.1/source/tools/tzcode/zic.c:617:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	(void) umask(umask(S_IWGRP | S_IWOTH) | (S_IWGRP | S_IWOTH));
data/icu-68.1/source/tools/tzcode/zic.c:617:15:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	(void) umask(umask(S_IWGRP | S_IWOTH) | (S_IWGRP | S_IWOTH));
data/icu-68.1/source/tools/tzcode/zic.c:840:16:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			while ((c = getc(fp)) != EOF)
data/icu-68.1/source/tools/tzcode/zic.c:1137:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (max_abbrvar_len < strlen(r.r_abbrvar))
data/icu-68.1/source/tools/tzcode/zic.c:1138:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		max_abbrvar_len = strlen(r.r_abbrvar);
data/icu-68.1/source/tools/tzcode/zic.c:1227:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (max_format_len < strlen(z.z_format))
data/icu-68.1/source/tools/tzcode/zic.c:1228:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		max_format_len = strlen(z.z_format);
data/icu-68.1/source/tools/tzcode/zic.c:1415:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ep = dp + strlen(dp) - 1;
data/icu-68.1/source/tools/tzcode/zic.c:1687:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    strlen(directory) + 1 + strlen(name) + 1);
data/icu-68.1/source/tools/tzcode/zic.c:1687:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    strlen(directory) + 1 + strlen(name) + 1);
data/icu-68.1/source/tools/tzcode/zic.c:1851:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				thischarcnt += strlen(thisabbr) + 1;
data/icu-68.1/source/tools/tzcode/zic.c:1859:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(tzh.tzh_magic, TZ_ICU_MAGIC, sizeof tzh.tzh_magic);
data/icu-68.1/source/tools/tzcode/zic.c:1861:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		(void) strncpy(tzh.tzh_magic, TZ_MAGIC, sizeof tzh.tzh_magic);
data/icu-68.1/source/tools/tzcode/zic.c:1962:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
			(void) strncpy(abbr, format, slashp - format);
data/icu-68.1/source/tools/tzcode/zic.c:1971:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(abbr);
data/icu-68.1/source/tools/tzcode/zic.c:1999:10:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		(void) strcpy(result, "-");
data/icu-68.1/source/tools/tzcode/zic.c:2075:10:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
		(void) strcat(result, "/");
data/icu-68.1/source/tools/tzcode/zic.c:2197:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	(void) strcat(result, ",");
data/icu-68.1/source/tools/tzcode/zic.c:2205:9:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	(void) strcat(result, ",");
data/icu-68.1/source/tools/tzcode/zic.c:2694:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		charcnt = strlen(chars) + 1;
data/icu-68.1/source/tools/tzcode/zic.c:2836:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = erealloc(buf, 132 + strlen(yitcommand) + strlen(type));
data/icu-68.1/source/tools/tzcode/zic.c:2836:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buf = erealloc(buf, 132 + strlen(yitcommand) + strlen(type));
data/icu-68.1/source/tools/tzcode/zic.c:2920:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	array = emalloc(size_product(strlen(cp) + 1, sizeof *array));
data/icu-68.1/source/tools/tzcode/zic.c:3098:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = strlen(string) + 1;

ANALYSIS SUMMARY:

Hits = 3214
Lines analyzed = 905529 in approximately 25.52 seconds (35487 lines/second)
Physical Source Lines of Code (SLOC) = 590549
Hits@level = [0] 2583 [1] 593 [2] 2034 [3]  66 [4] 518 [5]   3
Hits@level+ = [0+] 5797 [1+] 3214 [2+] 2621 [3+] 587 [4+] 521 [5+]   3
Hits/KSLOC@level+ = [0+] 9.81629 [1+] 5.44239 [2+] 4.43824 [3+] 0.99399 [4+] 0.88223 [5+] 0.00508002
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.