Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/idzebra-2.2.2/isamb/tstisamb.c
Examining data/idzebra-2.2.2/isamb/benchisamb.c
Examining data/idzebra-2.2.2/isamb/isamb.c
Examining data/idzebra-2.2.2/isamb/benchindex1.c
Examining data/idzebra-2.2.2/rset/rsisamb.c
Examining data/idzebra-2.2.2/rset/rsisams.c
Examining data/idzebra-2.2.2/rset/rsbetween.c
Examining data/idzebra-2.2.2/rset/rsnull.c
Examining data/idzebra-2.2.2/rset/rstemp.c
Examining data/idzebra-2.2.2/rset/rset.c
Examining data/idzebra-2.2.2/rset/rsprox.c
Examining data/idzebra-2.2.2/rset/rsbool.c
Examining data/idzebra-2.2.2/rset/rsisamc.c
Examining data/idzebra-2.2.2/rset/rsmultiandor.c
Examining data/idzebra-2.2.2/index/zebraidx.c
Examining data/idzebra-2.2.2/index/recindex.c
Examining data/idzebra-2.2.2/index/zinfo.c
Examining data/idzebra-2.2.2/index/rank.h
Examining data/idzebra-2.2.2/index/sortidx.c
Examining data/idzebra-2.2.2/index/orddict.c
Examining data/idzebra-2.2.2/index/index.h
Examining data/idzebra-2.2.2/index/inline.h
Examining data/idzebra-2.2.2/index/extract.c
Examining data/idzebra-2.2.2/index/isam_methods.c
Examining data/idzebra-2.2.2/index/records.c
Examining data/idzebra-2.2.2/index/attribute.c
Examining data/idzebra-2.2.2/index/ranksimilarity.c
Examining data/idzebra-2.2.2/index/check_res.c
Examining data/idzebra-2.2.2/index/zsets.c
Examining data/idzebra-2.2.2/index/key_block.c
Examining data/idzebra-2.2.2/index/zebrasrv.c
Examining data/idzebra-2.2.2/index/limit.c
Examining data/idzebra-2.2.2/index/orddict.h
Examining data/idzebra-2.2.2/index/stream.c
Examining data/idzebra-2.2.2/index/reckeys.c
Examining data/idzebra-2.2.2/index/mod_grs_marc.c
Examining data/idzebra-2.2.2/index/inline.c
Examining data/idzebra-2.2.2/index/update_file.c
Examining data/idzebra-2.2.2/index/rpnsearch.c
Examining data/idzebra-2.2.2/index/kcontrol.c
Examining data/idzebra-2.2.2/index/zebraapi.c
Examining data/idzebra-2.2.2/index/mod_alvis.c
Examining data/idzebra-2.2.2/index/recctrl.c
Examining data/idzebra-2.2.2/index/kdump.c
Examining data/idzebra-2.2.2/index/mod_grs_sgml.c
Examining data/idzebra-2.2.2/index/reckeys.h
Examining data/idzebra-2.2.2/index/rank1.c
Examining data/idzebra-2.2.2/index/mod_grs_regx.c
Examining data/idzebra-2.2.2/index/kinput.c
Examining data/idzebra-2.2.2/index/untrans.c
Examining data/idzebra-2.2.2/index/update_path.c
Examining data/idzebra-2.2.2/index/marcomp.h
Examining data/idzebra-2.2.2/index/mod_grs_xml.c
Examining data/idzebra-2.2.2/index/compact.c
Examining data/idzebra-2.2.2/index/rset_isam.c
Examining data/idzebra-2.2.2/index/zaptterm.c
Examining data/idzebra-2.2.2/index/zebrash.c
Examining data/idzebra-2.2.2/index/zinfo.h
Examining data/idzebra-2.2.2/index/mod_dom.c
Examining data/idzebra-2.2.2/index/recindex.h
Examining data/idzebra-2.2.2/index/dirs.c
Examining data/idzebra-2.2.2/index/dir.c
Examining data/idzebra-2.2.2/index/mod_text.c
Examining data/idzebra-2.2.2/index/recgrs.c
Examining data/idzebra-2.2.2/index/rpnscan.c
Examining data/idzebra-2.2.2/index/retrieve.c
Examining data/idzebra-2.2.2/index/key_block.h
Examining data/idzebra-2.2.2/index/marcomp.c
Examining data/idzebra-2.2.2/index/invstat.c
Examining data/idzebra-2.2.2/index/trunc.c
Examining data/idzebra-2.2.2/index/mod_safari.c
Examining data/idzebra-2.2.2/index/rankstatic.c
Examining data/idzebra-2.2.2/isamc/isamc-p.h
Examining data/idzebra-2.2.2/isamc/merge.c
Examining data/idzebra-2.2.2/isamc/isamc.c
Examining data/idzebra-2.2.2/test/codec/tstcodec.c
Examining data/idzebra-2.2.2/test/filters/grs.xml.idzebra.c
Examining data/idzebra-2.2.2/test/filters/text.c
Examining data/idzebra-2.2.2/test/filters/grs.xml.c
Examining data/idzebra-2.2.2/test/filters/grs.marc.c
Examining data/idzebra-2.2.2/test/api/test_resources.c
Examining data/idzebra-2.2.2/test/api/test_update_record.c
Examining data/idzebra-2.2.2/test/api/test_special_elements.c
Examining data/idzebra-2.2.2/test/api/test_sort_set.c
Examining data/idzebra-2.2.2/test/api/test_safari.c
Examining data/idzebra-2.2.2/test/api/test_trunc.c
Examining data/idzebra-2.2.2/test/api/test_result_sets.c
Examining data/idzebra-2.2.2/test/api/test_sort1.c
Examining data/idzebra-2.2.2/test/api/test_sort3.c
Examining data/idzebra-2.2.2/test/api/test_zebra_fork.c
Examining data/idzebra-2.2.2/test/api/test_private_attset.c
Examining data/idzebra-2.2.2/test/api/test_start_stop.c
Examining data/idzebra-2.2.2/test/api/testlib.c
Examining data/idzebra-2.2.2/test/api/testlib.h
Examining data/idzebra-2.2.2/test/api/test_create_databases.c
Examining data/idzebra-2.2.2/test/api/test_sort2.c
Examining data/idzebra-2.2.2/test/api/test_insert_fetch.c
Examining data/idzebra-2.2.2/test/api/testclient.c
Examining data/idzebra-2.2.2/test/api/test_scan.c
Examining data/idzebra-2.2.2/test/api/test_search.c
Examining data/idzebra-2.2.2/test/api/test_rank.c
Examining data/idzebra-2.2.2/test/api/test_icu_indexing.c
Examining data/idzebra-2.2.2/test/api/test_sortidx.c
Examining data/idzebra-2.2.2/test/rusmarc/t1.c
Examining data/idzebra-2.2.2/test/espec/t1.c
Examining data/idzebra-2.2.2/test/xpath/xpath3.c
Examining data/idzebra-2.2.2/test/xpath/xpath1.c
Examining data/idzebra-2.2.2/test/xpath/xpath5.c
Examining data/idzebra-2.2.2/test/xpath/xpath6.c
Examining data/idzebra-2.2.2/test/xpath/xpath2.c
Examining data/idzebra-2.2.2/test/xpath/xpath4.c
Examining data/idzebra-2.2.2/test/charmap/charmap1.c
Examining data/idzebra-2.2.2/test/mbox/mbox1.c
Examining data/idzebra-2.2.2/test/xslt/dom1.c
Examining data/idzebra-2.2.2/test/xslt/xslt3.c
Examining data/idzebra-2.2.2/test/xslt/xslt2.c
Examining data/idzebra-2.2.2/test/xslt/xslt1.c
Examining data/idzebra-2.2.2/test/xslt/xslt4.c
Examining data/idzebra-2.2.2/test/xslt/xslt5.c
Examining data/idzebra-2.2.2/test/marcxml/t1.c
Examining data/idzebra-2.2.2/test/marcxml/t2.c
Examining data/idzebra-2.2.2/util/tstcharmap.c
Examining data/idzebra-2.2.2/util/tstflock.c
Examining data/idzebra-2.2.2/util/it_key.c
Examining data/idzebra-2.2.2/util/tstlockscope.c
Examining data/idzebra-2.2.2/util/passwddb.c
Examining data/idzebra-2.2.2/util/zebramap.c
Examining data/idzebra-2.2.2/util/version.c
Examining data/idzebra-2.2.2/util/test_strmap.c
Examining data/idzebra-2.2.2/util/tstres.c
Examining data/idzebra-2.2.2/util/dirent.c
Examining data/idzebra-2.2.2/util/strmap.c
Examining data/idzebra-2.2.2/util/exit.c
Examining data/idzebra-2.2.2/util/res.c
Examining data/idzebra-2.2.2/util/flock.c
Examining data/idzebra-2.2.2/util/zint.c
Examining data/idzebra-2.2.2/util/zebra-lock.c
Examining data/idzebra-2.2.2/util/snippet.c
Examining data/idzebra-2.2.2/util/charmap.c
Examining data/idzebra-2.2.2/util/su_codec.c
Examining data/idzebra-2.2.2/util/attrfind.c
Examining data/idzebra-2.2.2/util/atoi_zn.c
Examining data/idzebra-2.2.2/util/xpath.c
Examining data/idzebra-2.2.2/util/tstpass.c
Examining data/idzebra-2.2.2/data1/d1_sutrs.c
Examining data/idzebra-2.2.2/data1/d1_doespec.c
Examining data/idzebra-2.2.2/data1/d1_attset.c
Examining data/idzebra-2.2.2/data1/d1_marc.c
Examining data/idzebra-2.2.2/data1/d1_soif.c
Examining data/idzebra-2.2.2/data1/d1_write.c
Examining data/idzebra-2.2.2/data1/d1_if.c
Examining data/idzebra-2.2.2/data1/d1_grs.c
Examining data/idzebra-2.2.2/data1/d1_varset.c
Examining data/idzebra-2.2.2/data1/d1_prtree.c
Examining data/idzebra-2.2.2/data1/d1_tagset.c
Examining data/idzebra-2.2.2/data1/d1_expout.c
Examining data/idzebra-2.2.2/data1/d1_utils.c
Examining data/idzebra-2.2.2/data1/d1_espec.c
Examining data/idzebra-2.2.2/data1/d1_absyn.c
Examining data/idzebra-2.2.2/data1/d1_read.c
Examining data/idzebra-2.2.2/data1/d1_handle.c
Examining data/idzebra-2.2.2/data1/d1_sumout.c
Examining data/idzebra-2.2.2/data1/d1_map.c
Examining data/idzebra-2.2.2/isams/isams.c
Examining data/idzebra-2.2.2/include/zebra_xpath.h
Examining data/idzebra-2.2.2/include/dfa.h
Examining data/idzebra-2.2.2/include/dfaset.h
Examining data/idzebra-2.2.2/include/zebramap.h
Examining data/idzebra-2.2.2/include/zebra-lock.h
Examining data/idzebra-2.2.2/include/attrfind.h
Examining data/idzebra-2.2.2/include/sortidx.h
Examining data/idzebra-2.2.2/include/rset.h
Examining data/idzebra-2.2.2/include/charmap.h
Examining data/idzebra-2.2.2/include/it_key.h
Examining data/idzebra-2.2.2/include/idzebra/data1.h
Examining data/idzebra-2.2.2/include/idzebra/dict.h
Examining data/idzebra-2.2.2/include/idzebra/isam-codec.h
Examining data/idzebra-2.2.2/include/idzebra/recgrs.h
Examining data/idzebra-2.2.2/include/idzebra/util.h
Examining data/idzebra-2.2.2/include/idzebra/version.h
Examining data/idzebra-2.2.2/include/idzebra/isamb.h
Examining data/idzebra-2.2.2/include/idzebra/api.h
Examining data/idzebra-2.2.2/include/idzebra/res.h
Examining data/idzebra-2.2.2/include/idzebra/snippet.h
Examining data/idzebra-2.2.2/include/idzebra/recctrl.h
Examining data/idzebra-2.2.2/include/idzebra/isams.h
Examining data/idzebra-2.2.2/include/idzebra/bfile.h
Examining data/idzebra-2.2.2/include/idzebra/isamc.h
Examining data/idzebra-2.2.2/include/idzebra/flock.h
Examining data/idzebra-2.2.2/include/direntz.h
Examining data/idzebra-2.2.2/include/bset.h
Examining data/idzebra-2.2.2/include/su_codec.h
Examining data/idzebra-2.2.2/include/zebra_strmap.h
Examining data/idzebra-2.2.2/include/passwddb.h
Examining data/idzebra-2.2.2/include/d1_absyn.h
Examining data/idzebra-2.2.2/bfile/bfile.c
Examining data/idzebra-2.2.2/bfile/mfile.c
Examining data/idzebra-2.2.2/bfile/tstmfile1.c
Examining data/idzebra-2.2.2/bfile/cfile.c
Examining data/idzebra-2.2.2/bfile/cfile.h
Examining data/idzebra-2.2.2/bfile/mfile.h
Examining data/idzebra-2.2.2/bfile/commit.c
Examining data/idzebra-2.2.2/bfile/tstbfile2.c
Examining data/idzebra-2.2.2/dfa/imalloc.h
Examining data/idzebra-2.2.2/dfa/lexer.h
Examining data/idzebra-2.2.2/dfa/test_dfa.c
Examining data/idzebra-2.2.2/dfa/bset.c
Examining data/idzebra-2.2.2/dfa/states.c
Examining data/idzebra-2.2.2/dfa/agrep.c
Examining data/idzebra-2.2.2/dfa/imalloc.c
Examining data/idzebra-2.2.2/dfa/set.c
Examining data/idzebra-2.2.2/dfa/grepper.c
Examining data/idzebra-2.2.2/dfa/readfile.c
Examining data/idzebra-2.2.2/dfa/lexer.c
Examining data/idzebra-2.2.2/dfa/dfap.h
Examining data/idzebra-2.2.2/dfa/dfa.c
Examining data/idzebra-2.2.2/dict/dictext.c
Examining data/idzebra-2.2.2/dict/dcompact.c
Examining data/idzebra-2.2.2/dict/scan.c
Examining data/idzebra-2.2.2/dict/insert.c
Examining data/idzebra-2.2.2/dict/dclose.c
Examining data/idzebra-2.2.2/dict/drdwr.c
Examining data/idzebra-2.2.2/dict/lookupec.c
Examining data/idzebra-2.2.2/dict/dicttest.c
Examining data/idzebra-2.2.2/dict/close.c
Examining data/idzebra-2.2.2/dict/scantest.c
Examining data/idzebra-2.2.2/dict/delete.c
Examining data/idzebra-2.2.2/dict/lookup.c
Examining data/idzebra-2.2.2/dict/dopen.c
Examining data/idzebra-2.2.2/dict/open.c
Examining data/idzebra-2.2.2/dict/dict-p.h
Examining data/idzebra-2.2.2/dict/lookgrep.c
FINAL RESULTS:
data/idzebra-2.2.2/bfile/bfile.c:106:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bfs->cache_fname, bfs->commit_area->dirs->name);
data/idzebra-2.2.2/bfile/bfile.c:293:12: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf(inf, "%s %d", path, &block_size) == 2)
data/idzebra-2.2.2/bfile/cfile.c:115:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s-b", fname);
data/idzebra-2.2.2/bfile/cfile.c:121:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s-i", fname);
data/idzebra-2.2.2/bfile/mfile.c:66:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, base);
data/idzebra-2.2.2/bfile/mfile.c:123:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dir->name, dirname);
data/idzebra-2.2.2/bfile/mfile.c:209:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ma->name, name);
data/idzebra-2.2.2/bfile/mfile.c:265:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(meta_f->name, metaname);
data/idzebra-2.2.2/bfile/mfile.c:376:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mnew->name, name);
data/idzebra-2.2.2/bfile/tstbfile2.c:97:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, ZINT_FORMAT, bno[0]);
data/idzebra-2.2.2/bfile/tstbfile2.c:140:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf, ZINT_FORMAT, bno);
data/idzebra-2.2.2/data1/d1_absyn.c:478:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(res_p, "%s/", stack[e]);
data/idzebra-2.2.2/data1/d1_absyn.c:550:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attname, element_name);
data/idzebra-2.2.2/data1/d1_absyn.c:552:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attname, ZEBRA_XPATH_CDATA);
data/idzebra-2.2.2/data1/d1_absyn.c:602:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "/*/%s[@tag=\"%s\"]", fieldtype, field);
data/idzebra-2.2.2/data1/d1_absyn.c:604:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), "/subfield[@code=\"%s\"]", subfield);
data/idzebra-2.2.2/data1/d1_if.c:158:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(StringTagVal,Buffer);
data/idzebra-2.2.2/data1/d1_if.c:185:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(StringTagVal,Buffer);
data/idzebra-2.2.2/data1/d1_map.c:90:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->target_absyn_name, argv[1]);
data/idzebra-2.2.2/data1/d1_map.c:102:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(res->name, argv[1]);
data/idzebra-2.2.2/data1/d1_map.c:127:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*mapp)->source_element_name, argv[1]);
data/idzebra-2.2.2/data1/d1_map.c:164:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((*mtp)->value.string, valstr);
data/idzebra-2.2.2/data1/d1_map.c:219:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, t->value.string);
data/idzebra-2.2.2/data1/d1_read.c:468:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf (node_data->u.data.data, ZINT_FORMAT, num);
data/idzebra-2.2.2/data1/d1_soif.c:52:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s-%s", prefix, tag);
data/idzebra-2.2.2/data1/d1_soif.c:54:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, tag);
data/idzebra-2.2.2/data1/d1_soif.c:84:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "@%s{\n", n->u.root.type);
data/idzebra-2.2.2/data1/d1_sutrs.c:60:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%*s%s:", indent * NTOBUF_INDENT, "", tag);
data/idzebra-2.2.2/data1/d1_sutrs.c:78:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%*s", indent * NTOBUF_INDENT, "");
data/idzebra-2.2.2/data1/d1_sutrs.c:97:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "\n%*s", indent * NTOBUF_INDENT, "");
data/idzebra-2.2.2/data1/d1_sutrs.c:113:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%*s", indent * NTOBUF_INDENT, "");
data/idzebra-2.2.2/dfa/agrep.c:56:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf (stderr, format, argptr);
data/idzebra-2.2.2/dfa/lexer.c:44:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void) vfprintf (stderr, format, argptr);
data/idzebra-2.2.2/dict/open.c:38:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dict->head.magic_str, DICT_MAGIC);
data/idzebra-2.2.2/dict/scantest.c:56:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hi->ar[idx], name);
data/idzebra-2.2.2/dict/scantest.c:71:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scan_term, sterm);
data/idzebra-2.2.2/dict/scantest.c:272:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scan_term, arg);
data/idzebra-2.2.2/index/dir.c:62:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rep, base);
data/idzebra-2.2.2/index/dir.c:67:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_rep, rep);
data/idzebra-2.2.2/index/dir.c:76:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, rep);
data/idzebra-2.2.2/index/dir.c:96:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path + pathpos, dent->d_name);
data/idzebra-2.2.2/index/dir.c:100:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rep, base);
data/idzebra-2.2.2/index/dir.c:102:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_rep, path);
data/idzebra-2.2.2/index/dir.c:113:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry[idx].name, dent->d_name);
data/idzebra-2.2.2/index/dir.c:120:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry[idx].name, dent->d_name);
data/idzebra-2.2.2/index/dirs.c:65:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->path, name + ci->prelen);
data/idzebra-2.2.2/index/dirs.c:74:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->path, name + ci->prelen);
data/idzebra-2.2.2/index/dirs.c:91:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->prefix, rep);
data/idzebra-2.2.2/index/dirs.c:93:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->nextpath, rep);
data/idzebra-2.2.2/index/dirs.c:123:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(entry->path, path);
data/idzebra-2.2.2/index/dirs.c:173:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s", p->prefix, src);
data/idzebra-2.2.2/index/dirs.c:183:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s", p->prefix, src);
data/idzebra-2.2.2/index/dirs.c:194:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s", p->prefix, src);
data/idzebra-2.2.2/index/dirs.c:206:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%s", p->prefix, src);
data/idzebra-2.2.2/index/extract.c:448:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(attname_str, attset_str);
data/idzebra-2.2.2/index/extract.c:489:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, ws[i]);
data/idzebra-2.2.2/index/extract.c:528:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, spec_src);
data/idzebra-2.2.2/index/extract.c:546:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, tmpString);
data/idzebra-2.2.2/index/extract.c:638:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(gprefix, "%s.", zh->m_group);
data/idzebra-2.2.2/index/extract.c:649:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext, fname+i+1);
data/idzebra-2.2.2/index/extract.c:656:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_res, "%srecordType.%s", gprefix, ext);
data/idzebra-2.2.2/index/extract.c:671:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ext_res, "%srecordId.%s", gprefix, ext);
data/idzebra-2.2.2/index/extract.c:700:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rep, zh->path_reg);
data/idzebra-2.2.2/index/extract.c:702:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_rep, fname);
data/idzebra-2.2.2/index/extract.c:705:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rep, fname);
data/idzebra-2.2.2/index/extract.c:1350:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(keystr + strlen(keystr), ZINT_FORMAT " ", key->mem[i]);
data/idzebra-2.2.2/index/invstat.c:240:6: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stdout, " %8" ZINT_FORMAT0 " %8" ZINT_FORMAT0,
data/idzebra-2.2.2/index/key_block.c:333:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out_fname, "%s/key%d.tmp", p->key_tmp_dir, p->key_file_no);
data/idzebra-2.2.2/index/kinput.c:74:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/key%d.tmp", pre, no);
data/idzebra-2.2.2/index/kinput.c:82:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/key%d.tmp", pre, no);
data/idzebra-2.2.2/index/kinput.c:185:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key, f->prev_name);
data/idzebra-2.2.2/index/kinput.c:200:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f->prev_name, key);
data/idzebra-2.2.2/index/kinput.c:356:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, hi->info.buf[n]);
data/idzebra-2.2.2/index/kinput.c:526:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->prev_name, p->cur_name);
data/idzebra-2.2.2/index/kinput.c:557:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this_name, hci->cur_name);
data/idzebra-2.2.2/index/kinput.c:606:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this_name, hci->cur_name);
data/idzebra-2.2.2/index/kinput.c:660:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this_name, hci->cur_name);
data/idzebra-2.2.2/index/kinput.c:733:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(fname, R_OK) == -1)
data/idzebra-2.2.2/index/mod_alvis.c:79:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(quoted, "'%s'", value);
data/idzebra-2.2.2/index/mod_dom.c:141:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 4, 5)))
data/idzebra-2.2.2/index/mod_dom.c:170:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(quoted, "'%s'", value);
data/idzebra-2.2.2/index/mod_grs_marc.c:844:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->type, args);
data/idzebra-2.2.2/index/mod_grs_regx.c:308:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (p->name, name);
data/idzebra-2.2.2/index/mod_grs_regx.c:582:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.tflt", spec->name);
data/idzebra-2.2.2/index/mod_grs_regx.c:588:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s.flt", spec->name);
data/idzebra-2.2.2/index/mod_grs_regx.c:730:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nv, (*ap)->value);
data/idzebra-2.2.2/index/mod_grs_regx.c:1891:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(specs->type, args);
data/idzebra-2.2.2/index/mod_safari.c:154:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(cp, ZINT_FORMAT " " ZINT_FORMAT " " ZINT_FORMAT
data/idzebra-2.2.2/index/mod_safari.c:168:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(cp, ZINT_FORMAT " " ZINT_FORMAT " " ZINT_FORMAT " %39s %n",
data/idzebra-2.2.2/index/mod_safari.c:245:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (filter_buf + filter_ptr, "Filename: %s\n", p->fname);
data/idzebra-2.2.2/index/mod_text.c:200:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filter_buf + filter_ptr, "Filename: %s\n", p->fname);
data/idzebra-2.2.2/index/recgrs.c:405:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pexpr, "/%s\n", tagpath);
data/idzebra-2.2.2/index/recgrs.c:646:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attr_tag_path_full, "@%s/%s",
data/idzebra-2.2.2/index/recgrs.c:667:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(comb, xp->name);
data/idzebra-2.2.2/index/recgrs.c:669:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(comb, xp->value);
data/idzebra-2.2.2/index/recgrs.c:689:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(attr_tag_path_full, "@%s/%s",
data/idzebra-2.2.2/index/recgrs.c:1140:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dnew->u.data.data, ZINT_FORMAT, p->localno);
data/idzebra-2.2.2/index/records.c:378:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->data_fname[i], str);
data/idzebra-2.2.2/index/records.c:1090:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, s);
data/idzebra-2.2.2/index/retrieve.c:73:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rep, zh->path_reg);
data/idzebra-2.2.2/index/retrieve.c:75:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(full_rep, (*rec)->info[recInfo_filename]);
data/idzebra-2.2.2/index/retrieve.c:78:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(full_rep, (*rec)->info[recInfo_filename]);
data/idzebra-2.2.2/index/retrieve.c:600:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ord_buf + ord_len, term);
data/idzebra-2.2.2/index/retrieve.c:1296:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*basenamep, basename);
data/idzebra-2.2.2/index/rpnscan.c:316:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ar[i].prefix, termz);
data/idzebra-2.2.2/index/rpnscan.c:347:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(termz, ar[i].prefix);
data/idzebra-2.2.2/index/rpnscan.c:348:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(termz, wrbuf_cstr(ar[i].term));
data/idzebra-2.2.2/index/rpnscan.c:390:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ar[i].prefix, termz);
data/idzebra-2.2.2/index/rpnscan.c:417:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(termz, ar[i].prefix);
data/idzebra-2.2.2/index/rpnscan.c:418:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(termz, wrbuf_cstr(ar[i].term));
data/idzebra-2.2.2/index/rpnsearch.c:681:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst + dst_p, numstr);
data/idzebra-2.2.2/index/rpnsearch.c:1488:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(term_dict + ord_len, term);
data/idzebra-2.2.2/index/rpnsearch.c:1550:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(term_dict+ord_len, FIRST_IN_FIELD_STR);
data/idzebra-2.2.2/index/sortidx.c:89:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*dst, a1.term); /* then sort term, 0 terminated */
data/idzebra-2.2.2/index/sortidx.c:115:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a1.term, *src);
data/idzebra-2.2.2/index/update_file.c:77:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s%s", base, dst->path);
data/idzebra-2.2.2/index/update_file.c:79:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmppath, dst->path);
data/idzebra-2.2.2/index/update_file.c:84:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmppath, dst->path);
data/idzebra-2.2.2/index/update_file.c:104:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s%s", base, src);
data/idzebra-2.2.2/index/update_file.c:128:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, dst->path);
data/idzebra-2.2.2/index/update_file.c:166:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src + src_len, e_src[i_src].name);
data/idzebra-2.2.2/index/update_file.c:167:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s%s", base, src);
data/idzebra-2.2.2/index/update_file.c:196:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src + src_len, e_src[i_src].name);
data/idzebra-2.2.2/index/update_file.c:197:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s%s", base, src);
data/idzebra-2.2.2/index/update_file.c:215:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, dst->path);
data/idzebra-2.2.2/index/update_file.c:216:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmppath, "%s%s", base, dst->path);
data/idzebra-2.2.2/index/update_file.c:246:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, zh->path_reg);
data/idzebra-2.2.2/index/update_file.c:251:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(src, path);
data/idzebra-2.2.2/index/update_file.c:254:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, path);
data/idzebra-2.2.2/index/update_file.c:305:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fmatch_fname, FMATCH_DICT, ord);
data/idzebra-2.2.2/index/update_file.c:343:16: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (scanf("%s", src) == 1)
data/idzebra-2.2.2/index/update_path.c:59:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rep +rep_len+1, e[i].name);
data/idzebra-2.2.2/index/update_path.c:122:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, zh->path_reg);
data/idzebra-2.2.2/index/update_path.c:127:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(src, path);
data/idzebra-2.2.2/index/update_path.c:130:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(src, path);
data/idzebra-2.2.2/index/zebraapi.c:788:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zh->path_reg, zh->service->path_root);
data/idzebra-2.2.2/index/zebraapi.c:792:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(zh->path_reg, zh->reg_name);
data/idzebra-2.2.2/index/zebraapi.c:812:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "norm.%s.LCK", zh->reg_name);
data/idzebra-2.2.2/index/zebraapi.c:816:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "shadow.%s.LCK", zh->reg_name);
data/idzebra-2.2.2/index/zebraapi.c:1629:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(state_fname, "state.%s.LCK", zh->reg_name);
data/idzebra-2.2.2/index/zebraapi.c:1652:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(state_fname, "state.%s.LCK", zh->reg_name);
data/idzebra-2.2.2/index/zebraapi.c:2766:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(vstr, ZINT_FORMAT, i);
data/idzebra-2.2.2/index/zebraapi.c:2777:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, lock_dir);
data/idzebra-2.2.2/index/zebrash.c:795:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (PROMPT);
data/idzebra-2.2.2/index/zebrash.c:803:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,line_in);
data/idzebra-2.2.2/isamb/isamb.c:258:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%c", name, i+'A');
data/idzebra-2.2.2/isamb/isamb.c:1442:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(prefix_str, "%*s " ZINT_FORMAT " cat=%d size=%d max=%d items="
data/idzebra-2.2.2/isamb/isamb.c:1447:2: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(prefix_str, "%*s " ZINT_FORMAT, level*2, "", pos);
data/idzebra-2.2.2/isamc/isamc.c:152:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "%s%c", name, i+'A');
data/idzebra-2.2.2/rset/rstemp.c:175:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(template, "%s/", info->temp_path);
data/idzebra-2.2.2/test/xslt/xslt1.c:40:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(profile_path, "%s:%s/../../tab",
data/idzebra-2.2.2/test/xslt/xslt1.c:47:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/marc-col.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/xslt/xslt2.c:46:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(profile_path, "%s:%s/../../tab",
data/idzebra-2.2.2/test/xslt/xslt3.c:46:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(profile_path, "%s:%s/../../tab",
data/idzebra-2.2.2/test/xslt/xslt4.c:40:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(profile_path, "%s:%s/../../tab",
data/idzebra-2.2.2/test/xslt/xslt5.c:47:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(profile_path, "%s:%s/../../tab",
data/idzebra-2.2.2/util/charmap.c:702:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result_str + slen, w.eq[i]);
data/idzebra-2.2.2/util/dirent.c:50:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (fullName, name);
data/idzebra-2.2.2/util/dirent.c:60:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dd->entry.d_name, dd->find_data.cFileName);
data/idzebra-2.2.2/util/flock.c:95:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s\\%s", dir, name);
data/idzebra-2.2.2/util/flock.c:97:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s", dir, name);
data/idzebra-2.2.2/util/flock.c:100:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s", name);
data/idzebra-2.2.2/util/flock.c:107:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/%s", dir, name);
data/idzebra-2.2.2/util/flock.c:109:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s%s", dir, name);
data/idzebra-2.2.2/util/flock.c:112:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s", name);
data/idzebra-2.2.2/util/it_key.c:54:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(formstr + strlen(formstr), ZINT_FORMAT, key.mem[i]);
data/idzebra-2.2.2/util/passwddb.c:153:12: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
des_try = crypt (pass, pe->des);
data/idzebra-2.2.2/util/res.c:125:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst+j, env_val);
data/idzebra-2.2.2/util/res.c:282:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rname, prefix);
data/idzebra-2.2.2/util/res.c:284:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rname, name);
data/idzebra-2.2.2/util/version.c:36:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(version_str, ZEBRAVER);
data/idzebra-2.2.2/util/version.c:38:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sha1_str, ZEBRA_VERSION_SHA1);
data/idzebra-2.2.2/bfile/mfile.c:206:36: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
char metaname[FILENAME_MAX+1], tmpnam[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.c:272:19: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
yaz_snprintf(tmpnam, FILENAME_MAX,
data/idzebra-2.2.2/bfile/mfile.c:274:29: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
part_f->path = xstrdup(tmpnam);
data/idzebra-2.2.2/rset/rstemp.c:190:27: [3] (tmpfile) tempnam:
Temporary file race condition (CWE-377).
char *s = (char*) tempnam(info->temp_path, "zrs");
data/idzebra-2.2.2/test/api/test_trunc.c:33:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(17);
data/idzebra-2.2.2/test/api/testlib.c:69:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *srcdir = getenv("srcdir");
data/idzebra-2.2.2/test/codec/tstcodec.c:164:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(12);
data/idzebra-2.2.2/util/res.c:96:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env_val = getenv(envname);
data/idzebra-2.2.2/util/res.c:122:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env_val = getenv(envname);
data/idzebra-2.2.2/util/test_strmap.c:82:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(12);
data/idzebra-2.2.2/util/test_strmap.c:99:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(12);
data/idzebra-2.2.2/util/tstcharmap.c:31:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *srcdir = getenv("srcdir");
data/idzebra-2.2.2/util/tstpass.c:31:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *srcdir = getenv("srcdir");
data/idzebra-2.2.2/util/tstres.c:32:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *srcdir = getenv("srcdir");
data/idzebra-2.2.2/util/zebra-lock.c:38:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection (&p->mutex);
data/idzebra-2.2.2/util/zebra-lock.c:69:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&p->mutex);
data/idzebra-2.2.2/bfile/bfile.c:86:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(bfs->cache_fname, flags);
data/idzebra-2.2.2/bfile/bfile.c:107:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(bfs->cache_fname, "/cache");
data/idzebra-2.2.2/bfile/bfile.c:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/bfile/cfile.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/idzebra-2.2.2/bfile/cfile.c:605:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cf->iobuf + offset, buf, nbytes);
data/idzebra-2.2.2/bfile/mfile.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.c:159:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((mf->files[c].fd = open(mf->files[c].path,
data/idzebra-2.2.2/bfile/mfile.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char metaname[FILENAME_MAX+1], tmpnam[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.c:237:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number = atoi(cp+1);
data/idzebra-2.2.2/bfile/mfile.c:238:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(metaname, dent->d_name, cp - dent->d_name);
data/idzebra-2.2.2/bfile/mfile.c:276:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(part_f->path, O_BINARY|O_RDONLY)) < 0)
data/idzebra-2.2.2/bfile/mfile.c:340:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(!m->open);
data/idzebra-2.2.2/bfile/mfile.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.c:366:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (mnew->open)
data/idzebra-2.2.2/bfile/mfile.c:410:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(!mnew->open);
data/idzebra-2.2.2/bfile/mfile.c:436:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(mf->open);
data/idzebra-2.2.2/bfile/mfile.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/mfile.h:83:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open; /* is this file open? */
data/idzebra-2.2.2/bfile/mfile.h:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FILENAME_MAX+1];
data/idzebra-2.2.2/bfile/tstbfile2.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/idzebra-2.2.2/bfile/tstbfile2.c:121:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
YAZ_CHECK_EQ(atoi(buf), bno[0]);
data/idzebra-2.2.2/bfile/tstbfile2.c:161:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
YAZ_CHECK_EQ(atoi(buf), bno);
data/idzebra-2.2.2/bfile/tstmfile1.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BLOCK_SIZE];
data/idzebra-2.2.2/data1/d1_absyn.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/idzebra-2.2.2/data1/d1_absyn.c:222:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "%.500s.abs", name);
data/idzebra-2.2.2/data1/d1_absyn.c:427:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stack[32];
data/idzebra-2.2.2/data1/d1_absyn.c:475:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(res_p, "[^@]*/"); /* path .. (index all cdata below it) */
data/idzebra-2.2.2/data1/d1_absyn.c:483:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(res_p, ".*");
data/idzebra-2.2.2/data1/d1_absyn.c:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attname[512], structure[512];
data/idzebra-2.2.2/data1/d1_absyn.c:606:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "/subfield");
data/idzebra-2.2.2/data1/d1_absyn.c:697:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50], line[512];
data/idzebra-2.2.2/data1/d1_absyn.c:863:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char melm_xpath[128];
data/idzebra-2.2.2/data1/d1_absyn.c:1072:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[2]);
data/idzebra-2.2.2/data1/d1_attset.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50], line[512];
data/idzebra-2.2.2/data1/d1_doespec.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char predicate[64];
data/idzebra-2.2.2/data1/d1_doespec.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elem[64];
data/idzebra-2.2.2/data1/d1_doespec.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr[64];
data/idzebra-2.2.2/data1/d1_doespec.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[64];
data/idzebra-2.2.2/data1/d1_espec.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/idzebra-2.2.2/data1/d1_espec.c:74:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
t->value.integer = nmem_intdup(nmem, atoi(value));
data/idzebra-2.2.2/data1/d1_espec.c:121:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ov->start = nmem_intdup(nmem, atoi(occ));
data/idzebra-2.2.2/data1/d1_espec.c:123:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ov->howMany = nmem_intdup(nmem, atoi(p + 1));
data/idzebra-2.2.2/data1/d1_espec.c:137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512], occ[512];
data/idzebra-2.2.2/data1/d1_espec.c:174:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numval = atoi(valp);
data/idzebra-2.2.2/data1/d1_espec.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50], line[512];
data/idzebra-2.2.2/data1/d1_espec.c:277:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->defaultTagType = nmem_intdup(nmem, atoi(argv[1]));
data/idzebra-2.2.2/data1/d1_espec.c:307:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->elements, oe, size_esn/2);
data/idzebra-2.2.2/data1/d1_expout.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intbuf[64];
data/idzebra-2.2.2/data1/d1_expout.c:81:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(intbuf, "%.*s", c->u.data.len, c->u.data.data);
data/idzebra-2.2.2/data1/d1_expout.c:82:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return odr_intdup(eh->o, atoi(intbuf));
data/idzebra-2.2.2/data1/d1_expout.c:93:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, c->u.data.data, c->u.data.len);
data/idzebra-2.2.2/data1/d1_expout.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intbuf[64];
data/idzebra-2.2.2/data1/d1_expout.c:107:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(intbuf, "%.*s", c->u.data.len, c->u.data.data);
data/idzebra-2.2.2/data1/d1_expout.c:108:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*tf = atoi(intbuf);
data/idzebra-2.2.2/data1/d1_expout.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oidstr[64];
data/idzebra-2.2.2/data1/d1_expout.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u->text, c->u.data.data, c->u.data.len);
data/idzebra-2.2.2/data1/d1_expout.c:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intbuf[64];
data/idzebra-2.2.2/data1/d1_expout.c:408:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(intbuf, "%.*s", c->child->u.data.len, c->child->u.data.data);
data/idzebra-2.2.2/data1/d1_expout.c:409:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return odr_intdup(eh->o, atoi(intbuf));
data/idzebra-2.2.2/data1/d1_grs.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64], *cp;
data/idzebra-2.2.2/data1/d1_grs.c:204:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->u.string, cp, toget);
data/idzebra-2.2.2/data1/d1_grs.c:212:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, cp, toget);
data/idzebra-2.2.2/data1/d1_if.c:127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buffer[MAX_TAG_SIZE];
data/idzebra-2.2.2/data1/d1_if.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char StringTagVal[MAX_TAG_SIZE];
data/idzebra-2.2.2/data1/d1_if.c:152:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iTagType = atoi(Buffer);
data/idzebra-2.2.2/data1/d1_if.c:160:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iTagValue = atoi(Buffer);
data/idzebra-2.2.2/data1/d1_if.c:166:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iOccurences = atoi(Buffer);
data/idzebra-2.2.2/data1/d1_if.c:191:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iOccurences = atoi(Buffer);
data/idzebra-2.2.2/data1/d1_map.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50], line[512];
data/idzebra-2.2.2/data1/d1_map.c:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)nmem_malloc(mem, strlen(argv[1])+1);
data/idzebra-2.2.2/data1/d1_map.c:101:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
res->name = (char *)nmem_malloc(mem, strlen(argv[1])+1);
data/idzebra-2.2.2/data1/d1_map.c:126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)nmem_malloc(mem, strlen(argv[1])+1);
data/idzebra-2.2.2/data1/d1_map.c:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valstr[512], parm[512];
data/idzebra-2.2.2/data1/d1_map.c:157:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(*mtp)->value.numeric = atoi(valstr);
data/idzebra-2.2.2/data1/d1_map.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/idzebra-2.2.2/data1/d1_map.c:217:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", t->value.numeric);
data/idzebra-2.2.2/data1/d1_map.c:236:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*m, n, sizeof(**m));
data/idzebra-2.2.2/data1/d1_marc.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], *argv[50];
data/idzebra-2.2.2/data1/d1_marc.c:58:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(res->implementation_codes, " ");
data/idzebra-2.2.2/data1/d1_marc.c:63:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(res->user_systems, "z ");
data/idzebra-2.2.2/data1/d1_marc.c:102:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->length_data_entry = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_marc.c:112:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->length_starting = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_marc.c:122:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->length_implementation = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_marc.c:142:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->force_indicator_length = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_marc.c:152:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->force_identifier_length = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_marc.c:167:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res->implementation_codes, argv[1], strlen(argv[1]));
data/idzebra-2.2.2/data1/d1_marc.c:191:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + *len, n->u.data.data, copy_len);
data/idzebra-2.2.2/data1/d1_marc.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/idzebra-2.2.2/data1/d1_marc.c:212:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "%08d", val);
data/idzebra-2.2.2/data1/d1_marc.c:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, buf+8-len, len);
data/idzebra-2.2.2/data1/d1_marc.c:230:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leader[24];
data/idzebra-2.2.2/data1/d1_marc.c:244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (leader+5, p->record_status, 1);
data/idzebra-2.2.2/data1/d1_marc.c:245:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (leader+6, p->implementation_codes, 4);
data/idzebra-2.2.2/data1/d1_marc.c:248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (leader+17, p->user_systems, 3);
data/idzebra-2.2.2/data1/d1_marc.c:252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (leader+23, p->future_use, 1);
data/idzebra-2.2.2/data1/d1_marc.c:334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op, leader, 24);
data/idzebra-2.2.2/data1/d1_marc.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indicator_data[6];
data/idzebra-2.2.2/data1/d1_marc.c:406:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op + data_p, indicator_data, p->indicator_length);
data/idzebra-2.2.2/data1/d1_marc.c:432:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op + data_p+1, identifier, p->identifier_length-1);
data/idzebra-2.2.2/data1/d1_marc.c:452:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op + entry_p, tag, 3);
data/idzebra-2.2.2/data1/d1_read.c:381:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b, str, len);
data/idzebra-2.2.2/data1/d1_read.c:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128], *p = str;
data/idzebra-2.2.2/data1/d1_read.c:496:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (p, "%d", *ii);
data/idzebra-2.2.2/data1/d1_read.c:552:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ent[20];
data/idzebra-2.2.2/data1/d1_read.c:679:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[256];
data/idzebra-2.2.2/data1/d1_read.c:939:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->u.data.data, wrbuf_buf(wrbuf), len);
data/idzebra-2.2.2/data1/d1_read.c:1130:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->u.data.data, ndata, sz);
data/idzebra-2.2.2/data1/d1_read.c:1153:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ndata+off, np->u.data.data, np->u.data.len);
data/idzebra-2.2.2/data1/d1_soif.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/idzebra-2.2.2/data1/d1_soif.c:66:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "{%d}:\t", l);
data/idzebra-2.2.2/data1/d1_soif.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/idzebra-2.2.2/data1/d1_sumout.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char intbuf[64];
data/idzebra-2.2.2/data1/d1_sumout.c:38:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(intbuf, "%.*s", 63, c->child->u.data.data);
data/idzebra-2.2.2/data1/d1_sumout.c:39:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return odr_intdup(o, atoi(intbuf));
data/idzebra-2.2.2/data1/d1_sumout.c:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, c->child->u.data.data, c->child->u.data.len);
data/idzebra-2.2.2/data1/d1_sutrs.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/idzebra-2.2.2/data1/d1_tagset.c:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50], line[512];
data/idzebra-2.2.2/data1/d1_tagset.c:156:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_tagset.c:232:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res->type = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_tagset.c:247:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
type = atoi(argv[2]);
data/idzebra-2.2.2/data1/d1_varset.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[50],line[512];
data/idzebra-2.2.2/data1/d1_varset.c:90:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->zclass = atoi(argv[1]);
data/idzebra-2.2.2/data1/d1_varset.c:116:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->type = atoi(argv[1]);
data/idzebra-2.2.2/dfa/agrep.c:120:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (inf_buf, inf_ptr, r);
data/idzebra-2.2.2/dfa/agrep.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[BUFSIZ];
data/idzebra-2.2.2/dfa/agrep.c:270:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (*argv, O_RDONLY | O_BINARY);
data/idzebra-2.2.2/dfa/bset.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, sh->wsize * sizeof(BSetWord));
data/idzebra-2.2.2/dfa/dfa.c:395:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapfrom[2];
data/idzebra-2.2.2/dfa/dfa.c:423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapfrom[2];
data/idzebra-2.2.2/dfa/dfa.c:457:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
parse_info->look_ch = ((unsigned char *) cp0)[1];
data/idzebra-2.2.2/dfa/dfa.c:467:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
parse_info->look_ch = ((unsigned char **) mapto)[i][0];
data/idzebra-2.2.2/dfa/dfa.c:508:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[6];
data/idzebra-2.2.2/dfa/dfa.c:523:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (s+1, "x%02x", c);
data/idzebra-2.2.2/dfa/dfa.c:955:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dfa->charMap, cmap, size * sizeof(*dfa->charMap));
data/idzebra-2.2.2/dfa/dfa.c:994:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cn, dfa->charMap, indx*sizeof(*dfa->charMap));
data/idzebra-2.2.2/dfa/grepper.c:248:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (Rj + mc->n * d, Rj + mc->n * (d-1), mc->n * sizeof(*Rj));
data/idzebra-2.2.2/dfa/grepper.c:330:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen (fname, "r");
data/idzebra-2.2.2/dfa/grepper.c:397:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
range = atoi (arg);
data/idzebra-2.2.2/dfa/readfile.c:54:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char expr_buf[MAXLINE+1];
data/idzebra-2.2.2/dfa/readfile.c:68:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char linebuf[MAXLINE+1];
data/idzebra-2.2.2/dfa/readfile.c:144:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(inf=fopen (s,"r")))
data/idzebra-2.2.2/dfa/readfile.c:150:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outf=fopen ("lex.yy.c", "w")))
data/idzebra-2.2.2/dfa/states.c:162:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tm->tran_block, s->trans,
data/idzebra-2.2.2/dict/close.c:41:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(head_buf, &dict->head, sizeof(dict->head));
data/idzebra-2.2.2/dict/dcompact.c:52:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_info, from_info, slen);
data/idzebra-2.2.2/dict/dcompact.c:74:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_info, &subptr, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/dcompact.c:76:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_info, &subchar, sizeof(Dict_char));
data/idzebra-2.2.2/dict/dcompact.c:81:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_info, from_info, slen);
data/idzebra-2.2.2/dict/delete.c:65:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/delete.c:169:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/delete.c:173:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/delete.c:222:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, &subptr, sizeof(subptr));
data/idzebra-2.2.2/dict/dict-p.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic_str[8];
data/idzebra-2.2.2/dict/dictext.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipf_buf[1024];
data/idzebra-2.2.2/dict/dictext.c:78:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ipf = fopen(inputfile, "r");
data/idzebra-2.2.2/dict/dicttest.c:122:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
range = atoi (arg);
data/idzebra-2.2.2/dict/dicttest.c:126:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
srange = atoi (arg);
data/idzebra-2.2.2/dict/dicttest.c:134:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cache = atoi(arg);
data/idzebra-2.2.2/dict/dicttest.c:146:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
infosize = atoi(arg);
data/idzebra-2.2.2/dict/dicttest.c:186:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipf_buf[1024];
data/idzebra-2.2.2/dict/dicttest.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char infobytes[120];
data/idzebra-2.2.2/dict/dicttest.c:191:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(ipf = fopen(inputfile, "r")))
data/idzebra-2.2.2/dict/dicttest.c:200:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (infobytes, "%d", line);
data/idzebra-2.2.2/dict/dicttest.c:308:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_dict[1024];
data/idzebra-2.2.2/dict/insert.c:173:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info2, &subptr, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/insert.c:175:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info2, out, sizeof(Dict_char));
data/idzebra-2.2.2/dict/insert.c:179:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info2, userinfo, *userinfo+1);
data/idzebra-2.2.2/dict/insert.c:190:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info2, info1, slen);
data/idzebra-2.2.2/dict/insert.c:204:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info2, info1, sizeof(Dict_ptr)+sizeof(Dict_char));
data/idzebra-2.2.2/dict/insert.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info2, info1, slen);
data/idzebra-2.2.2/dict/insert.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)p+DICT_infoffset,
data/idzebra-2.2.2/dict/insert.c:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)p + ((char*)indxp2 - (char*)np),
data/idzebra-2.2.2/dict/insert.c:221:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)p+DICT_infoffset, (char*)np+DICT_infoffset,
data/idzebra-2.2.2/dict/insert.c:273:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+1, userinfo, userlen);
data/idzebra-2.2.2/dict/insert.c:285:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+1, userinfo, userlen);
data/idzebra-2.2.2/dict/insert.c:301:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/insert.c:305:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/insert.c:317:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+sizeof(Dict_ptr)+sizeof(Dict_char)+1,
data/idzebra-2.2.2/dict/insert.c:327:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+sizeof(Dict_ptr)+sizeof(Dict_char)+1,
data/idzebra-2.2.2/dict/insert.c:354:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, &subptr, sizeof(subptr));
data/idzebra-2.2.2/dict/insert.c:355:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+sizeof(Dict_ptr), &dc, sizeof(Dict_char));
data/idzebra-2.2.2/dict/insert.c:357:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+sizeof(Dict_char)+sizeof(Dict_ptr)+1,
data/idzebra-2.2.2/dict/insert.c:374:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, &subptr, sizeof(subptr));
data/idzebra-2.2.2/dict/insert.c:424:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, str, slen);
data/idzebra-2.2.2/dict/insert.c:427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, userinfo, userlen);
data/idzebra-2.2.2/dict/lookgrep.c:278:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ch, info+j*sizeof(Dict_char), sizeof(Dict_char));
data/idzebra-2.2.2/dict/lookgrep.c:324:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ch, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/lookgrep.c:355:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/lookgrep.c:421:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Rj + mc->n * d, Rj + mc->n * (d-1), mc->n * sizeof(*Rj));
data/idzebra-2.2.2/dict/lookup.c:68:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/lookup.c:72:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/lookupec.c:68:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ch, info+j*sizeof(Dict_char), sizeof(Dict_char));
data/idzebra-2.2.2/dict/lookupec.c:99:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ch, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/lookupec.c:117:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/scan.c:85:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/scan.c:87:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/scan.c:176:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dc, info+sizeof(Dict_ptr), sizeof(Dict_char));
data/idzebra-2.2.2/dict/scan.c:180:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subptr, info, sizeof(Dict_ptr));
data/idzebra-2.2.2/dict/scantest.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_term[1024];
data/idzebra-2.2.2/dict/scantest.c:159:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[32];
data/idzebra-2.2.2/dict/scantest.c:160:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w, "%d", i);
data/idzebra-2.2.2/dict/scantest.c:167:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[32];
data/idzebra-2.2.2/dict/scantest.c:168:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w, "%d", i);
data/idzebra-2.2.2/dict/scantest.c:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[32];
data/idzebra-2.2.2/dict/scantest.c:176:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w, "%d", i);
data/idzebra-2.2.2/dict/scantest.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_term[1024];
data/idzebra-2.2.2/dict/scantest.c:253:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(scan_term, "1004");
data/idzebra-2.2.2/dict/scantest.c:261:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
before = atoi(arg);
data/idzebra-2.2.2/dict/scantest.c:264:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
after = atoi(arg);
data/idzebra-2.2.2/dict/scantest.c:275:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number = atoi(arg);
data/idzebra-2.2.2/dict/scantest.c:296:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[32];
data/idzebra-2.2.2/dict/scantest.c:297:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(w, "%d", i);
data/idzebra-2.2.2/include/dfa.h:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ch[2]; /* transition on ch[0] <= c <= ch[1] to */
data/idzebra-2.2.2/include/direntz.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[MAX_PATH];
data/idzebra-2.2.2/include/idzebra/data1.h:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record_status[2];
data/idzebra-2.2.2/include/idzebra/data1.h:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char implementation_codes[5];
data/idzebra-2.2.2/include/idzebra/data1.h:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char user_systems[4];
data/idzebra-2.2.2/include/idzebra/data1.h:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char future_use[2];
data/idzebra-2.2.2/include/idzebra/data1.h:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char leader[24]; /* Fixme! Need linear access to LEADER of MARC record */
data/idzebra-2.2.2/include/idzebra/data1.h:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbuf[DATA1_LOCALDATA]; /* small buffer for local data */
data/idzebra-2.2.2/include/idzebra/recctrl.h:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char match_criteria[256];
data/idzebra-2.2.2/index/dir.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/idzebra-2.2.2/index/dir.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_rep[1024];
data/idzebra-2.2.2/index/dir.c:92:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry_n, entry, idx * sizeof(*entry));
data/idzebra-2.2.2/index/dirs.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextpath[DIRS_MAX_PATH];
data/idzebra-2.2.2/index/dirs.c:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[DIRS_MAX_PATH];
data/idzebra-2.2.2/index/dirs.c:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[DIRS_MAX_PATH];
data/idzebra-2.2.2/index/dirs.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[DIRS_MAX_PATH];
data/idzebra-2.2.2/index/dirs.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[DIRS_MAX_PATH];
data/idzebra-2.2.2/index/dirs.c:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[16];
data/idzebra-2.2.2/index/dirs.c:196:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, &sysno, sizeof(sysno));
data/idzebra-2.2.2/index/dirs.c:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info+sizeof(sysno), &mtime, sizeof(mtime));
data/idzebra-2.2.2/index/dirs.c:204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[DIRS_MAX_PATH];
data/idzebra-2.2.2/index/extract.c:206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IT_MAX_WORD+1];
data/idzebra-2.2.2/index/extract.c:420:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dstBuf[2048]; /* static here ??? */
data/idzebra-2.2.2/index/extract.c:432:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ws[32];
data/idzebra-2.2.2/index/extract.c:433:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attset_str[64], attname_str[64];
data/idzebra-2.2.2/index/extract.c:502:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char special[64];
data/idzebra-2.2.2/index/extract.c:511:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(special, s, spec_len);
data/idzebra-2.2.2/index/extract.c:535:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpString[64];
data/idzebra-2.2.2/index/extract.c:625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gprefix[128];
data/idzebra-2.2.2/index/extract.c:626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[128];
data/idzebra-2.2.2/index/extract.c:627:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext_res[128];
data/idzebra-2.2.2/index/extract.c:696:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_rep[1024];
data/idzebra-2.2.2/index/extract.c:707:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(full_rep, O_BINARY|O_RDONLY)) == -1)
data/idzebra-2.2.2/index/extract.c:954:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sysno, rinfo+1, sizeof(*sysno));
data/idzebra-2.2.2/index/extract.c:1338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keystr[200]; /* room for zints to print */
data/idzebra-2.2.2/index/extract.c:1356:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[200]; /* room for special chars */
data/idzebra-2.2.2/index/extract.c:1361:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst_buf, "alwaysmatches");
data/idzebra-2.2.2/index/extract.c:1363:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst_buf, "firstinfield");
data/idzebra-2.2.2/index/extract.c:1365:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst_buf, "unknown");
data/idzebra-2.2.2/index/extract.c:1367:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst_buf, "space");
data/idzebra-2.2.2/index/extract.c:1371:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dst_buf + strlen(dst_buf), " %d", str[i] & 0xff);
data/idzebra-2.2.2/index/extract.c:1478:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mem = 1024*1024 * atoi( res_get_def( zh->res, "memmax", "8"));
data/idzebra-2.2.2/index/extract.c:1480:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int use_threads = atoi(res_get_def(zh->res, "threads", "1"));
data/idzebra-2.2.2/index/extract.c:1559:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int mem = 1024*1024 * atoi( res_get_def( zh->res, "memmax", "8"));
data/idzebra-2.2.2/index/extract.c:1561:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int use_threads = atoi(res_get_def(zh->res, "threads", "1"));
data/idzebra-2.2.2/index/extract.c:1629:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[IT_MAX_WORD];
data/idzebra-2.2.2/index/extract.c:1695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valz[40];
data/idzebra-2.2.2/index/extract.c:1701:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(valz, str, length);
data/idzebra-2.2.2/index/extract.c:1758:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IT_MAX_WORD+1];
data/idzebra-2.2.2/index/extract.c:1805:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[IT_MAX_WORD+1];
data/idzebra-2.2.2/index/extract.c:1884:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zh->store_data_buf, buf, sz);
data/idzebra-2.2.2/index/index.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/index/invstat.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/idzebra-2.2.2/index/invstat.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[IT_MAX_WORD+1];
data/idzebra-2.2.2/index/invstat.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&isam_p, info+1, sizeof(ISAM_P));
data/idzebra-2.2.2/index/invstat.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_dict[2*IT_MAX_WORD+2];
data/idzebra-2.2.2/index/isam_methods.c:44:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
me->debug = atoi(res_get_def (res, "isamsDebug", "0"));
data/idzebra-2.2.2/index/isam_methods.c:62:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
me->debug = atoi(res_get_def (res, "isamcDebug", "0"));
data/idzebra-2.2.2/index/kdump.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (key+1, &itkey, sizeof(itkey));
data/idzebra-2.2.2/index/kdump.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_string[IT_MAX_WORD];
data/idzebra-2.2.2/index/kdump.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_info[256];
data/idzebra-2.2.2/index/kdump.c:156:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(inf = fopen (key_fname, "r")))
data/idzebra-2.2.2/index/kdump.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[IT_MAX_WORD+1];
data/idzebra-2.2.2/index/key_block.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ENCODE_BUFLEN];
data/idzebra-2.2.2/index/key_block.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[100];
data/idzebra-2.2.2/index/key_block.c:83:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (v, a+s*i, s);
data/idzebra-2.2.2/index/key_block.c:87:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a + s*j, a + s*(j-h), s);
data/idzebra-2.2.2/index/key_block.c:90:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a+s*j, v, s);
data/idzebra-2.2.2/index/key_block.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&key, k+1, sizeof(struct it_key)); /* *k is insert/delete */
data/idzebra-2.2.2/index/key_block.c:283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)p->key_buf + p->key_buf_used, str_buf, str_len);
data/idzebra-2.2.2/index/key_block.c:304:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)p->key_buf + p->key_buf_used,
data/idzebra-2.2.2/index/key_block.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_fname[200];
data/idzebra-2.2.2/index/key_block.c:335:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(outf = fopen (out_fname, "wb")))
data/idzebra-2.2.2/index/kinput.c:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/idzebra-2.2.2/index/kinput.c:90:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, O_BINARY|O_RDONLY);
data/idzebra-2.2.2/index/kinput.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcbuf[128];
data/idzebra-2.2.2/index/kinput.c:334:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hi->info.buf[hi->ptr[cur]], buf, nbytes);
data/idzebra-2.2.2/index/kinput.c:350:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[INP_NAME_MAX];
data/idzebra-2.2.2/index/kinput.c:359:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, hi->info.buf[n] + r+1, KEY_SIZE);
data/idzebra-2.2.2/index/kinput.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[INP_NAME_MAX+1];
data/idzebra-2.2.2/index/kinput.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prev_name[INP_NAME_MAX];
data/idzebra-2.2.2/index/kinput.c:394:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cur_name[INP_NAME_MAX];
data/idzebra-2.2.2/index/kinput.c:425:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, p->key_1, p->sz_1);
data/idzebra-2.2.2/index/kinput.c:448:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->key_1, p->key_2, p->sz_2);
data/idzebra-2.2.2/index/kinput.c:481:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->key_1, p->key_2, p->sz_1);
data/idzebra-2.2.2/index/kinput.c:500:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, p->key_1, p->sz_1);
data/idzebra-2.2.2/index/kinput.c:517:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, p->key+1, sizeof(struct it_key));
data/idzebra-2.2.2/index/kinput.c:535:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, p->key+1, sizeof(struct it_key));
data/idzebra-2.2.2/index/kinput.c:553:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_name[INP_NAME_MAX];
data/idzebra-2.2.2/index/kinput.c:562:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&isamc_p, dict_info+1, sizeof(ISAM_P));
data/idzebra-2.2.2/index/kinput.c:602:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_name[INP_NAME_MAX];
data/idzebra-2.2.2/index/kinput.c:616:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&isamc_p, dict_info+1, sizeof(ISAM_P));
data/idzebra-2.2.2/index/kinput.c:656:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_name[INP_NAME_MAX];
data/idzebra-2.2.2/index/kinput.c:717:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[1024];
data/idzebra-2.2.2/index/kinput.c:728:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[1024];
data/idzebra-2.2.2/index/limit.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zl->ids, ids, (i+1) * sizeof(*ids));
data/idzebra-2.2.2/index/marcomp.c:155:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6+1];
data/idzebra-2.2.2/index/mod_alvis.c:93:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(quoted, "'" ZINT_FORMAT "'", value);
data/idzebra-2.2.2/index/mod_alvis.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_full_name[1024];
data/idzebra-2.2.2/index/mod_alvis.c:245:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_xslt_full_name[1024];
data/idzebra-2.2.2/index/mod_alvis.c:273:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
split_level_str ? atoi(split_level_str) : 0;
data/idzebra-2.2.2/index/mod_alvis.c:443:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[10];
data/idzebra-2.2.2/index/mod_alvis.c:588:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[32];
data/idzebra-2.2.2/index/mod_alvis.c:675:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->rec_buf, buf_out, p->rec_len);
data/idzebra-2.2.2/index/mod_alvis.c:692:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->rec_buf, buf_out, p->rec_len);
data/idzebra-2.2.2/index/mod_dom.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/idzebra-2.2.2/index/mod_dom.c:184:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(quoted, "'" ZINT_FORMAT "'", value);
data/idzebra-2.2.2/index/mod_dom.c:310:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_xslt_full_name[1024];
data/idzebra-2.2.2/index/mod_dom.c:560:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p->u.xmlreader.split_level = atoi(level_str);
data/idzebra-2.2.2/index/mod_dom.c:580:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_full_name[1024];
data/idzebra-2.2.2/index/mod_dom.c:931:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extctr->match_criteria, id_p, l);
data/idzebra-2.2.2/index/mod_dom.c:1126:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[256];
data/idzebra-2.2.2/index/mod_dom.c:1127:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rank[256];
data/idzebra-2.2.2/index/mod_dom.c:1128:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/idzebra-2.2.2/index/mod_dom.c:1235:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[10];
data/idzebra-2.2.2/index/mod_dom.c:1255:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *outf = fopen("extract.xml", "w");
data/idzebra-2.2.2/index/mod_dom.c:1409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/idzebra-2.2.2/index/mod_dom.c:1505:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *params[32];
data/idzebra-2.2.2/index/mod_dom.c:1586:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->rec_buf, buf_out, p->rec_len);
data/idzebra-2.2.2/index/mod_dom.c:1602:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->rec_buf, buf_out, p->rec_len);
data/idzebra-2.2.2/index/mod_grs_marc.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/idzebra-2.2.2/index/mod_grs_marc.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100000];
data/idzebra-2.2.2/index/mod_grs_marc.c:131:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(marctab->leader, buf, 24);
data/idzebra-2.2.2/index/mod_grs_marc.c:132:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(marctab->implementation_codes, buf+6, 4);
data/idzebra-2.2.2/index/mod_grs_marc.c:134:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(marctab->user_systems, buf+17, 3);
data/idzebra-2.2.2/index/mod_grs_marc.c:183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[4];
data/idzebra-2.2.2/index/mod_grs_marc.c:187:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag, buf+entry_p, 3);
data/idzebra-2.2.2/index/mod_grs_marc.c:217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attr[10];
data/idzebra-2.2.2/index/mod_grs_marc.c:228:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str1[18], str2[2];
data/idzebra-2.2.2/index/mod_grs_marc.c:229:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "ind%d", j+1);
data/idzebra-2.2.2/index/mod_grs_marc.c:257:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attr[10];
data/idzebra-2.2.2/index/mod_grs_marc.c:277:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attr[3];
data/idzebra-2.2.2/index/mod_grs_marc.c:278:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char code[10];
data/idzebra-2.2.2/index/mod_grs_regx.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[256];
data/idzebra-2.2.2/index/mod_grs_regx.c:223:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p->str, buf, len);
data/idzebra-2.2.2/index/mod_grs_regx.c:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[32];
data/idzebra-2.2.2/index/mod_grs_regx.c:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char context_name[32];
data/idzebra-2.2.2/index/mod_grs_regx.c:522:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (context_name, s, len);
data/idzebra-2.2.2/index/mod_grs_regx.c:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/idzebra-2.2.2/index/mod_grs_regx.c:718:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ap)->name, attribute_str, attribute_len);
data/idzebra-2.2.2/index/mod_grs_regx.c:722:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*ap)->value, ebuf, elen);
data/idzebra-2.2.2/index/mod_grs_regx.c:731:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (nv + strlen(nv), ebuf, elen);
data/idzebra-2.2.2/index/mod_grs_regx.c:763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (new_buf, old_buf, org_len);
data/idzebra-2.2.2/index/mod_grs_regx.c:768:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (spec->concatBuf[spec->d1_level].buf + org_len, ebuf, elen);
data/idzebra-2.2.2/index/mod_grs_regx.c:793:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->u.data.data, spec->concatBuf[spec->d1_level].buf,
data/idzebra-2.2.2/index/mod_grs_regx.c:804:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tclass[DATA1_MAX_SYMBOL], ttype[DATA1_MAX_SYMBOL];
data/idzebra-2.2.2/index/mod_grs_regx.c:816:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tclass, class_str, class_len);
data/idzebra-2.2.2/index/mod_grs_regx.c:821:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ttype, type_str, type_len);
data/idzebra-2.2.2/index/mod_grs_regx.c:858:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res->lbuf, value_str, value_len);
data/idzebra-2.2.2/index/mod_grs_regx.c:1075:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, src, len);
data/idzebra-2.2.2/index/mod_grs_regx.c:1259:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi(argv[argi]);
data/idzebra-2.2.2/index/mod_grs_regx.c:1268:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
no = atoi(argv[argi]);
data/idzebra-2.2.2/index/mod_grs_regx.c:1281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var_name[10], *var_buf;
data/idzebra-2.2.2/index/mod_grs_regx.c:1284:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (var_name, "%d", i);
data/idzebra-2.2.2/index/mod_grs_regx.c:1326:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, ptmp[64];
data/idzebra-2.2.2/index/mod_grs_regx.c:1350:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char absynName[64];
data/idzebra-2.2.2/index/mod_grs_regx.c:1355:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (absynName, cmd_str, cmd_len);
data/idzebra-2.2.2/index/mod_grs_regx.c:1554:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
offset = atoi (p);
data/idzebra-2.2.2/index/mod_grs_xml.c:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attr_list[7];
data/idzebra-2.2.2/index/mod_grs_xml.c:184:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(inf = fopen (systemId, "rb")))
data/idzebra-2.2.2/index/mod_grs_xml.c:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf_[2], *outbuf = outbuf_;
data/idzebra-2.2.2/index/mod_grs_xml.c:244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&code, outbuf_, sizeof(short));
data/idzebra-2.2.2/index/mod_grs_xml.c:270:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf_[5];
data/idzebra-2.2.2/index/mod_grs_xml.c:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inbuf_[5];
data/idzebra-2.2.2/index/mod_grs_xml.c:296:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbuf[80];
data/idzebra-2.2.2/index/mod_grs_xml.c:311:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (sbuf+strlen(sbuf), "%d ", inbuf_[k]&255);
data/idzebra-2.2.2/index/mod_grs_xml.c:357:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&code, outbuf_, sizeof(short));
data/idzebra-2.2.2/index/mod_grs_xml.c:469:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *attr_list[5];
data/idzebra-2.2.2/index/mod_safari.c:119:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/idzebra-2.2.2/index/mod_safari.c:138:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char field[40];
data/idzebra-2.2.2/index/mod_safari.c:140:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_cstr[2];
data/idzebra-2.2.2/index/mod_safari.c:228:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (nb, filter_buf, filter_ptr);
data/idzebra-2.2.2/index/mod_safari.c:237:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filter_buf, "Rank: %d\n", p->score);
data/idzebra-2.2.2/index/mod_safari.c:240:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (filter_buf + filter_ptr, "Local Number: " ZINT_FORMAT "\n",
data/idzebra-2.2.2/index/mod_text.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char w[512];
data/idzebra-2.2.2/index/mod_text.c:183:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nb, filter_buf, filter_ptr);
data/idzebra-2.2.2/index/mod_text.c:192:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filter_buf, "Rank: %d\n", p->score);
data/idzebra-2.2.2/index/mod_text.c:195:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filter_buf + filter_ptr, "Local Number: " ZINT_FORMAT "\n",
data/idzebra-2.2.2/index/orddict.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[20];
data/idzebra-2.2.2/index/rank1.c:131:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si->entries[i].rank_weight = atoi(cp+3);
data/idzebra-2.2.2/index/ranksimilarity.c:206:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
si->entries[i].fieldindex_weight = atoi (cp+3);
data/idzebra-2.2.2/index/recctrl.c:146:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FILENAME_MAX*2+1];
data/idzebra-2.2.2/index/recctrl.c:147:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "%.*s/%.*s",
data/idzebra-2.2.2/index/recctrl.c:183:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comp[FILENAME_MAX+1];
data/idzebra-2.2.2/index/recctrl.c:190:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(comp, comp_ptr, len);
data/idzebra-2.2.2/index/recgrs.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_str[20];
data/idzebra-2.2.2/index/recgrs.c:163:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num_str, "%d", min_pos);
data/idzebra-2.2.2/index/recgrs.c:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, sp->tok, sp->len);
data/idzebra-2.2.2/index/recgrs.c:242:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, sp->tok+1, wrd->term_len);
data/idzebra-2.2.2/index/recgrs.c:522:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tag_path_full + flen, nn->u.tag.tag, tlen);
data/idzebra-2.2.2/index/recgrs.c:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag_path_full[1024];
data/idzebra-2.2.2/index/recgrs.c:572:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wrd_tl, wrd, sizeof(*wrd));
data/idzebra-2.2.2/index/recgrs.c:642:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comb[512];
data/idzebra-2.2.2/index/recgrs.c:643:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr_tag_path_full[1024];
data/idzebra-2.2.2/index/recgrs.c:686:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attr_tag_path_full[1024];
data/idzebra-2.2.2/index/recgrs.c:1037:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *idzebra_ns[3];
data/idzebra-2.2.2/index/recgrs.c:1116:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dnew->u.data.data, "%d", p->recordSize);
data/idzebra-2.2.2/index/recgrs.c:1127:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dnew->u.data.data, "%d", p->score);
data/idzebra-2.2.2/index/recgrs.c:1216:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oid_str[OID_STR_MAX];
data/idzebra-2.2.2/index/recgrs.c:1263:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, p->rec_buf, p->rec_len);
data/idzebra-2.2.2/index/recgrs.c:1309:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, p->rec_buf, p->rec_len);
data/idzebra-2.2.2/index/recgrs.c:1324:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, p->rec_buf, p->rec_len);
data/idzebra-2.2.2/index/recgrs.c:1351:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_buf, p->rec_buf, p->rec_len);
data/idzebra-2.2.2/index/recindex.c:55:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
len = ((const char *) b)[sizeof(sys)];
data/idzebra-2.2.2/index/recindex.c:59:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ent, (const char *)b + sizeof(sys) + 1, len);
data/idzebra-2.2.2/index/recindex.c:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, *src, len);
data/idzebra-2.2.2/index/recindex.c:112:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &sys, sizeof(sys));
data/idzebra-2.2.2/index/recindex.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, *src, len);
data/idzebra-2.2.2/index/recindex.c:233:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[256];
data/idzebra-2.2.2/index/recindex.c:235:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char untilbuf[sizeof(zint) + 1];
data/idzebra-2.2.2/index/recindex.c:239:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(untilbuf, &sysno, sizeof(sysno));
data/idzebra-2.2.2/index/recindex.c:253:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, item + sizeof(sysno) + 1, itemsize);
data/idzebra-2.2.2/index/recindex.c:302:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &s->sysno, sizeof(zint));
data/idzebra-2.2.2/index/recindex.c:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, s->buf, s->itemsize);
data/idzebra-2.2.2/index/recindex.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *info[REC_NO_INFO];
data/idzebra-2.2.2/index/recindex.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_size[REC_NO_INFO][6];
data/idzebra-2.2.2/index/reckeys.c:127:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf, buf, sz);
data/idzebra-2.2.2/index/reckeys.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(*kep)->key, key, sizeof(*key));
data/idzebra-2.2.2/index/reckeys.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*kep)->buf, str, slen);
data/idzebra-2.2.2/index/reckeys.c:216:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (b, keys->buf, keys->buf_used);
data/idzebra-2.2.2/index/reckeys.c:224:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, str, slen);
data/idzebra-2.2.2/index/records.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *data_fname[REC_BLOCK_TYPES];
data/idzebra-2.2.2/index/records.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[8];
data/idzebra-2.2.2/index/records.c:81:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[4];
data/idzebra-2.2.2/index/records.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block_and_ref[sizeof(zint) + sizeof(short)];
data/idzebra-2.2.2/index/records.c:177:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block_and_ref + sizeof(freeblock), &ref, sizeof(ref));
data/idzebra-2.2.2/index/records.c:269:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, &block_free, sizeof(block_free));
data/idzebra-2.2.2/index/records.c:280:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, &block_free, sizeof(block_free));
data/idzebra-2.2.2/index/records.c:330:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p->head.version, "%3d", REC_VERSION);
data/idzebra-2.2.2/index/records.c:363:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version = atoi(p->head.version);
data/idzebra-2.2.2/index/records.c:375:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/idzebra-2.2.2/index/records.c:376:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "recd%c", i + 'A');
data/idzebra-2.2.2/index/records.c:476:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, *out_buf, *out_offset);
data/idzebra-2.2.2/index/records.c:506:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*out_buf + *out_offset, rec->info[i], rec->size[i]);
data/idzebra-2.2.2/index/records.c:578:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tmp_buf + sizeof(zint) + sizeof(short) + sizeof(char),
data/idzebra-2.2.2/index/records.c:583:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tmp_buf + sizeof(zint), &ref_count, sizeof(ref_count));
data/idzebra-2.2.2/index/records.c:584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tmp_buf + sizeof(zint)+sizeof(short),
data/idzebra-2.2.2/index/records.c:669:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->record_cache+j, p->record_cache+i,
data/idzebra-2.2.2/index/records.c:804:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cptr, &tmp, sizeof(tmp));
data/idzebra-2.2.2/index/records.c:911:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, rec->info[i], rec->size[i]);
data/idzebra-2.2.2/index/records.c:1072:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->info[i], rec->info[i], rec->size[i]);
data/idzebra-2.2.2/index/retrieve.c:69:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_rep[1024];
data/idzebra-2.2.2/index/retrieve.c:80:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(full_rep, O_BINARY|O_RDONLY)) == -1){
data/idzebra-2.2.2/index/retrieve.c:219:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[IT_MAX_WORD];
data/idzebra-2.2.2/index/retrieve.c:322:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[IT_MAX_WORD];
data/idzebra-2.2.2/index/retrieve.c:594:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[IT_MAX_WORD];
data/idzebra-2.2.2/index/retrieve.c:607:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&isam_p, info+1, sizeof(ISAM_P));
data/idzebra-2.2.2/index/retrieve.c:879:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
no_collect_terms = atoi(spec->extra);
data/idzebra-2.2.2/index/rpnscan.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_utf8[IT_MAX_WORD];
data/idzebra-2.2.2/index/rpnscan.c:60:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(termz, res_buf, res_len);
data/idzebra-2.2.2/index/rpnscan.c:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[20];
data/idzebra-2.2.2/index/rpnscan.c:156:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scan_info->isam_p, info+1, sizeof(ISAM_P));
data/idzebra-2.2.2/index/rpnscan.c:311:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termz[IT_MAX_WORD+20];
data/idzebra-2.2.2/index/rpnscan.c:341:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termz[IT_MAX_WORD+20];
data/idzebra-2.2.2/index/rpnscan.c:385:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termz[IT_MAX_WORD+20];
data/idzebra-2.2.2/index/rpnscan.c:411:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termz[IT_MAX_WORD+20];
data/idzebra-2.2.2/index/rpnscan.c:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[20];
data/idzebra-2.2.2/index/rpnscan.c:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rank_type[128];
data/idzebra-2.2.2/index/rpnscan.c:507:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resname[32];
data/idzebra-2.2.2/index/rpnscan.c:508:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(resname, "%d", termset_value_numeric);
data/idzebra-2.2.2/index/rpnsearch.c:113:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_isam_p_buf, p->isam_p_buf,
data/idzebra-2.2.2/index/rpnsearch.c:123:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_term_no, p->isam_p_buf,
data/idzebra-2.2.2/index/rpnsearch.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->isam_p_buf + p->isam_p_indx, info+1, sizeof(*p->isam_p_buf));
data/idzebra-2.2.2/index/rpnsearch.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_tmp[IT_MAX_WORD];
data/idzebra-2.2.2/index/rpnsearch.c:198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out_buf +strlen(out_buf), "%02X:%c ", c, pc);
data/idzebra-2.2.2/index/rpnsearch.c:201:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(out_buf, "..");
data/idzebra-2.2.2/index/rpnsearch.c:229:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[80];
data/idzebra-2.2.2/index/rpnsearch.c:461:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
isdigit(((const unsigned char *)s0)[1]))
data/idzebra-2.2.2/index/rpnsearch.c:631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[20*5*20]; /* assuming enough for expansion */
data/idzebra-2.2.2/index/rpnsearch.c:636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numstr[20];
data/idzebra-2.2.2/index/rpnsearch.c:642:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst, "(-[0-9]+|(");
data/idzebra-2.2.2/index/rpnsearch.c:644:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst, "((");
data/idzebra-2.2.2/index/rpnsearch.c:650:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst, "([0-9]+|-(");
data/idzebra-2.2.2/index/rpnsearch.c:655:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dst, "(-(");
data/idzebra-2.2.2/index/rpnsearch.c:661:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numstr, "%d", val);
data/idzebra-2.2.2/index/rpnsearch.c:724:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst, "0*");
data/idzebra-2.2.2/index/rpnsearch.c:726:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst, "[0-9]?");
data/idzebra-2.2.2/index/rpnsearch.c:732:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst, "[0-9]");
data/idzebra-2.2.2/index/rpnsearch.c:733:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst, "[0-9]*");
data/idzebra-2.2.2/index/rpnsearch.c:735:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dst, "))");
data/idzebra-2.2.2/index/rpnsearch.c:978:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(res, "%d", term_ref_id_int);
data/idzebra-2.2.2/index/rpnsearch.c:1061:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[32];
data/idzebra-2.2.2/index/rpnsearch.c:1274:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1000];
data/idzebra-2.2.2/index/rpnsearch.c:1316:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
grep_info->trunc_max = atoi(res_get_def(zh->res, "truncmax", "10000"));
data/idzebra-2.2.2/index/rpnsearch.c:1347:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resname[32];
data/idzebra-2.2.2/index/rpnsearch.c:1352:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(resname, "%d", termset_value_numeric);
data/idzebra-2.2.2/index/rpnsearch.c:1401:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew, *result_sets, alloc_sets * sizeof(*rnew));
data/idzebra-2.2.2/index/rpnsearch.c:1484:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[32];
data/idzebra-2.2.2/index/rpnsearch.c:1486:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_dict[100];
data/idzebra-2.2.2/index/rpnsearch.c:1487:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(term_dict, ord_buf, ord_len);
data/idzebra-2.2.2/index/rpnsearch.c:1512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[32];
data/idzebra-2.2.2/index/rpnsearch.c:1513:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_dict[100];
data/idzebra-2.2.2/index/rpnsearch.c:1549:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(term_dict, ord_buf, ord_len);
data/idzebra-2.2.2/index/rpnsearch.c:1610:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nsets+1, result_sets, sizeof(RSET) * num_result_sets);
data/idzebra-2.2.2/index/rpnsearch.c:1798:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
term_value = atoi(wrbuf_cstr(term_num));
data/idzebra-2.2.2/index/rpnsearch.c:1808:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
term_value = atoi(wrbuf_cstr(term_num));
data/idzebra-2.2.2/index/rpnsearch.c:1818:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
term_value = atoi(wrbuf_cstr(term_num));
data/idzebra-2.2.2/index/rpnsearch.c:1828:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
term_value = atoi(wrbuf_cstr(term_num));
data/idzebra-2.2.2/index/rpnsearch.c:1840:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
term_value = atoi(wrbuf_cstr(term_num));
data/idzebra-2.2.2/index/rpnsearch.c:1880:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[32];
data/idzebra-2.2.2/index/rpnsearch.c:1967:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rnew, result_sets, alloc_sets * sizeof(*rnew));
data/idzebra-2.2.2/index/rpnsearch.c:2070:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termz[20];
data/idzebra-2.2.2/index/rpnsearch.c:2091:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(termz, "%d", i);
data/idzebra-2.2.2/index/rpnsearch.c:2165:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[32];
data/idzebra-2.2.2/index/rpnsearch.c:2408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rank_type[128];
data/idzebra-2.2.2/index/rpnsearch.c:2411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char termz[IT_MAX_WORD+1];
data/idzebra-2.2.2/index/rpnsearch.c:2655:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*result_sets, result_sets_l,
data/idzebra-2.2.2/index/rpnsearch.c:2657:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*result_sets + num_result_sets_l, result_sets_r,
data/idzebra-2.2.2/index/sortidx.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[SORT_MAX_MULTI];
data/idzebra-2.2.2/index/sortidx.c:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, a1.term, a1.length);
data/idzebra-2.2.2/index/sortidx.c:120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &a1, sizeof(a1));
data/idzebra-2.2.2/index/sortidx.c:132:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a1.term, *src, a1.length);
data/idzebra-2.2.2/index/sortidx.c:135:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &a1, sizeof(a1));
data/idzebra-2.2.2/index/sortidx.c:163:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &s->st, sizeof(s->st));
data/idzebra-2.2.2/index/sortidx.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[80];
data/idzebra-2.2.2/index/sortidx.c:263:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "sort%d", id);
data/idzebra-2.2.2/index/sortidx.c:286:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "sortb%d", id);
data/idzebra-2.2.2/index/sortidx.c:306:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "sortm%d", id);
data/idzebra-2.2.2/index/sortidx.c:407:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(si->entry_buf, wrbuf_buf(wrbuf), len);
data/idzebra-2.2.2/index/sortidx.c:427:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.st.term, wrbuf_buf(wrbuf), len);
data/idzebra-2.2.2/index/sortidx.c:452:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.st.term, wrbuf_buf(wrbuf), len);
data/idzebra-2.2.2/index/sortidx.c:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[SORT_IDX_ENTRYSIZE];
data/idzebra-2.2.2/index/stream.c:69:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, fc->record_int_buf + fc->record_int_pos, l);
data/idzebra-2.2.2/index/trunc.c:78:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ti->heap[ti->ptr[cur]], buf, ti->keysize);
data/idzebra-2.2.2/index/trunc.c:413:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int trunc_limit = atoi(res_get_def(zh->res, "trunclimit", "10000"));
data/idzebra-2.2.2/index/trunc.c:441:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trunc_chunk = atoi(res_get_def(zh->res, "truncchunk", "20"));
data/idzebra-2.2.2/index/untrans.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_dst[IT_MAX_WORD];
data/idzebra-2.2.2/index/untrans.c:89:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*dst, term_dst, len);
data/idzebra-2.2.2/index/untrans.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term_src[IT_MAX_WORD];
data/idzebra-2.2.2/index/update_file.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[1000];
data/idzebra-2.2.2/index/update_file.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[1024];
data/idzebra-2.2.2/index/update_file.c:101:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmppath[1024];
data/idzebra-2.2.2/index/update_file.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[1024];
data/idzebra-2.2.2/index/update_file.c:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst[1024];
data/idzebra-2.2.2/index/update_file.c:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmatch_fname[1024];
data/idzebra-2.2.2/index/update_file.c:342:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[1024];
data/idzebra-2.2.2/index/update_path.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[1024];
data/idzebra-2.2.2/index/update_path.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[1024];
data/idzebra-2.2.2/index/update_path.c:148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[1024];
data/idzebra-2.2.2/index/zaptterm.c:72:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (termz, term->u.general->buf, sizez);
data/idzebra-2.2.2/index/zaptterm.c:80:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (termz, term->u.characterString, sizez);
data/idzebra-2.2.2/index/zebraapi.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_str[16];
data/idzebra-2.2.2/index/zebraapi.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system_str[80];
data/idzebra-2.2.2/index/zebraapi.c:317:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(path, "zebrasrv.pid");
data/idzebra-2.2.2/index/zebraapi.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resource_str[200];
data/idzebra-2.2.2/index/zebraapi.c:325:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(resource_str, "dict.%.100s.pagesize", name);
data/idzebra-2.2.2/index/zebraapi.c:729:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/idzebra-2.2.2/index/zebraapi.c:735:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname, "%.200s/zebra.cfg", zh->path_reg);
data/idzebra-2.2.2/index/zebraapi.c:807:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/idzebra-2.2.2/index/zebraapi.c:861:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fromdb[128], todb[8][128];
data/idzebra-2.2.2/index/zebraapi.c:1007:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_reg, basenames[0], len);
data/idzebra-2.2.2/index/zebraapi.c:1203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recs[i].buf, buf, len);
data/idzebra-2.2.2/index/zebraapi.c:1375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u[40];
data/idzebra-2.2.2/index/zebraapi.c:1382:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(u, "perm.%.30s", user ? user : "anonymous");
data/idzebra-2.2.2/index/zebraapi.c:1499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[20];
data/idzebra-2.2.2/index/zebraapi.c:1605:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_str, wrbuf_buf(wrbuf), wrbuf_len(wrbuf));
data/idzebra-2.2.2/index/zebraapi.c:1622:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_fname[256];
data/idzebra-2.2.2/index/zebraapi.c:1631:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "w");
data/idzebra-2.2.2/index/zebraapi.c:1645:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state_fname[256];
data/idzebra-2.2.2/index/zebraapi.c:1654:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "r");
data/idzebra-2.2.2/index/zebraapi.c:1688:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zh->m_follow_links = atoi(v);
data/idzebra-2.2.2/index/zebraapi.c:1694:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zh->m_store_keys = atoi(v);
data/idzebra-2.2.2/index/zebraapi.c:1697:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zh->m_store_data = atoi(v);
data/idzebra-2.2.2/index/zebraapi.c:1700:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zh->m_explain_database = atoi(v);
data/idzebra-2.2.2/index/zebraapi.c:1703:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zh->m_flag_rw = atoi(v);
data/idzebra-2.2.2/index/zebraapi.c:1706:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zh->m_file_verbose_limit = atoi(v);
data/idzebra-2.2.2/index/zebraapi.c:2236:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[IT_MAX_WORD+20];
data/idzebra-2.2.2/index/zebraapi.c:2268:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ord_buf + ord_len, str, slen);
data/idzebra-2.2.2/index/zebraapi.c:2765:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstr[60];
data/idzebra-2.2.2/index/zebraidx.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[100];
data/idzebra-2.2.2/index/zebraidx.c:74:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nbuf, "%.40s(%ld)", *argv, (long) getpid());
data/idzebra-2.2.2/index/zebraidx.c:246:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_str[20];
data/idzebra-2.2.2/index/zebraidx.c:247:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_str[80];
data/idzebra-2.2.2/index/zebrash.c:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/idzebra-2.2.2/index/zebrash.c:218:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "yaz_log_level 0x%x", YLOG_DEFAULT_LEVEL | log_level );
data/idzebra-2.2.2/index/zebrash.c:660:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[MAX_NO_ARGS];
data/idzebra-2.2.2/index/zebrash.c:662:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char argbuf[MAX_ARG_LEN];
data/idzebra-2.2.2/index/zebrash.c:775:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prevout[MAX_OUT_BUFF]=""; /* previous output for 'expect' */
data/idzebra-2.2.2/index/zebrash.c:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_ARG_LEN];
data/idzebra-2.2.2/index/zebrasrv.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_str[16];
data/idzebra-2.2.2/index/zebrasrv.c:99:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
char *openpass = xstrdup(q->auth->u.open);
data/idzebra-2.2.2/index/zebrasrv.c:221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[1024];
data/idzebra-2.2.2/index/zebrasrv.c:309:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ascending = atoi(arg[2]);
data/idzebra-2.2.2/index/zebrasrv.c:693:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oid_name_str[OID_STR_MAX];
data/idzebra-2.2.2/index/zebrasrv.c:727:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recid_str[256];
data/idzebra-2.2.2/index/zebrasrv.c:760:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(recid_str, opaque_recid->buf, l);
data/idzebra-2.2.2/index/zebrasrv.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfname[4096];
data/idzebra-2.2.2/index/zebrasrv.c:822:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfname, O_EXCL|O_WRONLY|O_CREAT, 0666);
data/idzebra-2.2.2/index/zebrasrv.c:830:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pidfname, O_RDWR, 0666);
data/idzebra-2.2.2/index/zebrasrv.c:847:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstr[30];
data/idzebra-2.2.2/index/zebrasrv.c:849:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pidstr, "%ld", (long) getpid());
data/idzebra-2.2.2/index/zebrasrv.c:867:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidfname[4096];
data/idzebra-2.2.2/index/zebrasrv.c:884:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sob->configname, "zebra.cfg");
data/idzebra-2.2.2/index/zebrasrv.c:888:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sob->service_name, "zebrasrv");
data/idzebra-2.2.2/index/zebrasrv.c:889:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sob->service_display_name, "Zebra Server");
data/idzebra-2.2.2/index/zinfo.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[15]; /* YYYY MMDD HH MM SS */
data/idzebra-2.2.2/index/zinfo.c:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/idzebra-2.2.2/index/zinfo.c:236:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, np->child->u.data.data, len);
data/idzebra-2.2.2/index/zinfo.c:369:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ( atoi(res_get_def(res, "notimestamps", "0") )== 0)
data/idzebra-2.2.2/index/zinfo.c:373:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zei->date, "%04d%02d%02d%02d%02d%02d",
data/idzebra-2.2.2/index/zinfo.c:377:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zei->date, "%04d%02d%02d%02d%02d%02d",
data/idzebra-2.2.2/index/zinfo.c:464:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*zdip)->databaseName, node_name->u.data.data,
data/idzebra-2.2.2/index/zinfo.c:549:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trec->info[recInfo_storeData], sgml_buf, sgml_len);
data/idzebra-2.2.2/index/zinfo.c:1038:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(drec->info[recInfo_storeData], sgml_buf, sgml_len);
data/idzebra-2.2.2/index/zinfo.c:1123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(drec->info[recInfo_storeData], sgml_buf, sgml_len);
data/idzebra-2.2.2/index/zinfo.c:1184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(drec->info[recInfo_storeData], sgml_buf, sgml_len);
data/idzebra-2.2.2/index/zinfo.c:1283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(drec->info[recInfo_storeData], sgml_buf, sgml_len);
data/idzebra-2.2.2/index/zinfo.c:1348:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(trec->info[recInfo_storeData], sgml_buf, sgml_len);
data/idzebra-2.2.2/index/zsets.c:254:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s->sort_info->max_entries = atoi(sort_max_str);
data/idzebra-2.2.2/index/zsets.c:604:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this_entry_buf, wrbuf_buf(w)+off, l);
data/idzebra-2.2.2/index/zsets.c:628:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_entry_org[1024];
data/idzebra-2.2.2/index/zsets.c:629:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other_entry_org[1024];
data/idzebra-2.2.2/index/zsets.c:689:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(j_buf, j_1_buf, SORT_IDX_ENTRYSIZE);
data/idzebra-2.2.2/index/zsets.c:702:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_entry_buf, this_entry_buf, SORT_IDX_ENTRYSIZE);
data/idzebra-2.2.2/index/zsets.c:880:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cmp_buf[ZSET_SORT_MAX_LEVEL];
data/idzebra-2.2.2/index/zsets.c:881:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp_cmp_buf[ZSET_SORT_MAX_LEVEL];
data/idzebra-2.2.2/index/zsets.c:1211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->control, ctrl, sizeof(*p->control));
data/idzebra-2.2.2/index/zsets.c:1324:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(termbuf, inbuf, *termlen);
data/idzebra-2.2.2/index/zsets.c:1426:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ord_buf[32];
data/idzebra-2.2.2/index/zsets.c:1447:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&isam_p, info+1, sizeof(ISAM_P));
data/idzebra-2.2.2/isamb/benchindex1.c:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &key, sizeof(key));
data/idzebra-2.2.2/isamb/benchindex1.c:180:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->ar[i]->word_id, dict_info+1, sizeof(int));
data/idzebra-2.2.2/isamb/benchindex1.c:294:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char term[4096];
data/idzebra-2.2.2/isamb/benchindex1.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[4096];
data/idzebra-2.2.2/isamb/benchindex1.c:436:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100001];
data/idzebra-2.2.2/isamb/benchindex1.c:529:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memory = atoi(arg);
data/idzebra-2.2.2/isamb/benchindex1.c:567:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inf = fopen(fname, "rb");
data/idzebra-2.2.2/isamb/benchisamb.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x, b, sizeof(int));
data/idzebra-2.2.2/isamb/benchisamb.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ia, (const char *) a + 1, sizeof(int));
data/idzebra-2.2.2/isamb/benchisamb.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ib, (const char *) b + 1, sizeof(int));
data/idzebra-2.2.2/isamb/benchisamb.c:72:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*dst, *src, sz);
data/idzebra-2.2.2/isamb/benchisamb.c:106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst + 1, &x, sizeof(int));
data/idzebra-2.2.2/isamb/benchisamb.c:197:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_rounds = atoi(arg);
data/idzebra-2.2.2/isamb/benchisamb.c:200:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_items = atoi(arg);
data/idzebra-2.2.2/isamb/benchisamb.c:203:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
number_of_isams = atoi(arg);
data/idzebra-2.2.2/isamb/benchisamb.c:206:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extra_size = atoi(arg);
data/idzebra-2.2.2/isamb/isamb.c:164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*dst, &pos, sizeof(pos));
data/idzebra-2.2.2/isamb/isamb.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pos, *src, sizeof(*pos));
data/idzebra-2.2.2/isamb/isamb.c:214:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(isamb->method, method, sizeof(*method));
data/idzebra-2.2.2/isamb/isamb.c:255:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[DST_BUF_SIZE];
data/idzebra-2.2.2/isamb/isamb.c:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[DST_BUF_SIZE];
data/idzebra-2.2.2/isamb/isamb.c:409:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ce_this->buf + off, userbuf,
data/idzebra-2.2.2/isamb/isamb.c:414:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(userbuf, ce_this->buf + off,
data/idzebra-2.2.2/isamb/isamb.c:442:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ce_this->buf + off, userbuf, b->file[cat].head.block_size);
data/idzebra-2.2.2/isamb/isamb.c:448:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(userbuf, ce_this->buf + off, b->file[cat].head.block_size);
data/idzebra-2.2.2/isamb/isamb.c:470:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[DST_BUF_SIZE];
data/idzebra-2.2.2/isamb/isamb.c:491:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hbuf, "isamb%02d %02d %02d\r\n", major,
data/idzebra-2.2.2/isamb/isamb.c:598:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&b->file[cat].head.free_list, p->buf, sizeof(zint));
data/idzebra-2.2.2/isamb/isamb.c:646:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:674:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buf, &b->file[p->cat].head.free_list, sizeof(zint));
data/idzebra-2.2.2/isamb/isamb.c:725:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_item[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:797:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[DST_BUF_SIZE];
data/idzebra-2.2.2/isamb/isamb.c:804:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, startp, src - startp);
data/idzebra-2.2.2/isamb/isamb.c:813:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, sub_item, sub_size);
data/idzebra-2.2.2/isamb/isamb.c:821:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, endp - src);
data/idzebra-2.2.2/isamb/isamb.c:830:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(startp, dst_buf, dst - dst_buf);
data/idzebra-2.2.2/isamb/isamb.c:839:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:889:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->bytes, dst_buf, p_new_size);
data/idzebra-2.2.2/isamb/isamb.c:896:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(split_item, file_item_buf, *split_size);
data/idzebra-2.2.2/isamb/isamb.c:900:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(split_item, src, *split_size);
data/idzebra-2.2.2/isamb/isamb.c:906:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*sp)->bytes, src, (*sp)->size);
data/idzebra-2.2.2/isamb/isamb.c:930:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst_buf[DST_BUF_SIZE], *dst = dst_buf;
data/idzebra-2.2.2/isamb/isamb.c:941:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cut_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:949:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:1011:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cut_item_buf, dst_item_0, cut_item_size);
data/idzebra-2.2.2/isamb/isamb.c:1116:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cut_item_buf, src_0, cut_item_size);
data/idzebra-2.2.2/isamb/isamb.c:1173:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->bytes, dst_buf, half1 - dst_buf);
data/idzebra-2.2.2/isamb/isamb.c:1187:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(first_dst, half2, dst - half2);
data/idzebra-2.2.2/isamb/isamb.c:1194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub_item, cut_item_buf, cut_item_size);
data/idzebra-2.2.2/isamb/isamb.c:1199:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->bytes, dst_buf, dst - dst_buf);
data/idzebra-2.2.2/isamb/isamb.c:1245:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:1267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:1290:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sub_item[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:1313:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, sub_item, sub_size);
data/idzebra-2.2.2/isamb/isamb.c:1437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/idzebra-2.2.2/isamb/isamb.c:1438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix_str[1024];
data/idzebra-2.2.2/isamb/isamb.c:1473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/isamb.c:1538:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_item_buf[DST_ITEM_MAX];
data/idzebra-2.2.2/isamb/tstisamb.c:42:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&x, b, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ia, a, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ib, b, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*dst, *src, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:102:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*dst, &x, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_buf[20];
data/idzebra-2.2.2/isamb/tstisamb.c:144:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&x, key_buf, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:344:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*dst, &x, sizeof(int));
data/idzebra-2.2.2/isamb/tstisamb.c:408:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_buf[20];
data/idzebra-2.2.2/isamb/tstisamb.c:416:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&x, key_buf, sizeof(int));
data/idzebra-2.2.2/isamc/isamc.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (is->method, method, sizeof(*method));
data/idzebra-2.2.2/isamc/isamc.c:149:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[FILENAME_MAX];
data/idzebra-2.2.2/isamc/isamc.c:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src, &nextpos, sizeof(nextpos));
data/idzebra-2.2.2/isamc/isamc.c:260:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src + sizeof(nextpos), &size, sizeof(size));
data/idzebra-2.2.2/isamc/isamc.c:271:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (abuf, &is->files[cat].alloc_entries_num, sizeof(block));
data/idzebra-2.2.2/isamc/isamc.c:303:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&is->files[cat].head.freelist, abuf + sizeof(int),
data/idzebra-2.2.2/isamc/isamc.c:317:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&block, abuf + sizeof(zint) + sizeof(int) *
data/idzebra-2.2.2/isamc/isamc.c:341:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (abuf, &is->files[cat].alloc_entries_num, sizeof(int));
data/idzebra-2.2.2/isamc/isamc.c:347:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (abuf + sizeof(int), &block, sizeof(zint));
data/idzebra-2.2.2/isamc/isamc.c:353:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (abuf + sizeof(int) +
data/idzebra-2.2.2/isamc/isamc.c:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(zint)];
data/idzebra-2.2.2/isamc/isamc.c:374:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&is->files[cat].head.freelist, buf, sizeof(zint));
data/idzebra-2.2.2/isamc/isamc.c:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(zint)];
data/idzebra-2.2.2/isamc/isamc.c:387:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, &is->files[cat].head.freelist, sizeof(zint));
data/idzebra-2.2.2/isamc/merge.c:119:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src+sizeof(zint)+sizeof(ssize), numkeys, sizeof(*numkeys));
data/idzebra-2.2.2/isamc/merge.c:132:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src, &mb[i+1].block, sizeof(zint));
data/idzebra-2.2.2/isamc/merge.c:133:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (src+sizeof(zint), &ssize, sizeof(ssize));
data/idzebra-2.2.2/isamc/merge.c:157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i_item[128], *i_item_ptr;
data/idzebra-2.2.2/isamc/merge.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f_item[128], *f_item_ptr;
data/idzebra-2.2.2/isamc/merge.c:170:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r_item_buf[128]; /* temporary result output */
data/idzebra-2.2.2/isamc/merge.c:250:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_buf, r_buf + mb[ptr-1].offset,
data/idzebra-2.2.2/isamc/merge.c:285:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_item, i_item, i_item_ptr - i_item);
data/idzebra-2.2.2/isamc/merge.c:300:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_item, f_item, f_item_ptr - f_item);
data/idzebra-2.2.2/isamc/merge.c:313:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_item, f_item, f_item_ptr - f_item);
data/idzebra-2.2.2/isamc/merge.c:326:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_item, i_item, i_item_ptr - i_item);
data/idzebra-2.2.2/isamc/merge.c:367:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_buf, r_buf + mb[ptr-1].offset,
data/idzebra-2.2.2/isamc/merge.c:374:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (r_buf + mb[1].offset, r_buf + r_offset,
data/idzebra-2.2.2/isams/isams.c:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (is->method, method, sizeof(*method));
data/idzebra-2.2.2/isams/isams.c:93:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&is->head_old, &is->head, sizeof(is->head));
data/idzebra-2.2.2/isams/isams.c:117:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i_item[128];
data/idzebra-2.2.2/isams/isams.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (is->merge_buf, is->merge_buf + is->block_size,
data/idzebra-2.2.2/isams/isams.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (is->merge_buf, is->merge_buf + is->block_size,
data/idzebra-2.2.2/isams/isams.c:165:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(is->merge_buf + first_offset, &count, sizeof(int));
data/idzebra-2.2.2/isams/isams.c:175:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (is->merge_buf, ((char*)&count)+(sizeof(int)-gap), gap);
data/idzebra-2.2.2/isams/isams.c:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pp->numKeys, pp->buf + pp->block_offset, sizeof(int));
data/idzebra-2.2.2/isams/isams.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pp->buf, pp->buf + pp->is->block_size, pp->is->block_size);
data/idzebra-2.2.2/rset/rsbetween.c:254:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->recbuf, buf, kctrl->key_size);
data/idzebra-2.2.2/rset/rsbetween.c:269:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->recbuf, buf, kctrl->key_size);
data/idzebra-2.2.2/rset/rsbetween.c:278:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->startbuf, buf, kctrl->key_size);
data/idzebra-2.2.2/rset/rsbetween.c:295:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->attrbuf, buf, kctrl->key_size);
data/idzebra-2.2.2/rset/rsbool.c:189:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, p->buf_l, kctrl->key_size);
data/idzebra-2.2.2/rset/rsbool.c:203:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, p->buf_l, kctrl->key_size);
data/idzebra-2.2.2/rset/rset.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/idzebra-2.2.2/rset/rset.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rset->children, children, no_children*sizeof(RSET *));
data/idzebra-2.2.2/rset/rset.c:389:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rfd->counted_buf, buf, rset->keycontrol->key_size);
data/idzebra-2.2.2/rset/rsmultiandor.c:419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, it->buf, kctrl->key_size);
data/idzebra-2.2.2/rset/rsmultiandor.c:492:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p->items[mintail].buf, kctrl->key_size);
data/idzebra-2.2.2/rset/rsprox.c:206:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p->buf[i], kctrl->key_size);
data/idzebra-2.2.2/rset/rsprox.c:242:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p->buf[1], kctrl->key_size);
data/idzebra-2.2.2/rset/rstemp.c:134:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->fd = open(info->fname, O_BINARY|O_RDWR|O_CREAT, 0666);
data/idzebra-2.2.2/rset/rstemp.c:136:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->fd = open(info->fname, O_BINARY|O_RDONLY);
data/idzebra-2.2.2/rset/rstemp.c:170:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char template[1024];
data/idzebra-2.2.2/rset/rstemp.c:176:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template, "zrs_");
data/idzebra-2.2.2/rset/rstemp.c:178:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(template + strlen(template), "%ld_", (long) getpid());
data/idzebra-2.2.2/rset/rstemp.c:180:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(template, "XXXXXX");
data/idzebra-2.2.2/rset/rstemp.c:182:20: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
info->fd = mkstemp(template);
data/idzebra-2.2.2/rset/rstemp.c:194:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
info->fd = open(info->fname, O_BINARY|O_RDWR|O_CREAT, 0666);
data/idzebra-2.2.2/rset/rstemp.c:299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, info->buf_mem + (mrfd->pos_cur - info->pos_buf),
data/idzebra-2.2.2/rset/rstemp.c:324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info->buf_mem + (mrfd->pos_cur - info->pos_buf), buf,
data/idzebra-2.2.2/test/api/test_create_databases.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbstr[20];
data/idzebra-2.2.2/test/api/test_create_databases.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec_buf[100];
data/idzebra-2.2.2/test/api/test_create_databases.c:48:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbstr, "%d", i);
data/idzebra-2.2.2/test/api/test_create_databases.c:51:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rec_buf, "<gils><title>title %d</title></gils>\n", i);
data/idzebra-2.2.2/test/api/test_create_databases.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbstr[20];
data/idzebra-2.2.2/test/api/test_create_databases.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char querystr[50];
data/idzebra-2.2.2/test/api/test_create_databases.c:64:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbstr, "%d", i);
data/idzebra-2.2.2/test/api/test_create_databases.c:67:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(querystr, "@attr 1=4 %d", i);
data/idzebra-2.2.2/test/api/test_insert_fetch.c:66:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setname[20];
data/idzebra-2.2.2/test/api/test_insert_fetch.c:74:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(setname, "s%d", i+1);
data/idzebra-2.2.2/test/api/test_result_sets.c:43:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char setname[20];
data/idzebra-2.2.2/test/api/test_result_sets.c:63:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(setname, "s%d", i+1);
data/idzebra-2.2.2/test/api/test_trunc.c:52:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rec_buf[5120];
data/idzebra-2.2.2/test/api/test_trunc.c:55:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rec_buf, "<gils><title>");
data/idzebra-2.2.2/test/api/test_trunc.c:58:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rec_buf + strlen(rec_buf), "aaa");
data/idzebra-2.2.2/test/api/test_trunc.c:66:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rec_buf + strlen(rec_buf), "%c", c);
data/idzebra-2.2.2/test/api/test_trunc.c:69:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rec_buf, "</title><Control-Identifier>");
data/idzebra-2.2.2/test/api/test_trunc.c:71:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rec_buf + strlen(rec_buf), "%d", j);
data/idzebra-2.2.2/test/api/test_trunc.c:72:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(rec_buf, "</Control-Identifier></gils>");
data/idzebra-2.2.2/test/api/testclient.c:65:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
delay_sec = atoi(arg);
data/idzebra-2.2.2/test/api/testclient.c:68:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retrieve_number = atoi(arg);
data/idzebra-2.2.2/test/api/testclient.c:71:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
retrieve_offset = atoi(arg);
data/idzebra-2.2.2/test/api/testclient.c:77:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
check_count = atoi(arg);
data/idzebra-2.2.2/test/api/testlib.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfg[256];
data/idzebra-2.2.2/test/api/testlib.c:83:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cfg, "%.200s/%.50s", srcdir, cfgname);
data/idzebra-2.2.2/test/charmap/charmap1.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/charmap/charmap1.c:39:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/x.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/codec/tstcodec.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/idzebra-2.2.2/test/codec/tstcodec.c:178:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstbuf[100];
data/idzebra-2.2.2/test/codec/tstcodec.c:218:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(argv[1]);
data/idzebra-2.2.2/test/espec/t1.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/espec/t1.c:41:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/rec%d.xml", tl_get_srcdir(), i);
data/idzebra-2.2.2/test/filters/grs.marc.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/filters/grs.marc.c:40:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/record.mrc", tl_get_srcdir());
data/idzebra-2.2.2/test/filters/grs.xml.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/filters/grs.xml.c:41:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/record.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/filters/grs.xml.idzebra.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/filters/grs.xml.idzebra.c:41:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/record-idzebra.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/filters/text.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/filters/text.c:40:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/record.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/filters/text.c:52:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/record.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/marcxml/t1.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/marcxml/t1.c:37:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/m1.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/marcxml/t1.c:39:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/m2.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/marcxml/t1.c:41:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/m3.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/marcxml/t2.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/marcxml/t2.c:39:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/sample-marc", tl_get_srcdir());
data/idzebra-2.2.2/test/mbox/mbox1.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/mbox/mbox1.c:38:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/mail1.mbx", tl_get_srcdir());
data/idzebra-2.2.2/test/mbox/mbox1.c:41:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/mail3.mbx", tl_get_srcdir());
data/idzebra-2.2.2/test/mbox/mbox1.c:46:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/invalid.mbx", tl_get_srcdir());
data/idzebra-2.2.2/test/rusmarc/t1.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/rusmarc/t1.c:52:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/records/simple-rusmarc", tl_get_srcdir());
data/idzebra-2.2.2/test/xpath/xpath6.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xpath/xpath6.c:43:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/rec%d.xml", tl_get_srcdir(), i);
data/idzebra-2.2.2/test/xslt/dom1.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xslt/dom1.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile_path[256];
data/idzebra-2.2.2/test/xslt/dom1.c:33:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(profile_path, "%.80s:%.80s/../../tab",
data/idzebra-2.2.2/test/xslt/dom1.c:40:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.80s/%.80s", tl_get_srcdir(), file);
data/idzebra-2.2.2/test/xslt/xslt1.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xslt/xslt1.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile_path[256];
data/idzebra-2.2.2/test/xslt/xslt2.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xslt/xslt2.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile_path[256];
data/idzebra-2.2.2/test/xslt/xslt2.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record_buf[20000];
data/idzebra-2.2.2/test/xslt/xslt2.c:52:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/marc-col.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/xslt/xslt2.c:53:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "rb");
data/idzebra-2.2.2/test/xslt/xslt3.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xslt/xslt3.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile_path[256];
data/idzebra-2.2.2/test/xslt/xslt3.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record_buf[20000];
data/idzebra-2.2.2/test/xslt/xslt3.c:52:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/marc-one.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/xslt/xslt3.c:53:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "rb");
data/idzebra-2.2.2/test/xslt/xslt4.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xslt/xslt4.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile_path[256];
data/idzebra-2.2.2/test/xslt/xslt4.c:48:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/marc-col.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/xslt/xslt5.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/idzebra-2.2.2/test/xslt/xslt5.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile_path[256];
data/idzebra-2.2.2/test/xslt/xslt5.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char record_buf[20000];
data/idzebra-2.2.2/test/xslt/xslt5.c:53:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "%.200s/marc-missing-ns.xml", tl_get_srcdir());
data/idzebra-2.2.2/test/xslt/xslt5.c:54:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "rb");
data/idzebra-2.2.2/util/charmap.c:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *output[256]; /* return mapping - for display of registers */
data/idzebra-2.2.2/util/charmap.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[CHR_MAXSTR+1];
data/idzebra-2.2.2/util/charmap.c:87:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *eq[CHR_MAXEQUIV];
data/idzebra-2.2.2/util/charmap.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtstr[8];
data/idzebra-2.2.2/util/charmap.c:321:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/idzebra-2.2.2/util/charmap.c:426:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/idzebra-2.2.2/util/charmap.c:517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512], *argv[50];
data/idzebra-2.2.2/util/dirent.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullName[MAX_PATH+1];
data/idzebra-2.2.2/util/dirent.c:51:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (fullName, "\\*.*");
data/idzebra-2.2.2/util/flock.c:141:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->fd = open(name, O_BINARY|O_RDONLY);
data/idzebra-2.2.2/util/flock.c:143:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->fd = open(fname, (O_BINARY|O_CREAT|O_RDWR), 0666);
data/idzebra-2.2.2/util/flock.c:145:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
p->fd = open(fname, (O_BINARY|O_CREAT|O_RDWR), 0666);
data/idzebra-2.2.2/util/flock.c:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conf_buf[512];
data/idzebra-2.2.2/util/it_key.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char formstr[128];
data/idzebra-2.2.2/util/it_key.c:204:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&tkey, *src, sizeof(struct it_key));
data/idzebra-2.2.2/util/it_key.c:251:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (*dst, &p->key, sizeof(struct it_key));
data/idzebra-2.2.2/util/passwddb.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, *p, i);
data/idzebra-2.2.2/util/passwddb.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/idzebra-2.2.2/util/passwddb.c:80:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (fname, "r");
data/idzebra-2.2.2/util/passwddb.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/idzebra-2.2.2/util/passwddb.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char des[128];
data/idzebra-2.2.2/util/res.c:88:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envname[128];
data/idzebra-2.2.2/util/res.c:115:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char envname[128];
data/idzebra-2.2.2/util/res.c:153:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fr = fopen(fname, "r");
data/idzebra-2.2.2/util/res.c:161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fr_buf[1024];
data/idzebra-2.2.2/util/res.c:189:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(resp->name, cp, sz);
data/idzebra-2.2.2/util/res.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[128];
data/idzebra-2.2.2/util/res.c:390:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fr = fopen(fname, "w");
data/idzebra-2.2.2/util/res.c:493:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namez[32];
data/idzebra-2.2.2/util/res.c:515:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namez, name, name_len);
data/idzebra-2.2.2/util/res.c:527:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namez, name, name_len);
data/idzebra-2.2.2/util/snippet.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w->term, term, term_len);
data/idzebra-2.2.2/util/strmap.c:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ne->data_buf, data_buf, data_len);
data/idzebra-2.2.2/util/test_strmap.c:85:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8];
data/idzebra-2.2.2/util/test_strmap.c:102:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8];
data/idzebra-2.2.2/util/tstflock.c:62:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char seq[1000];
data/idzebra-2.2.2/util/tstflock.c:252:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
test_fd = open("tstflock.out", (O_BINARY|O_CREAT|O_RDWR), 0666);
data/idzebra-2.2.2/util/tstlockscope.c:65:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("my.LCK", (O_CREAT|O_RDWR), 0666);
data/idzebra-2.2.2/util/tstpass.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/idzebra-2.2.2/util/tstres.c:65:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/idzebra-2.2.2/util/xpath.c:57:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, str, (cp-str));
data/idzebra-2.2.2/util/xpath.c:72:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (res, str, (cp-str));
data/idzebra-2.2.2/util/xpath.c:185:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (xpath[no].part, cp - i, i);
data/idzebra-2.2.2/util/zebramap.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_map_str[2];
data/idzebra-2.2.2/util/zebramap.c:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *temp_map_ptr[2];
data/idzebra-2.2.2/util/zebramap.c:191:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zm->completeness = atoi(argv[1]);
data/idzebra-2.2.2/util/zebramap.c:195:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zm->positioned = atoi(argv[1]);
data/idzebra-2.2.2/util/zebramap.c:200:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zm->alwaysmatches = atoi(argv[1]);
data/idzebra-2.2.2/util/zebramap.c:210:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zm->first_in_field = atoi(argv[1]);
data/idzebra-2.2.2/util/zebramap.c:215:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zm->u.sort.entry_size = atoi(argv[1]);
data/idzebra-2.2.2/util/zebramap.c:233:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_path[1024];
data/idzebra-2.2.2/util/zebramap.c:283:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zm->debug = atoi(argv[1]);
data/idzebra-2.2.2/util/zebramap.c:297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[512];
data/idzebra-2.2.2/util/zebramap.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[10];
data/idzebra-2.2.2/util/zebramap.c:554:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rank_type, "void");
data/idzebra-2.2.2/util/zebramap.c:559:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(rank_type, "rank,w=%d,u=%d", weight_value, use_value);
data/idzebra-2.2.2/util/zint.c:60:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(src);
data/idzebra-2.2.2/bfile/bfile.c:104:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bfs->cache_fname = xmalloc(strlen(bfs->commit_area->dirs->name)+
data/idzebra-2.2.2/bfile/mfile.c:67:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(dirname);
data/idzebra-2.2.2/bfile/mfile.c:231:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dent->d_name);
data/idzebra-2.2.2/bfile/mfile.c:473:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((rd = read(mf->files[mf->cur_file].fd, buf, toread)) < 0)
data/idzebra-2.2.2/data1/d1_absyn.c:473:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(res_p, "/");
data/idzebra-2.2.2/data1/d1_absyn.c:476:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res_p = res_p + strlen(res_p);
data/idzebra-2.2.2/data1/d1_absyn.c:479:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res_p += strlen(stack[e]) + 1;
data/idzebra-2.2.2/data1/d1_absyn.c:486:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf (res_p, "$");
data/idzebra-2.2.2/data1/d1_absyn.c:604:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "/subfield[@code=\"%s\"]", subfield);
data/idzebra-2.2.2/data1/d1_doespec.c:171:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if (sscanf(predicate, "@%63[^=]=%63s", attr, value) == 2)
data/idzebra-2.2.2/data1/d1_doespec.c:180:14: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if (sscanf(predicate, "@%63s", attr) == 1)
data/idzebra-2.2.2/data1/d1_espec.c:164:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*valp && valp[strlen(valp)-1] == '\'')
data/idzebra-2.2.2/data1/d1_grs.c:169:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(r);
data/idzebra-2.2.2/data1/d1_map.c:89:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)nmem_malloc(mem, strlen(argv[1])+1);
data/idzebra-2.2.2/data1/d1_map.c:101:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res->name = (char *)nmem_malloc(mem, strlen(argv[1])+1);
data/idzebra-2.2.2/data1/d1_map.c:126:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)nmem_malloc(mem, strlen(argv[1])+1);
data/idzebra-2.2.2/data1/d1_map.c:163:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)nmem_malloc(mem, strlen(valstr)+1);
data/idzebra-2.2.2/data1/d1_marc.c:55:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(res->future_use, "4");
data/idzebra-2.2.2/data1/d1_marc.c:57:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(res->record_status, "n");
data/idzebra-2.2.2/data1/d1_marc.c:132:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(res->future_use, argv[1], 2);
data/idzebra-2.2.2/data1/d1_marc.c:163:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[1]) > 4)
data/idzebra-2.2.2/data1/d1_marc.c:167:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(res->implementation_codes, argv[1], strlen(argv[1]));
data/idzebra-2.2.2/data1/d1_marc.c:221:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(subf && subf->which == DATA1N_tag && strlen(subf->u.tag.tag) == 2))
data/idzebra-2.2.2/data1/d1_marc.c:388:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(indicator_data, subf->u.tag.tag, sizeof(indicator_data)-1);
data/idzebra-2.2.2/data1/d1_marc.c:450:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!tag || strlen(tag) != 3)
data/idzebra-2.2.2/data1/d1_read.c:222:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return data1_mk_preprocess_n (dh, nmem, target, strlen(target),
data/idzebra-2.2.2/data1/d1_read.c:242:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return data1_insert_preprocess_n (dh, nmem, target, strlen(target),
data/idzebra-2.2.2/data1/d1_read.c:297:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return data1_mk_tag_n (dh, nmem, tag, strlen(tag), attr, at);
data/idzebra-2.2.2/data1/d1_read.c:352:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return data1_mk_text_n (dh, mem, buf, strlen(buf), parent);
data/idzebra-2.2.2/data1/d1_read.c:370:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return data1_mk_comment_n (dh, mem, buf, strlen(buf), parent);
data/idzebra-2.2.2/data1/d1_read.c:389:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return data1_insert_string_n (dh, res, m, str, strlen(str));
data/idzebra-2.2.2/data1/d1_read.c:469:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node_data->u.data.len = strlen (node_data->u.data.data);
data/idzebra-2.2.2/data1/d1_read.c:497:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen (p);
data/idzebra-2.2.2/data1/d1_read.c:500:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node_data->u.data.len = strlen (str);
data/idzebra-2.2.2/data1/d1_read.c:516:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node_data->u.data.len = strlen (str);
data/idzebra-2.2.2/data1/d1_read.c:533:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node_data->u.data.len = strlen (str);
data/idzebra-2.2.2/data1/d1_read.c:1034:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (conv_item (m, t, wrbuf, n->u.tag.tag, strlen(n->u.tag.tag))
data/idzebra-2.2.2/data1/d1_read.c:1047:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
conv_item(m, t, wrbuf, p->value, strlen(p->value))
data/idzebra-2.2.2/data1/d1_soif.c:64:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, prefix, strlen(prefix));
data/idzebra-2.2.2/data1/d1_soif.c:67:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, tmp, strlen(tmp));
data/idzebra-2.2.2/data1/d1_soif.c:85:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, buf, strlen(buf));
data/idzebra-2.2.2/data1/d1_sutrs.c:61:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, line, strlen(line));
data/idzebra-2.2.2/data1/d1_sutrs.c:62:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
col = strlen(line);
data/idzebra-2.2.2/data1/d1_sutrs.c:79:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, line, strlen(line));
data/idzebra-2.2.2/data1/d1_sutrs.c:98:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, line, strlen(line));
data/idzebra-2.2.2/data1/d1_sutrs.c:114:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write(b, line, strlen(line));
data/idzebra-2.2.2/dfa/agrep.c:124:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read (fd, p, b)) == (unsigned) -1)
data/idzebra-2.2.2/dfa/dfa.c:452:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = 0, len = strlen(cp0);
data/idzebra-2.2.2/dfa/dfa.c:514:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (s+1, "r");
data/idzebra-2.2.2/dfa/dfa.c:517:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (s+1, "n");
data/idzebra-2.2.2/dfa/dfa.c:520:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (s+1, "t");
data/idzebra-2.2.2/dfa/dfa.c:530:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (s+1, "\"");
data/idzebra-2.2.2/dfa/dfa.c:533:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (s+1, "\'");
data/idzebra-2.2.2/dfa/dfa.c:536:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy (s+1, "\\");
data/idzebra-2.2.2/dfa/grepper.c:260:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = getc (inf)) != EOF)
data/idzebra-2.2.2/dict/open.c:120:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen((const char *) s);
data/idzebra-2.2.2/dict/scantest.c:55:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hi->ar[idx] = malloc(strlen(name)+1);
data/idzebra-2.2.2/dict/scantest.c:267:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) >= sizeof(scan_term)-1)
data/idzebra-2.2.2/index/dir.c:63:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_rep, "/");
data/idzebra-2.2.2/index/dir.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathpos = strlen(path);
data/idzebra-2.2.2/index/dir.c:101:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_rep, "/");
data/idzebra-2.2.2/index/dir.c:112:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry[idx].name = (char *) xmalloc(strlen(dent->d_name)+1);
data/idzebra-2.2.2/index/dir.c:119:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
entry[idx].name = (char *) xmalloc(strlen(dent->d_name)+2);
data/idzebra-2.2.2/index/dir.c:121:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(entry[idx].name, "/");
data/idzebra-2.2.2/index/dirs.c:92:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->prelen = strlen(p->prefix);
data/idzebra-2.2.2/index/extract.c:490:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen(ws[i]);
data/idzebra-2.2.2/index/extract.c:529:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen(spec_src);
data/idzebra-2.2.2/index/extract.c:547:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen(tmpString);
data/idzebra-2.2.2/index/extract.c:644:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(fname); --i >= 0; )
data/idzebra-2.2.2/index/extract.c:701:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_rep, "/");
data/idzebra-2.2.2/index/extract.c:929:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(matchStr); i++)
data/idzebra-2.2.2/index/extract.c:1350:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(keystr + strlen(keystr), ZINT_FORMAT " ", key->mem[i]);
data/idzebra-2.2.2/index/extract.c:1358:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(dst_buf , "?");
data/idzebra-2.2.2/index/extract.c:1371:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(dst_buf + strlen(dst_buf), " %d", str[i] & 0xff);
data/idzebra-2.2.2/index/extract.c:1386:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrbuf_write_escaped(w, str, strlen(str));
data/idzebra-2.2.2/index/inline.c:107:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((sscanf(p, "%3s", pf->name)) != 1)
data/idzebra-2.2.2/index/inline.c:127:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(tag, "%1s", psf->name);
data/idzebra-2.2.2/index/invstat.c:82:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stat_info->no_dict_bytes += strlen(name);
data/idzebra-2.2.2/index/kdump.c:51:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (f);
data/idzebra-2.2.2/index/kdump.c:58:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = ((c&63) << 8) + (getc (f) & 0xff);
data/idzebra-2.2.2/index/kdump.c:61:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = ((c&63) << 8) + (getc (f) & 0xff);
data/idzebra-2.2.2/index/kdump.c:62:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = (d << 8) + (getc (f) & 0xff);
data/idzebra-2.2.2/index/kdump.c:65:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = ((c&63) << 8) + (getc (f) & 0xff);
data/idzebra-2.2.2/index/kdump.c:66:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = (d << 8) + (getc (f) & 0xff);
data/idzebra-2.2.2/index/kdump.c:67:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d = (d << 8) + (getc (f) & 0xff);
data/idzebra-2.2.2/index/kdump.c:84:16: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((c=getc(inf)) == EOF)
data/idzebra-2.2.2/index/key_block.c:107:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t klen = strlen(k);
data/idzebra-2.2.2/index/key_block.c:357:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
encode_key_write (cp + strlen(cp), &encode_info, outf);
data/idzebra-2.2.2/index/kinput.c:116:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read(fd, f->buf + nr, f->chunk - nr);
data/idzebra-2.2.2/index/kinput.c:186:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = 1+strlen(key);
data/idzebra-2.2.2/index/kinput.c:358:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = strlen(name);
data/idzebra-2.2.2/index/marcomp.c:70:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s && strlen(s))
data/idzebra-2.2.2/index/marcomp.c:80:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->len = strlen(s);
data/idzebra-2.2.2/index/mod_alvis.c:71:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define XML_STRLEN(a) strlen((char*)a)
data/idzebra-2.2.2/index/mod_alvis.c:78:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *quoted = odr_malloc(odr, 3 + strlen(value));
data/idzebra-2.2.2/index/mod_alvis.c:423:6: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(id_str, "%255s", ctrl->match_criteria);
data/idzebra-2.2.2/index/mod_dom.c:133:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define XML_STRLEN(a) strlen((char*)a)
data/idzebra-2.2.2/index/mod_dom.c:169:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *quoted = nmem_malloc(nmem, 3 + strlen(value));
data/idzebra-2.2.2/index/mod_dom.c:818:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t text_len = strlen((const char *)text);
data/idzebra-2.2.2/index/mod_dom.c:857:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)index, (const char *)bval, eval - bval);
data/idzebra-2.2.2/index/mod_dom.c:872:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)type, (const char *)bval, eval - bval);
data/idzebra-2.2.2/index/mod_dom.c:928:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(id_p);
data/idzebra-2.2.2/index/mod_dom.c:1087:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(name);
data/idzebra-2.2.2/index/mod_dom.c:1091:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(look) > name_len)
data/idzebra-2.2.2/index/mod_grs_marc.c:369:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(r);
data/idzebra-2.2.2/index/mod_grs_marc.c:750:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = data1_mk_tag_n(p->dh, p->mem, mc_stmnt, strlen(mc_stmnt), 0, top);
data/idzebra-2.2.2/index/mod_grs_marc.c:779:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new = data1_mk_tag_n(p->dh, p->mem, mc_stmnt, strlen(mc_stmnt), 0, top);
data/idzebra-2.2.2/index/mod_grs_marc.c:780:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data1_mk_text_n(p->dh, p->mem, pb, strlen(pb), new);
data/idzebra-2.2.2/index/mod_grs_marc.c:836:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p->type, "");
data/idzebra-2.2.2/index/mod_grs_marc.c:843:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(args) < sizeof(p->type))
data/idzebra-2.2.2/index/mod_grs_regx.c:307:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->name = (char *) xmalloc (strlen(name)+1);
data/idzebra-2.2.2/index/mod_grs_regx.c:611:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (spec_inf);
data/idzebra-2.2.2/index/mod_grs_regx.c:618:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (spec_inf);
data/idzebra-2.2.2/index/mod_grs_regx.c:621:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (spec_inf);
data/idzebra-2.2.2/index/mod_grs_regx.c:631:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (spec_inf);
data/idzebra-2.2.2/index/mod_grs_regx.c:633:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc (spec_inf);
data/idzebra-2.2.2/index/mod_grs_regx.c:709:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((*ap)->name) == attribute_len &&
data/idzebra-2.2.2/index/mod_grs_regx.c:729:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *nv = nmem_malloc(spec->m, elen + 1 + strlen((*ap)->value));
data/idzebra-2.2.2/index/mod_grs_regx.c:731:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (nv + strlen(nv), ebuf, elen);
data/idzebra-2.2.2/index/mod_grs_regx.c:732:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nv[strlen(nv)+elen] = '\0';
data/idzebra-2.2.2/index/mod_grs_regx.c:915:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(spec->d1_stack[spec->d1_level]->u.tag.tag) ==
data/idzebra-2.2.2/index/mod_grs_regx.c:1109:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tagBegin (spec, argv[2], strlen(argv[2]));
data/idzebra-2.2.2/index/mod_grs_regx.c:1113:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
variantBegin (spec, argv[2], strlen(argv[2]),
data/idzebra-2.2.2/index/mod_grs_regx.c:1114:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv[3], strlen(argv[3]),
data/idzebra-2.2.2/index/mod_grs_regx.c:1115:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argv[4], strlen(argv[4]));
data/idzebra-2.2.2/index/mod_grs_regx.c:1169:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tagEnd (spec, min_level, element, (element ? strlen(element) : 0));
data/idzebra-2.2.2/index/mod_grs_regx.c:1223:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tagBegin (spec, element, strlen(element));
data/idzebra-2.2.2/index/mod_grs_regx.c:1230:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
execData (spec, native, strlen(native), textFlag, attribute,
data/idzebra-2.2.2/index/mod_grs_regx.c:1231:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute ? strlen(attribute) : 0);
data/idzebra-2.2.2/index/mod_grs_regx.c:1234:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
execData (spec, argv[argi], strlen(argv[argi]), textFlag, attribute,
data/idzebra-2.2.2/index/mod_grs_regx.c:1235:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attribute ? strlen(attribute) : 0);
data/idzebra-2.2.2/index/mod_grs_regx.c:1882:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(specs->type, "");
data/idzebra-2.2.2/index/mod_grs_regx.c:1890:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(args) < sizeof(specs->type))
data/idzebra-2.2.2/index/mod_grs_xml.c:122:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data1_mk_text_nf (ui->dh, ui->nmem, data, strlen(data), res);
data/idzebra-2.2.2/index/mod_grs_xml.c:311:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf (sbuf+strlen(sbuf), "%d ", inbuf_[k]&255);
data/idzebra-2.2.2/index/mod_safari.c:134:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, "%255s", p->match_criteria);
data/idzebra-2.2.2/index/mod_safari.c:181:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recWord.term_len = strlen(cp);
data/idzebra-2.2.2/index/mod_safari.c:238:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter_ptr = strlen(filter_buf);
data/idzebra-2.2.2/index/mod_safari.c:242:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter_ptr = strlen(filter_buf);
data/idzebra-2.2.2/index/mod_safari.c:246:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter_ptr = strlen(filter_buf);
data/idzebra-2.2.2/index/mod_safari.c:248:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filter_buf+filter_ptr++, "\n");
data/idzebra-2.2.2/index/mod_text.c:193:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter_ptr = strlen(filter_buf);
data/idzebra-2.2.2/index/mod_text.c:197:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter_ptr = strlen(filter_buf);
data/idzebra-2.2.2/index/mod_text.c:201:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filter_ptr = strlen(filter_buf);
data/idzebra-2.2.2/index/mod_text.c:203:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(filter_buf+filter_ptr++, "\n");
data/idzebra-2.2.2/index/recctrl.c:140:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dlen = strlen(de->d_name);
data/idzebra-2.2.2/index/recctrl.c:271:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = strlen(rti->recType->name);
data/idzebra-2.2.2/index/recgrs.c:165:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(wrd->term_buf);
data/idzebra-2.2.2/index/recgrs.c:187:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(n->u.tag.tag);
data/idzebra-2.2.2/index/recgrs.c:207:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (p && strlen(p->name) != tmp_w.term_len &&
data/idzebra-2.2.2/index/recgrs.c:213:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(p->value);
data/idzebra-2.2.2/index/recgrs.c:403:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pexpr = xmalloc(strlen(tagpath)+5);
data/idzebra-2.2.2/index/recgrs.c:491:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(tag_path);
data/idzebra-2.2.2/index/recgrs.c:498:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(value);
data/idzebra-2.2.2/index/recgrs.c:504:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(tag_path);
data/idzebra-2.2.2/index/recgrs.c:519:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tlen = strlen(nn->u.tag.tag);
data/idzebra-2.2.2/index/recgrs.c:617:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(tag_path_full);
data/idzebra-2.2.2/index/recgrs.c:657:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(xp->name);
data/idzebra-2.2.2/index/recgrs.c:664:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(xp->name) + strlen(xp->value) < sizeof(comb)-2)
data/idzebra-2.2.2/index/recgrs.c:664:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(xp->name) + strlen(xp->value) < sizeof(comb)-2)
data/idzebra-2.2.2/index/recgrs.c:668:29: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(comb, "=");
data/idzebra-2.2.2/index/recgrs.c:674:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(comb);
data/idzebra-2.2.2/index/recgrs.c:710:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wrd->term_len = strlen(xp->value);
data/idzebra-2.2.2/index/recgrs.c:1117:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnew->u.data.len = strlen(dnew->u.data.data);
data/idzebra-2.2.2/index/recgrs.c:1128:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnew->u.data.len = strlen(dnew->u.data.data);
data/idzebra-2.2.2/index/recgrs.c:1141:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnew->u.data.len = strlen(dnew->u.data.data);
data/idzebra-2.2.2/index/recgrs.c:1224:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dnew->u.data.len = strlen(dot_str);
data/idzebra-2.2.2/index/reckeys.c:278:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*slen = strlen(src);
data/idzebra-2.2.2/index/records.c:377:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p->data_fname[i] = (char *) xmalloc(strlen(str)+1);
data/idzebra-2.2.2/index/records.c:1088:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(s)+1;
data/idzebra-2.2.2/index/retrieve.c:74:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_rep, "/");
data/idzebra-2.2.2/index/retrieve.c:237:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(wrbuf_buf(wrbuf_str)+off) + 1;
data/idzebra-2.2.2/index/retrieve.c:760:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(str)+1;
data/idzebra-2.2.2/index/retrieve.c:1295:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*basenamep = (char *) odr_malloc(odr, strlen(basename)+1);
data/idzebra-2.2.2/index/rpnscan.c:56:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_map_tokenize_start(zm, term_utf8, strlen(term_utf8));
data/idzebra-2.2.2/index/rpnscan.c:70:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *cp_end = cp + strlen(cp);
data/idzebra-2.2.2/index/rpnscan.c:149:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_prefix = strlen(scan_info->prefix);
data/idzebra-2.2.2/index/rpnsearch.c:171:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map = zebra_maps_input(zm, &s1, strlen(s1), first);
data/idzebra-2.2.2/index/rpnsearch.c:198:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(out_buf +strlen(out_buf), "%02X:%c ", c, pc);
data/idzebra-2.2.2/index/rpnsearch.c:199:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(out_buf) > out_size-20)
data/idzebra-2.2.2/index/rpnsearch.c:230:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_str(tmpbuf, sizeof(tmpbuf), map[0], strlen(map[0]));
data/idzebra-2.2.2/index/rpnsearch.c:325:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_map_tokenize_start(zm, *src, strlen(*src));
data/idzebra-2.2.2/index/rpnsearch.c:374:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map = zebra_maps_search(zm, &s0, strlen(s0), &q_map_match);
data/idzebra-2.2.2/index/rpnsearch.c:436:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map = zebra_maps_search(zm, &s0, strlen(s0), &q_map_match);
data/idzebra-2.2.2/index/rpnsearch.c:481:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map = zebra_maps_search(zm, &s0, strlen(s0), &q_map_match);
data/idzebra-2.2.2/index/rpnsearch.c:559:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map = zebra_maps_search(zm, &s0, strlen(s0), &q_map_match);
data/idzebra-2.2.2/index/rpnsearch.c:610:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map = zebra_maps_search(zm, &s0, strlen(s0), &q_map_match);
data/idzebra-2.2.2/index/rpnsearch.c:660:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst_p = strlen(dst);
data/idzebra-2.2.2/index/rpnsearch.c:662:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (w = strlen(numstr); --w >= 0; pos++)
data/idzebra-2.2.2/index/rpnsearch.c:682:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst_p = strlen(dst) - pos - 1;
data/idzebra-2.2.2/index/rpnsearch.c:1104:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
termp += strlen(termp); /* move to end of term */
data/idzebra-2.2.2/index/rpnsearch.c:1276:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
esc_str(buf, sizeof(buf), input, strlen(input));
data/idzebra-2.2.2/index/rpnsearch.c:2187:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
grep_info.isam_p_indx, term, strlen(term),
data/idzebra-2.2.2/index/sortidx.c:90:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*dst += strlen(a1.term) + 1;
data/idzebra-2.2.2/index/sortidx.c:116:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = 1 + strlen(a1.term);
data/idzebra-2.2.2/index/sortidx.c:403:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(wrbuf_buf(wrbuf));
data/idzebra-2.2.2/index/stream.c:91:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(fc->fd, buf, count);
data/idzebra-2.2.2/index/untrans.c:73:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inleft = strlen(src);
data/idzebra-2.2.2/index/update_file.c:53:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(term, "0");
data/idzebra-2.2.2/index/update_file.c:70:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/idzebra-2.2.2/index/update_file.c:102:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/idzebra-2.2.2/index/update_file.c:247:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(src, "/");
data/idzebra-2.2.2/index/update_file.c:255:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src_len = strlen(src);
data/idzebra-2.2.2/index/update_path.c:45:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rep_len = strlen(rep);
data/idzebra-2.2.2/index/update_path.c:91:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(src, path, sizeof(src)-1);
data/idzebra-2.2.2/index/update_path.c:93:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src_len = strlen(src);
data/idzebra-2.2.2/index/update_path.c:123:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(src, "/");
data/idzebra-2.2.2/index/update_path.c:150:16: [1] (buffer) scanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
while (scanf("%1020s", src) == 1)
data/idzebra-2.2.2/index/zaptterm.c:77:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizez = strlen(term->u.characterString);
data/idzebra-2.2.2/index/zebraapi.c:786:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zh->path_reg = xmalloc(strlen(zh->service->path_root) +
data/idzebra-2.2.2/index/zebraapi.c:787:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(zh->reg_name) + 3);
data/idzebra-2.2.2/index/zebraapi.c:791:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(zh->path_reg, "/");
data/idzebra-2.2.2/index/zebraapi.c:868:2: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(value, "%127s %127s %127s %127s %127s %127s %127s %127s %127s",
data/idzebra-2.2.2/index/zebraapi.c:982:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/idzebra-2.2.2/index/zebraapi.c:983:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen(db) && !strncmp(db, p, len))
data/idzebra-2.2.2/index/zebraapi.c:1172:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
recs[i].len = strlen(poset[i].term);
data/idzebra-2.2.2/index/zebraapi.c:2628:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_size = strlen(buf);
data/idzebra-2.2.2/index/zebraapi.c:2778:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*path && path[strlen(path)-1] != '/')
data/idzebra-2.2.2/index/zebraapi.c:2779:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "/");
data/idzebra-2.2.2/index/zebrash.c:126:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (skiplen > strlen(args[0]))
data/idzebra-2.2.2/index/zebrash.c:366:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(rec));
data/idzebra-2.2.2/index/zebrash.c:392:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec, strlen(rec));
data/idzebra-2.2.2/index/zebrash.c:664:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(argbuf,line, MAX_ARG_LEN-1);
data/idzebra-2.2.2/index/zebrash.c:735:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen += strlen(cmds[i].cmd) + 2;
data/idzebra-2.2.2/index/zebrash.c:799:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(line_in) > MAX_ARG_LEN-1) {
data/idzebra-2.2.2/index/zebrash.c:815:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prevout, wrbuf_cstr(outbuff), MAX_OUT_BUFF);
data/idzebra-2.2.2/index/zebrasrv.c:314:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yaz_encode_pqf_term(w, arg[0], strlen(arg[0]));
data/idzebra-2.2.2/index/zebrasrv.c:850:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, pidstr, strlen(pidstr)) != strlen(pidstr))
data/idzebra-2.2.2/index/zebrasrv.c:850:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(fd, pidstr, strlen(pidstr)) != strlen(pidstr))
data/idzebra-2.2.2/index/zsets.c:592:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(wrbuf_buf(w)+off);
data/idzebra-2.2.2/index/zsets.c:607:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += 1 + strlen(wrbuf_buf(w)+off);
data/idzebra-2.2.2/index/zsets.c:1300:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inleft = strlen(inbuf);
data/idzebra-2.2.2/rset/rstemp.c:178:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(template + strlen(template), "%ld_", (long) getpid());
data/idzebra-2.2.2/rset/rstemp.c:269:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read(info->fd, info->buf_mem, count)) < (int) count)
data/idzebra-2.2.2/test/api/test_create_databases.c:52:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_add_record (zh, rec_buf, strlen(rec_buf));
data/idzebra-2.2.2/test/api/test_insert_fetch.c:50:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_add_record(zh, myrec[0], strlen(myrec[0]));
data/idzebra-2.2.2/test/api/test_resources.c:105:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xml_buf, strlen(xml_buf)),
data/idzebra-2.2.2/test/api/test_trunc.c:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(rec_buf + strlen(rec_buf), "aaa");
data/idzebra-2.2.2/test/api/test_trunc.c:66:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(rec_buf + strlen(rec_buf), "%c", c);
data/idzebra-2.2.2/test/api/test_trunc.c:71:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(rec_buf + strlen(rec_buf), "%d", j);
data/idzebra-2.2.2/test/api/test_trunc.c:73:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_add_record (zh, rec_buf, strlen(rec_buf));
data/idzebra-2.2.2/test/api/test_update_record.c:39:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec, strlen(rec))
data/idzebra-2.2.2/test/api/test_update_record.c:48:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rec, strlen(rec))
data/idzebra-2.2.2/test/api/test_zebra_fork.c:50:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_add_record(zh, rec, strlen(rec));
data/idzebra-2.2.2/test/api/testlib.c:126:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (zebra_add_record(zh, recs[i], strlen(recs[i])) != ZEBRA_OK)
data/idzebra-2.2.2/test/api/testlib.c:492:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cmp_rec) != rec_len)
data/idzebra-2.2.2/test/xslt/xslt3.c:80:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_add_record(zh, record_buf, strlen(record_buf));
data/idzebra-2.2.2/test/xslt/xslt5.c:71:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YAZ_CHECK_EQ(zebra_add_record(zh, record_buf, strlen(record_buf)),
data/idzebra-2.2.2/test/xslt/xslt5.c:74:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_add_record(zh, record_buf, strlen(record_buf));
data/idzebra-2.2.2/util/charmap.c:324:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab->input = set_map_string(tab->input, tab->nmem, s, strlen(s), tmp, 0);
data/idzebra-2.2.2/util/charmap.c:336:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab->input = set_map_string(tab->input, tab->nmem, s, strlen(s),
data/idzebra-2.2.2/util/charmap.c:347:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tab->input = set_map_string(tab->input, tab->nmem, s, strlen(s),
data/idzebra-2.2.2/util/charmap.c:359:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = chr_map_input(arg->map, &s, strlen(s), 0);
data/idzebra-2.2.2/util/charmap.c:362:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(arg->string, *res, CHR_MAXSTR - strlen(arg->string));
data/idzebra-2.2.2/util/charmap.c:362:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(arg->string, *res, CHR_MAXSTR - strlen(arg->string));
data/idzebra-2.2.2/util/charmap.c:386:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yaz_log(YLOG_DEBUG, "set map %.*s", (int) strlen(s), s);
data/idzebra-2.2.2/util/charmap.c:387:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_map_string(arg->map->input, arg->map->nmem, s, strlen(s), arg->string,
data/idzebra-2.2.2/util/charmap.c:439:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t inbytesleft = strlen(s_native);
data/idzebra-2.2.2/util/charmap.c:693:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen += strlen(w.eq[i]) + 1;
data/idzebra-2.2.2/util/charmap.c:703:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen += strlen(w.eq[i]);
data/idzebra-2.2.2/util/charmap.c:712:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w.eq[i], strlen(w.eq[i]),
data/idzebra-2.2.2/util/flock.c:86:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dlen = dir ? strlen(dir) : 0;
data/idzebra-2.2.2/util/flock.c:87:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fname = xmalloc(dlen + strlen(name) + 3);
data/idzebra-2.2.2/util/it_key.c:53:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(formstr, ".");
data/idzebra-2.2.2/util/it_key.c:54:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(formstr + strlen(formstr), ZINT_FORMAT, key.mem[i]);
data/idzebra-2.2.2/util/it_key.c:69:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/idzebra-2.2.2/util/it_key.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cp1)+1;
data/idzebra-2.2.2/util/passwddb.c:145:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (pe->des) < 3)
data/idzebra-2.2.2/util/passwddb.c:150:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pass) > 8) /* maximum key length is 8 */
data/idzebra-2.2.2/util/res.c:98:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
env_strlen += 1 + strlen(env_val);
data/idzebra-2.2.2/util/res.c:126:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j += strlen(env_val);
data/idzebra-2.2.2/util/res.c:280:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + strlen(prefix) >= (sizeof(rname)-2))
data/idzebra-2.2.2/util/res.c:280:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + strlen(prefix) >= (sizeof(rname)-2))
data/idzebra-2.2.2/util/res.c:283:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rname, ".");
data/idzebra-2.2.2/util/res.c:370:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(prefix);
data/idzebra-2.2.2/util/res.c:400:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lefts = strlen(re->name)+2;
data/idzebra-2.2.2/util/res.c:407:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (lefts + strlen(re->value+no) > 78)
data/idzebra-2.2.2/util/res.c:492:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t name_len = strlen(e_i->name);
data/idzebra-2.2.2/util/res.c:506:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(name);
data/idzebra-2.2.2/util/snippet.c:54:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zebra_snippets_append_match(l, seqno, ws, ord, term, strlen(term), 0);
data/idzebra-2.2.2/util/snippet.c:201:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(doc_w->term), match);
data/idzebra-2.2.2/util/tstcharmap.c:41:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(from);
data/idzebra-2.2.2/util/zebramap.c:676:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*result_len = strlen(*result_buf);
data/idzebra-2.2.2/util/zebramap.c:682:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*display_len = strlen(*display_buf);
ANALYSIS SUMMARY:
Hits = 1370
Lines analyzed = 72306 in approximately 1.81 seconds (40050 lines/second)
Physical Source Lines of Code (SLOC) = 55164
Hits@level = [0] 321 [1] 284 [2] 898 [3] 16 [4] 172 [5] 0
Hits@level+ = [0+] 1691 [1+] 1370 [2+] 1086 [3+] 188 [4+] 172 [5+] 0
Hits/KSLOC@level+ = [0+] 30.654 [1+] 24.835 [2+] 19.6868 [3+] 3.40802 [4+] 3.11798 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.