Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ikvm-8.1.5717.0+ds/ikvm-8.1.5717.0/native/jni.c
Examining data/ikvm-8.1.5717.0+ds/ikvm-8.1.5717.0/native/jni.h
Examining data/ikvm-8.1.5717.0+ds/ikvm-8.1.5717.0/native/os.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/locale_str.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/gdefs_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/java_main_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jlong_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/io/Win32ErrorMode.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ComCtl32Util.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Pen.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Color.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Menu.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/Hashtable.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Pen.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/Devices.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextField.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_new.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DesktopProperties.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_KeyEvent.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Frame.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MouseEvent.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MenuBar.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Mlib.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/WBufferStrategy.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DrawingSurface.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Rectangle.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/DllUtil.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Frame.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Palette.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_GDIObject.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Panel.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsDevice.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Container.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Button.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Canvas.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Desktop.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Robot.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Dimension.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/colordata.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ComCtl32Util.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PopupMenu.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextComponent.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextArea.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Panel.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MenuItem.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Mlib.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Container.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PopupMenu.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/stdhdrs.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_IconCursor.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DrawingSurface.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextField.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Color.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Brush.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_InputTextInfor.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_List.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Choice.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ObjectList.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/GDIHashtable.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/jawt.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Debug.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Object.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_BitmapUtil.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Label.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TrayIcon.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintDialog.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DataTransferer.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/CmdIDList.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_AWTEvent.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/Devices.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Robot.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_InputEvent.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ScrollPane.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsDevice.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DataTransferer.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintDialog.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/WPrinterJob.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/alloc.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_KeyboardFocusManager.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Scrollbar.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Menu.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Dialog.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/img_util_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_AWTEvent.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsConfig.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/DllUtil.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ScrollPane.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Event.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Dimension.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_InputMethod.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MenuItem.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Clipboard.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Rectangle.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_IconCursor.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_InputEvent.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/GDIHashtable.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextComponent.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Checkbox.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DCHolder.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awtmsg.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_BitmapUtil.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/CmdIDList.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextArea.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_InputTextInfor.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/MouseInfo.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Event.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DCHolder.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Scrollbar.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Dialog.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Insets.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Button.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/mlib_types_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Checkbox.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Insets.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsEnv.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Cursor.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ThemeReader.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/Hashtable.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsConfig.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_KeyEvent.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TrayIcon.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Brush.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Label.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MenuBar.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Palette.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/initIDs.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MouseEvent.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_GDIObject.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Object.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Clipboard.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Debug.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DesktopProperties.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Cursor.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ObjectList.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_List.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_CustomPaletteDef.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Choice.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_new.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Canvas.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/GDIRenderer.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/GDIBlitLoops.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/WindowsFlags.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/WindowsFlags.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/GDIWindowSurfaceData.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/GDIWindowSurfaceData.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DGraphicsDevice.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DTextRenderer.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DSurfaceData.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DBadHardware.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DContext.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DRenderer.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DContext.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DMaskFill.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DResourceManager.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DMaskBlit.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DGlyphCache.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipeline.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DResourceManager.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DMaskFill.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaders.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipeline.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DRenderer.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DMaskBlit.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DBufImgOps.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DMaskCache.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DGlyphCache.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DBlitLoops.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DRenderQueue.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DVertexCacher.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DGraphicsDevice.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DRenderQueue.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPaints.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DMaskCache.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPaints.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DBlitLoops.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DTextRenderer.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DBufImgOps.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DVertexCacher.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DSurfaceData.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/opengl/WGLGraphicsConfig.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/opengl/OGLFuncs_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/opengl/J2D_GL/wglext.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/opengl/WGLSurfaceData.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/opengl/WGLGraphicsConfig.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/opengl/WGLSurfaceData.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/j2d_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt_common/awt_makecube.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/FileSystemImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthSequence.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/portconfig.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/lcdglyph.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsAttachProvider.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/WindowsAsynchronousFileChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/WindowsAsynchronousSocketChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/Net.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/nio_util.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/IOUtil.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/ServerSocketChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileKey.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/Iocp.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/WindowsAsynchronousServerSocketChannelImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/RegistryFileTypeDetector.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_config.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/utility/rect.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tracing/dtrace/jvm_symbols_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/WindowsDirectory.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/smartcardio/pcsc_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/smartcardio/pcsc_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/provider/WinCAPISeedGenerator.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/mscapi/security.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/FileInputStream_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/FileDescriptor_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/RandomAccessFile_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/Console_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/FileOutputStream_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainSocketImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/InetAddressImplFactory.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/DualStackPlainSocketImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/SocketInputStream.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/ExtendedOptionsImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/SocketOutputStream.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/DualStackPlainDatagramSocketImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet4AddressImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/AbstractPlainDatagramSocketImpl.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/icmp.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessEnvironment_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/nio/MappedByteBuffer.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/WindowsPreferences.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/logging.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Util.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiOut.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Util.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/security/auth/module/nt.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/solaris/classes/sun/awt/X11/keysym2ucs.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapViewer/heapViewer.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/compiledMethodLoad/compiledMethodLoad.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/versionCheck/versionCheck.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Monitor.hpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Agent.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Thread.hpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/waiters.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Monitor.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Thread.cpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Agent.hpp
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_tracker.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_loader.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_reference.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_tls.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_cpu.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_tag.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_util.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_error.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_stack.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_site.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_listener.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_class.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_ioname.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_event.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_cpu.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_tracker.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_frame.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_util.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_stack.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_monitor.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_object.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_md.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_trace.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_blocks.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_reference.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_string.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_ioname.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_string.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_tls.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_listener.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_frame.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_tag.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_site.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_event.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_loader.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_b_spec.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_monitor.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_object.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_trace.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_blocks.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_class.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_error.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/gctest/gctest.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/minst/minst.h
Examining data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/minst/minst.c
FINAL RESULTS:
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:53:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stdout, format, ap);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:64:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, format, ap);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:279:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(jar_path, java_home);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:280:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:282:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:284:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:285:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, demo_name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:286:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:287:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, demo_name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:292:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(jar_path, java_home);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:293:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:295:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:297:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:299:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:300:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, demo_name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:301:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, file_sep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:302:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(jar_path, demo_name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c:564:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf, "%s.%s@%d[%s:%d]",
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:264:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(error_fp, format, ap);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:287:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(nice_words, temp);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:698:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy((char*)uptr, s1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_error.c:63:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, format, ap);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_error.c:201:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, format, ap);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_error.c:212:15: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)vfprintf(stderr, format, ap);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_error.h:75:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf args ; \
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:292:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(suffix, format_suffix);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:310:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(suffix, dot);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:380:11: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
(void)fprintf(stdout,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:525:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(all_options, command_line_options);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:530:15: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(all_options, extra_options);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:552:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gdata->utf8_output_filename, suboption);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:566:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gdata->net_hostname, suboption);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:713:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(errmsg, option);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:739:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gdata->utf8_output_filename, default_filename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:747:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gdata->output_filename, gdata->utf8_output_filename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:784:15: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gdata->heapfilename, base);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:796:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(gdata->checkfilename, default_filename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:797:23: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(gdata->checkfilename, check_suffix);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:191:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(name, basename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:103:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(buffer, count, format, ...) _snprintf_s(buffer, count, _TRUNCATE, format, ##__VA_ARGS__)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:286:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(buf,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:175:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(tname, info.name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:49:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:56:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:41:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:159:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jniEntryName, cname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:160:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jniEntryName, p);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:163:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jniEntryName, sym);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:165:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(jniEntryName, cname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:168:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(jniEntryName, sym);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:152:25: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(p2, p);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:154:25: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(tmp, p);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:394:69: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
jobject file, jint access)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:405:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch (access) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:425:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
jint access,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:638:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(search_path, pathbuf);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:597:17: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pathbuf, path );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:601:17: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(pathbuf, path + 1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:605:13: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(pathbuf, path );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c:72:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirp->path, dirname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c:116:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirp->dirent.d_name, dirp->find_data.cFileName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:140:17: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pathbuf, path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:171:26: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pathbuf, ps);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:201:25: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pathbuf, ps);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:268:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access, /* Read and/or write permission */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c:84:11: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
? swprintf(utf16_javaMessage, MESSAGE_LENGTH, L"%s error=%d, %s", functionName, errnum, utf16_OSErrorMsg)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c:85:11: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
: swprintf(utf16_javaMessage, MESSAGE_LENGTH, L"%s failed, error=%d", functionName, errnum);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c:471:13: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(pathbuf, chars);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c:493:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access, /* Read and/or write permission */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:177:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ret, elems[0]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:183:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ret, elems[index]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:312:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curr->name, dev_name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:312:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (nif->name, newname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:313:25: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy ((PWCHAR)nif->displayName, ptr->FriendlyName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:2238:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmsg, "error getting socket option: %s\n", strerror(errno));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:192:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(exc, "%s%s", JNU_JAVANETPKG, excP);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:219:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errmsg, "errno: %d, error: %s\n", WSAGetLastError(), defaultDetail);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:340:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(winZoneName, subKeyName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:416:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapFileName, java_home_dir);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:417:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mapFileName, MAPPINGS_FILE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt_common/awt_makecube.cpp:438:11: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
len = vfprintf(handle, format, args);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:62:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fontpath,sysdir);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:65:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(fontpath,windir);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:213:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(lfw.lfFaceName, fullName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:321:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lfa.lfFaceName, lpelfe->elfLogFont.lfFaceName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:382:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(lfw.lfFaceName, lpelfe->elfLogFont.lfFaceName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/lcdglyph.c:242:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(lf.lfFaceName, name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:82:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pargs,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:147:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(array, "const DWORD *%sShaders[] =\n{\n", name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:153:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(elem, " %s%d,\n", name, i);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:155:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(array, elem);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:228:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(finalSource, convolveShaderSource,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:286:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(finalSource, rescaleShaderSource,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:360:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(finalSource, lookupShaderSource,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:455:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(finalSource, basicGradientShaderSource,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:668:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cycleCode, noCycleCode, texCoordCalcCode);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:670:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cycleCode, reflectCode, texCoordCalcCode);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:672:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(cycleCode, repeatCode, texCoordCalcCode);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:676:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(finalSource, multiGradientShaderSource,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/FileSystemImpl.c:211:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ACCESS_ALLOWED_ACE *access;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:439:9: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf(fullCounterPath,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:475:13: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf(fullCounterPath,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:482:13: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf(fullCounterPath,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:720:13: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf(fullIDProcessCounterPath,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:1061:5: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf(pdhIDProcessCounterFmt,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:71:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s1, s2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:150:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(key,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:208:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pproto,"%s=", cproto);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:981:9: [4] (access) SetThreadToken:
If this call fails, the program could fail to drop heightened privileges
(CWE-250). Make sure the return value is checked, and do not continue if a
failure is reported.
if (SetThreadToken(hThread, hToken) == 0)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:1067:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf( (wchar_t *)month, 3, L"%2.2d", systemTime.wMonth);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:1068:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf( (wchar_t *)day, 3, L"%2.2d", systemTime.wDay);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:1069:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf( (wchar_t *)hour, 3, L"%2.2d", systemTime.wHour);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:1070:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf( (wchar_t *)minute, 3, L"%2.2d", systemTime.wMinute);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:1071:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf( (wchar_t *)second, 3, L"%2.2d", systemTime.wSecond);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:1072:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf( (wchar_t *)timeString, 16,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c:110:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(exceptionMessage, (LPTSTR) lpMsgBuf);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c:111:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(exceptionMessage, libraryNameStr);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:925:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(ret, fixes[!prefix][!positive][style][pattern]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:1058:30: [4] (format) _stprintf:
Potential format string problem (CWE-134). Make format string constant.
#define FMT_MSG(x,y) case x: _stprintf(szBuf, \
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:1316:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuf, "0x%8.8x(%s):Unknown message 0x%8.8x\n",
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:1320:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(szBuf);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3549:53: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
UINT flags, BOOL system)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3559:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
InitMessage(&msg, (system ? WM_SYSKEYDOWN : WM_KEYDOWN),
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3591:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
UINT flags, BOOL system)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3602:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
InitMessage(&msg, (system ? WM_SYSKEYUP : WM_KEYUP),
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3648:82: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
MsgRouting AwtComponent::WmIMEChar(UINT character, UINT repCnt, UINT flags, BOOL system)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3667:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
BOOL system)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3680:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
UINT message = system ? WM_SYSCHAR : WM_CHAR;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3689:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system && alt_is_down) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3702:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (!system && alt_is_down) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.h:532:75: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
virtual MsgRouting WmKeyDown(UINT vkey, UINT repCnt, UINT flags, BOOL system);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.h:533:73: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
virtual MsgRouting WmKeyUp(UINT vkey, UINT repCnt, UINT flags, BOOL system);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.h:535:77: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
virtual MsgRouting WmChar(UINT character, UINT repCnt, UINT flags, BOOL system);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.h:536:80: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
virtual MsgRouting WmIMEChar(UINT character, UINT repCnt, UINT flags, BOOL system);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Debug.cpp:196:5: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_snprintf(assertMsg, ASSERT_MSG_SIZE, AssertFmt, expr, file, line, lastError, msgBuffer);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Desktop.cpp:54:26: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
HINSTANCE retval = ::ShellExecute(NULL, verb_c, fileOrUri_c, NULL, NULL, SW_SHOWNORMAL);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DesktopProperties.cpp:619:5: [4] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
lstrcpy(valueNameBuf, valueName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DesktopProperties.cpp:631:5: [4] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
lstrcpy(propKeyBuf, propKey);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:431:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(tmpname, name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:439:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(&(logFont.lfFaceName[0]), tmpname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1700:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&(szSubKey[strlen(szSubKey)]), lpszCP);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1701:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_szCodePageSubkey, szSubKey);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1726:5: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(szFamilyName, GetFontName());
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1745:13: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(lpszFileName, m_szDefaultEUDCFile);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1771:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(m_szDefaultEUDCFile, lpszFileName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:2290:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(lf.lfFaceName, fontNameW);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:1648:9: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(iconResourceName, securityWarningIconName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:1654:9: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(iconResourceName, strIndex);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:2639:5: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(szVer, 128, L"0x%x = %ld", version, version);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:2645:17: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(szVer + l, 128, L" (Windows Vista)");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:2647:17: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(szVer + l, 128, L" (Windows XP)");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:2650:13: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(szVer + l, 128, L" (Windows 2000)");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:2653:9: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(szVer + l, 128, L" (Unknown)");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsEnv.cpp:279:16: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
&& swprintf(tmpPath, MAX_PATH, L"%s%s", systemRoot, fontPath + 12) != -1) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsEnv.cpp:289:13: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(tmpPath, MAX_PATH, L"%s\\FONTS\\EUDC.TTE", systemRoot);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:54:13: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (_vsntprintf( szBuffer, DTRACE_BUF_LEN, lpszFormat, argList ) < 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:64:13: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if (_sntprintf(
data/ikvm-8.1.5717.0+ds/ikvm-8.1.5717.0/native/os.c:30:10: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
return LoadLibrary(psz);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:517:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extra_options = getenv("_JAVA_HPROF_OPTIONS");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:456:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(&crit_sect);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:464:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&crit_sect);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:502:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&data.crit_sect);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp:179:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(&crit_sect);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp:187:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&crit_sect);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp:221:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&data.crit_sect);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Util.c:60:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(lock);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Util.c:75:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection((CRITICAL_SECTION*) lock);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/security/auth/module/nt.c:675:19: [3] (misc) LoadLibraryEx:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hModule = LoadLibraryEx(TEXT("netmsg.dll"),
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:50:18: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:57:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle = LoadLibrary(path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:185:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&sizeCheckLock);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:420:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&sizeCheckLock);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:429:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&splash->lock);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:444:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&splash->lock);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp:39:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
static BOOL bNoHwCheck = (getenv("J2D_D3D_NO_HWCHECK") != NULL);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp:636:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *pRas = getenv("J2D_D3D_RASTERIZER");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:98:15: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
val = CreateProcess(0, pargs, 0, 0, TRUE,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:98:15: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
val = CreateProcess(0, pargs, 0, 0, TRUE,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/WindowsFlags.cpp:78:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *d3dEnv = getenv("J2D_D3D");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:253:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&criticalSection->cs);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:261:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&criticalSection->cs);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:1219:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if ((h = LoadLibrary("pdh.dll")) == NULL) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c:65:15: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hModule = LoadLibrary(libName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c:96:15: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hModule = LoadLibrary(libraryNameStr);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Palette.cpp:289:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
} else if (getenv("FORCEGRAY")) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.h:99:35: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
INLINE CriticalSection() { ::InitializeCriticalSection(&rep); }
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.h:123:11: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&rep);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.cpp:220:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(&contentBitmapCS);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.cpp:2588:11: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&contentBitmapCS);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.cpp:2599:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&contentBitmapCS);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.cpp:2781:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&contentBitmapCS);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_new.cpp:199:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/ikvm-8.1.5717.0+ds/ikvm-8.1.5717.0/native/os.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[1024];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:258:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jar_path[FILENAME_MAX+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:281:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, "demo");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:283:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, "jvmti");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:288:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, ".jar");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:294:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, "..");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:296:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, "demo");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:298:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, "jvmti");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:303:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(jar_path, ".jar");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/compiledMethodLoad/compiledMethodLoad.c:235:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(OUTPUT_FILE, "w");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c:599:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c:829:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void*)jvmti_space, (void*)newImage, (int)newLength);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c:850:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[MAX_TOKEN_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c:877:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[MAX_TOKEN_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/heapTracker/heapTracker.c:883:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gdata->maxDump = atoi(number);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[WARRANT_NAME_MAX + 1]; /* Name of allocator */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:277:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nice_words[512];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:315:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void)sprintf(pmess,"%02x",ch);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:411:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy(p1, p2, minimum(((int)len), WARRANT_NAME_MAX));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char details[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:148:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(details,"Only part of buffer processed");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:151:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(details,"Unknown system error condition");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:240:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(gdata->check_buffer + gdata->check_buffer_index, buf, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:387:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(new_finfo,cmap->finfo,osize*(int)sizeof(Finfo));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_class.c:151:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(name, sig+1, len-2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:271:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[5];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:348:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(buf, *src, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FILENAME_MAX+80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:537:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[16];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:538:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suboption[FILENAME_MAX+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:555:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_number[16];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:711:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:712:19: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(errmsg, "Unknown option: ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:785:15: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(gdata->heapfilename, ".TMP");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:809:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FILENAME_MAX+80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:822:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[120];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:845:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[FILENAME_MAX+80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1512:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(signature+1, classname, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1567:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void*)jvmti_space, (void*)new_image, (int)new_length);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1890:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[FILENAME_MAX+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1891:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_buf[256+FILENAME_MAX+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1936:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1952:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char npt_lib[JVM_MAXPATHLEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:126:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(name, sig+1, name_len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:137:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(name, basename, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:138:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(name+len, "[]", 2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char details[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:268:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(details,"Only part of buffer processed");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:271:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(details,"Unknown system error condition");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:331:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(gdata->write_buffer + gdata->write_buffer_index, buf, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:417:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:457:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(gdata->heap_buffer + gdata->heap_buffer_index, buf, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:731:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prelude_file[FILENAME_MAX];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:741:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[FILENAME_MAX+80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:751:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024]; /* File is small, small buffer ok here */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:992:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[32];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstate[20];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1288:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"S|");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1291:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"intr|");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1294:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"native|");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1298:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"ZO");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1300:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"NS");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1304:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"SL");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1306:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"MW");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1308:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"CW");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1312:23: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(tstate,"UN");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_listener.c:334:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_reference.c:113:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&value, key, (int)sizeof(jvalue));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_reference.c:641:39: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(new_values, values, obytes);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_stack.c:79:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(new_elements, old_elements, old_size*stack->elem_size);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_stack.c:159:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(top_element, element, stack->elem_size);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[48]; /* Name of table. */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:482:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(new_table, old_table, obytes);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:497:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(new_bv, old_bv, obytes);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:635:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(info, info_ptr, ltable->info_size);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:644:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(dup_key, key_ptr, key_len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:660:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lock_name[80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_trace.c:136:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(pkey->frames, frames, (n_frames*(int)sizeof(FrameIndex)));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_util.c:75:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_util.c:1227:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(*pfields, stack_element(field_list, 0), nbytes);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_util.c:1698:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_util.c:1722:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:275:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:350:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(copy, str, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:459:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(ci->output+ci->output_position,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:479:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(bytes, ci->input+ci->input_position, count);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:489:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(ci->output+ci->output_position, bytes, count);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:668:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[BUFSIZE];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:975:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(injection.code+injection.len, bytecodes, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:1105:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char _opcode_length[JVM_OPC_MAX+1] =
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/minst/minst.c:269:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void*)jvmti_space, (void*)new_image, (int)new_length);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/minst/minst.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[MAX_TOKEN_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:162:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(tname, "Unknown");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:231:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mp->name = (const char *)strdup(names[mnum]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:235:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mp->signature = (const char *)strdup(sigs[mnum]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:346:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_THREAD_NAME_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:457:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_THREAD_NAME_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:472:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[MAX_THREAD_NAME_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:579:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void*)jvmti_space, (void*)new_image, (int)new_length);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[MAX_TOKEN_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:629:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[MAX_TOKEN_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:638:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gdata->max_count = atoi(number);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Monitor.cpp:66:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(name, "Unknown");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Monitor.hpp:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Thread.cpp:61:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(name, "Unknown");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Thread.hpp:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:157:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(g_audioDeviceCache[g_cacheCount].guid), lpGuid, sizeof(GUID));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:1192:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer1, data, buffer1len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:1196:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer2, data, buffer2len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:1267:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buffer1, buffer1len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:1271:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buffer2, buffer2len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp:239:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char winMidiInErrMsg[WIN_MAX_ERROR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp:286:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%d.%d", (midiInCaps.vDriverVersion & 0xFF00) >> 8, midiInCaps.vDriverVersion & 0xFF);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiOut.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char winMidiOutErrMsg[WIN_MAX_ERROR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiOut.c:141:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%d.%d", (midiOutCaps.vDriverVersion & 0xFF00) >> 8, midiOutCaps.vDriverVersion & 0xFF);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiOut.c:412:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr->lpData, data, size);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:97:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[100];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:100:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, "ACTIVE ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:104:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, "DISCONNECTED ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:108:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, "SOURCE ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:114:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*) r, "%d", flags);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:203:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[100];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:206:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, "DISABLED ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:210:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, "MULTIPLE ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:214:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ret, "UNIFORM ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:220:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char*) r, "%d", controlState);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:360:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(description->version, "%d.%d", (mixerCaps.vDriverVersion & 0xFF00) >> 8, mixerCaps.vDriverVersion & 0xFF);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/Console_md.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/Console_md.c:59:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "ms%d", cp);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/Console_md.c:61:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "cp%d", cp);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:664:9: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat(search_path, L"\\*");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024]; /* Working copy of path */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:600:17: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(pathbuf, L"\\\\?\\UNC\0");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:604:13: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(pathbuf, L"\\\\?\\\0");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alt_dirname[4] = { 0, 0, 0, 0 };
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c:92:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dirp->path, "*.*");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c:94:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dirp->path, "\\*.*");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8_javaMessage[MESSAGE_LENGTH*2];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:77:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
codepage = atoi(ret+2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:82:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret, "UTF-8");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:93:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret, "GBK");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:96:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret, "GB18030");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:109:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR mbChar[2] = {(char)0xfa, (char)0x41};
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:111:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, mbChar, 2, &unicodeChar, 1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:113:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret, "MS950_HKSCS_XP");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:121:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char systemPath[MAX_PATH + 1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:126:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(systemPath, "\\FONTS\\SimSun18030.ttc");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:127:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(systemPath, "r")) != NULL) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:129:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ret, "GB18030");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:147:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "ms%d", cp);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:149:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "cp%d", cp);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * elems[5]; // lang, script, ctry, variant, encoding
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[SNAMESIZE];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:318:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*language, "en");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:319:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*country, "US");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:331:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*language, "no");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:332:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*country , "NO");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:334:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*language, "no");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:335:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*country , "NO");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:336:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*variant, "NY");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:382:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:500:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.%d", ver.dwMajorVersion, ver.dwMinorVersion);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/DualStackPlainDatagramSocketImpl.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/DualStackPlainDatagramSocketImpl.c:242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/DualStackPlainDatagramSocketImpl.c:411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet4AddressImpl.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet4AddressImpl.c:109:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "localhost");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet4AddressImpl.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuf[1500];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet4AddressImpl.c:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char recvbuf[1500];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname [256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:70:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (hostname, "localhost");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:212:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next, iterator, sizeof(struct addrinfo));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host[NI_MAXHOST+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:340:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(him6.sin6_addr), caddr, sizeof(struct in6_addr) );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sendbuf[1500];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auxbuf[1500];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:375:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char recvbuf[1500];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:432:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((icmp6 + 1), ×tamp, sizeof(int));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:436:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pseudo_ip6->ip6_src, &netif->sin6_addr, sizeof(struct in6_addr));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:437:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pseudo_ip6->ip6_dst, &him->sin6_addr, sizeof(struct in6_addr));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:440:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(auxbuf + sizeof(struct ip6_pseudo_hdr), icmp6, 64);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:484:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, (icmp6 + 1), sizeof(int));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:549:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(him6.sin6_addr), caddr, sizeof(struct in6_addr) );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/Inet6AddressImpl.c:562:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(inf6.sin6_addr), caddr, sizeof(struct in6_addr) );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:160:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, ifrowP, sizeof(MIB_IFROW));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:231:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_name[8];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:282:20: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
wlen = MultiByteToWideChar(CP_OEMCP, 0, ifrowP->bDescr,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:320:17: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (MultiByteToWideChar(CP_OEMCP, 0, ifrowP->bDescr,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:176:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, ptr, sizeof(IP_ADAPTER_ADDRESSES));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:278:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname [128];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:301:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (newname, "tun%d", tun);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:304:33: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (newname, "net%d", net);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/SocketInputStream.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/SocketOutputStream.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:226:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[255];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:819:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:930:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:1201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BUF[MAX_BUFFER_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:2121:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[255];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:2122:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(errmsg,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/TwoStacksPlainDatagramSocketImpl.c:2237:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[255];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/icmp.h:97:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id_data[1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exc[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullMsg[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:175:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
excP = (char *)winsock_errors[i].exc;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:177:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char *)winsock_errors[i].errString, msg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[255];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.c:888:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&(him6->sin6_addr), caddr, sizeof(struct in6_addr) );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.h:268:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((DST), (SRC), sizeof (struct SOCKADDR_IN6)); \
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/net_util_md.h:270:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((DST), (SRC), sizeof (struct sockaddr_in)); \
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[MAX_ZONE_CHAR];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:103:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ret = RegQueryValueExA(hKey, (char *) keyNames[keyIndex + 1], NULL,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:112:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
len = MultiByteToWideChar(CP_ACP, MB_ERR_INVALID_CHARS,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:136:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "GMT%c%02d:%02d",
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:141:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buffer, "GMT");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:157:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR subKeyName[MAX_ZONE_CHAR];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:158:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szValue[MAX_ZONE_CHAR];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:407:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *items[TZ_NITEMS];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:409:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[MAX_ZONE_CHAR * 4];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:419:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(mapFileName, "r")) == NULL) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:499:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char winZoneName[MAX_ZONE_CHAR];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:500:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char winMapID[MAX_MAPID_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:69:16: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
outChars = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, in, len,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:75:10: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
rc = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, in, len,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:157:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((BYTE *) pBmi) + sizeof(BITMAPV4HEADER),
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:256:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bitmapBits, splash->screenData,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt_common/awt_makecube.cpp:35:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cube[LOOKUPSIZE * LOOKUPSIZE * LOOKUPSIZE];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt_common/awt_makecube.cpp:37:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reds[256], greens[256], blues[256], indices[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt_common/awt_makecube.cpp:121:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cmapsize = atoi(argv[i]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt_common/awt_makecube.cpp:129:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
virtcubesize = atoi(argv[i]);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char windir[BSIZE];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysdir[BSIZE];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fontpath[BSIZE*2];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:52:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sysdir, "\\Fonts");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:59:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(windir, "\\Fonts");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:597:11: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const wchar_t wname[MAX_BUFFER];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:598:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char cname[MAX_BUFFER];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:599:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char data[MAX_BUFFER];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DBufImgOps.cpp:272:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDst, bands[i], bandLength*sizeof(jushort));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DContext.cpp:1198:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDstPixels, pSrcPixels, srcWidth);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DContext.cpp:1274:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDstPixels, pSrcPixels, srcWidth * 3);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DContext.cpp:1310:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDstPixels, pSrcPixels, srcWidth * 4);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPaints.cpp:385:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPix, pixels, numStops*sizeof(juint));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char varname[50];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[8];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:74:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpTmp = fopen("tmp.hlsl", "w");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pargs[300];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:121:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpTmp = fopen("tmp.h", "r");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char array[5000];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elem[30];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:151:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(elem, " NULL,\n");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:157:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(array, "};\n");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finalSource[2000];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finalSource[2000];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finalSource[2000];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:428:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finalSource[3000];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cycleCode[1500];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:637:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finalSource[3000];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:978:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fpHeader = fopen(strHeaderFile, "a");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DVertexCacher.cpp:730:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)lpVert,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/GDIBlitLoops.cpp:155:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bmi.colors.palette, srcInfo.lutBase, srcInfo.lutSize * sizeof(RGBQUAD));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/windows/GDIBlitLoops.cpp:177:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bmi.colors.palette, byteGrayPalette, 256 * sizeof(RGBQUAD));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/FileSystemImpl.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsName[128];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:716:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullIDProcessCounterPath[MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:802:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char moduleName[MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:1141:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instanceIndexBuffer[32];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:148:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char searchlist[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameservers[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pproto[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regserver[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:118:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char override[MAX_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramChannelImpl.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c:101:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bufs[i].buf = (char *)iovp[i].iov_base;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c:188:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bufs[i].buf = (char *)iovp[i].iov_base;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/IOUtil.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c:105:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
bufs[i].buf = (char *)iovp[i].iov_base;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c:218:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* ptr = (char *)iovp[next_index].iov_base;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c:199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[WAKEUP_SOCKET_BUF_SIZE];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/WindowsSelectorImpl.c:222:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[8];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:779:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, Source1.Buffer, Source1.Length);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:780:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + Source1.Length, Source2.Buffer, Source2.Length);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/WindowsDirectory.c:38:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lpPath[MAX_PATH+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/mscapi/security.cpp:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMessage[1024];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/mscapi/security.cpp:829:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/mscapi/security.cpp:830:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (sprintf(buffer, "%lu", dwAlgId)) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/mscapi/security.cpp:889:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pszCertAliasName, jCertAliasChars, size * sizeof(WCHAR));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/j2secmod_md.c:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMessage[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsAttachProvider.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsAttachProvider.c:166:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:76:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jvmLib[MAX_LIBNAME_LENGTH]; /* "jvm.dll" */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func1[MAX_FUNC_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func2[MAX_FUNC_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:79:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[MAX_CMD_LENGTH]; /* "load", "dump", ... */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:80:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg[MAX_ARGS][MAX_ARG_LENGTH]; /* arguments to command */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:81:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipename[MAX_PIPE_NAME_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:203:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_mesg[255];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:205:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(err_mesg, "OpenProcess(pid=%d) failed; LastError=0x%x",
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_PIPE_NAME_LENGTH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:339:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:398:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data.jvmLib, "jvm");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:399:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data.func1, "JVM_EnqueueOperation");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:400:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(data.func2, "_JVM_EnqueueOperation@20");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:244:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[64];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:245:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c, "Could not initialize COM: HRESULT=0x%08X", hr);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:408:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPIDL, pIDL, cb);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:448:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newPIDL, parentPIDL, len1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:449:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((LPBYTE) newPIDL) + len1, relativePIDL, len2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:532:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szBuf[MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:664:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, strret.cStr, -1, olePath, MAX_PATH);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:669:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, (CHAR *)pidl + strret.uOffset, -1, olePath, MAX_PATH);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:795:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szBuf[MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/WPrinterJob.cpp:76:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR cBuffer[250];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_BitmapUtil.cpp:189:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bitmapBits, (void*)imageData, srcStride * height);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_BitmapUtil.cpp:194:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDstPixels, pSrcPixels, dstStride);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:1064:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szBuf[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3005:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[2] = { '\0', '\0'};
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3025:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junkbuf[2] = { '\0', '\0'};
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3045:28: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int nconverted = ::MultiByteToWideChar(AwtComponent::GetCodePage(), 0,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3637:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR strCodePage[MAX_ACP_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:3715:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
::MultiByteToWideChar(GetCodePage(), 0, (CHAR*)&character, 2,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Component.cpp:6177:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((BYTE*)pRgnData + sizeof(RGNDATAHEADER), pRect, sizeof(RECT_T) * numrects);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Cursor.cpp:382:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cols, intRasterDataPtr, nW*nH*sizeof(int));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Debug.cpp:176:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char assertMsg[ASSERT_MSG_SIZE+1];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Dialog.cpp:580:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR immItem[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.cpp:1151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dataout, &id, sizeof(id));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.cpp:617:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stgm, pmedium, sizeof(STGMEDIUM));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.cpp:836:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPath[MAX_PATH*2];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.cpp:860:25: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szPath, _T("\\"));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.cpp:875:13: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szPath, _T("\\"));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDT.cpp:1049:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_formats + m_nformats, &tmp, sizeof(FORMATETC));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp:57:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR s_fileFilterString[MAX_FILTER_STRING];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, s_additionalString, sizeof(s_additionalString));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp:178:21: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPath[MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1658:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_szCodePageSubkey[16];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1698:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSubKey[80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1699:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szSubKey, "EUDC\\");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1735:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmpName[80];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1768:14: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
VERIFY(::MultiByteToWideChar(CP_ACP, 0,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_MenuItem.cpp:129:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR strCodePage[MAX_ACP_STR_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Palette.cpp:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bUsed[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Palette.cpp:278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(systemEntriesWin32, pe, numEntries * sizeof(PALETTEENTRY));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Palette.cpp:349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPalEntries, systemEntriesWin32, 256 * sizeof(PALETTEENTRY));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp:446:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(devmode, info2->pDevMode, devmodeSize);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:1422:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR fullPath[_MAX_PATH];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:1687:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen("c:\\plog.txt", "a");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:1769:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = fopen("c:\\plog.txt", "a");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:2773:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(imgLinePtr, imageBits+(i*imgWidthByteSz),
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:2930:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(bmi.bmiColors[0]), bmiCols, (numCols*4));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:3902:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errStr[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:3903:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR t_errStr[256];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4195:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDevMode, p2->pDevMode,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((LPTSTR)pDevNames + pDevNames->wDriverOffset,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4222:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((LPTSTR)pDevNames + pDevNames->wDeviceOffset,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((LPTSTR)pDevNames + pDevNames->wOutputOffset,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyboardState, AwtToolkit::GetInstance().m_lastKeyboardState,
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:216:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR inputLocale[9];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:217:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buf[9];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:225:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&inputLocale[8-len], buf, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:1646:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t iconResourceName[sizeof(securityWarningIconName) + 2];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:1650:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t strIndex[2];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsDevice.cpp:388:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rgbP[10], &logicalEntries[10], 236 * sizeof(RGBQUAD));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsDevice.cpp:411:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgbP, logicalEntries, 256 * sizeof(int));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Win32GraphicsDevice.cpp:422:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rgbP, systemEntries, 256 * sizeof(int));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Window.cpp:408:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR windowClassName[len];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_new.cpp:56:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen("java.awt.outofmem.txt", "w");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:53:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szBuffer[DTRACE_BUF_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:57:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szTime[32];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:59:9: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szTime, _T(" "));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:60:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szBuffer1[DTRACE_BUF_LEN];
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:75:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer1, szTime, iTimeLen*sizeof(TCHAR));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:76:9: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szBuffer1, _T("\n"));
data/ikvm-8.1.5717.0+ds/ikvm-8.1.5717.0/native/os.c:45:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > sizeof(buf) - 11)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:94:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(buf, str, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:112:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(item);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:124:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cname_len = (int)strlen(cname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:132:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mname_len = (int)strlen(mname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:273:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = (int)(strlen(java_home) + strlen(demo_name)*2 +
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:273:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_len = (int)(strlen(java_home) + strlen(demo_name)*2 +
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/agent_util/agent_util.c:274:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(file_sep)*5 +
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:404:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(file);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/debug_malloc.c:688:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nbytes = strlen(s1)+1;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:258:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
check_raw(buf, (int)strlen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:331:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(str);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:901:23: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(umap.str, (char*)p, (size_t)num_elements);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_check.c:1143:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p+=((int)strlen((char*)p)+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:280:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_len = (int)strlen(old_name)+64;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:300:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = (int)strlen(format_suffix);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:339:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(*src);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:522:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
all_options = HPROF_MALLOC((int)strlen(command_line_options) +
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:523:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(extra_options) + 2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:528:19: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(all_options, ",");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:551:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdata->utf8_output_filename = HPROF_MALLOC((int)strlen(suboption)+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:565:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdata->net_hostname = HPROF_MALLOC((int)strlen(suboption)+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:738:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gdata->utf8_output_filename = HPROF_MALLOC((int)strlen(default_filename)+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:744:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ulen = (int)strlen(gdata->utf8_output_filename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:782:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(base);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:794:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HPROF_MALLOC((int)strlen(default_filename)+
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:795:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(check_suffix)+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1509:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(classname);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1902:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(lname) == 0 ) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1910:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(lname) == 0 ) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_init.c:1977:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(npt_lib) == 0 ) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:134:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(basename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:189:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = (int)strlen(basename);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:403:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:422:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_raw(buf, (int)strlen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:540:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
heap_raw(buf, (int)strlen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:720:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_raw(gdata->header, (int)strlen(gdata->header) + 1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1310:23: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(tstate,"R");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_io.c:1793:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sep = (int)strlen(field_name) < 8 ? "\t" : "";
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_ioname.c:63:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void*)name, (int)strlen(name)+1, pnew_entry, NULL);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_string.c:69:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void*)str, (int)strlen(str)+1, NULL, NULL);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/hprof/hprof_table.c:674:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(ltable->name, name, sizeof(ltable->name));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:603:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(class_name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:623:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:626:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(descr);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:1969:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:2319:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CRW_ASSERT(ci, (int)strlen(ci->name)==cs.len && strncmp(ci->name, cs.ptr, cs.len)==0);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:2409:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(tclass_sig);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/java_crw_demo/java_crw_demo.c:2439:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ci.name = duplicate(&ci, name, (int)strlen(name));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/minst/minst.c:324:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = (int)strlen(gdata->include);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/minst/minst.c:348:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = (int)strlen(gdata->exclude);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:173:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(info.name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:648:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = (int)strlen(gdata->include);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/mtrace/mtrace.c:672:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = (int)strlen(gdata->exclude);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Monitor.cpp:74:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(name, signature, (int)sizeof(name)-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/share/demo/jvmti/waiters/Thread.cpp:65:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(name, info.name, (int)sizeof(name)-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:236:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(desc->name, lpstrDescription, DAUDIO_STRING_LENGTH);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:261:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(desc->description, "DirectSound Playback", DAUDIO_STRING_LENGTH);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_DirectSound.cpp:264:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(desc->description, "DirectSound Capture", DAUDIO_STRING_LENGTH);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiIn.cpp:261:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, midiInCaps.szPname, nameLength-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiOut.c:85:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, midiOutCaps.szPname, nameLength-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_MidiOut.c:128:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, desc, nameLength-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:113:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(ret);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:219:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r += strlen(ret);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:358:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(description->name, mixerCaps.szPname, PORT_STRING_LENGTH-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:361:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(description->description, "Port Mixer", PORT_STRING_LENGTH-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/com/sun/media/sound/PLATFORM_API_WinOS_Ports.c:562:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, line->szName, len-1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:48:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "\\");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jdk_util_md.c:55:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(path, "\\");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:70:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
useNative = (!strcmp("kernel", jvmPath + strlen(jvmPath) -
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:71:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("kernel"))); // true if jvm.dll lives in "kernel"
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:94:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = mbstowcs(NULL, str, strlen(str));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:155:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(jniEntryName, sym, (p - sym));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:158:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(jniEntryName, "_");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/common/jni_util_md.c:164:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(jniEntryName, "_");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:253:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)wcslen(path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:259:60: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = (*env)->NewString(env, cp, (jsize)wcslen(cp));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:267:63: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = (*env)->NewString(env, canonicalPath, (jsize)wcslen(canonicalPath));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:286:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)wcslen(canonicalPrefix) + MAX_PATH;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:293:62: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = (*env)->NewString(env, cp, (jsize)wcslen(cp));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:303:67: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rv = (*env)->NewString(env, canonicalPath, (jsize)wcslen(canonicalPath));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:631:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
search_path = (WCHAR*)malloc(2*wcslen(pathbuf) + 6);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:650:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)wcslen(search_path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:662:9: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(search_path, L"*");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:693:41: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(jsize)wcslen(find_data.cFileName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/WinNTFileSystem_md.c:844:44: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (*env)->NewString(env, p, (jsize)wcslen(p));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:183:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(p) > 4 && !wcsncmp(p, L"\\\\.\\", 4))
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:258:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = path + strlen(path);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:303:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(path) == 3 && path[1] == ':' && path[2] == '\\') {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:329:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fd.cFileName + strlen(fd.cFileName)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:336:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(dst = cp(dst, dend, '\0', src, src + strlen(src)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:381:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonicalPrefix + strlen(canonicalPrefix)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:386:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fd.cFileName + strlen(fd.cFileName)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:391:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(dst = cp(dst, dend, '\0', src, src + strlen(src)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:486:29: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((pathlen = (int)wcslen(path)) > MAX_PATH - 1) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:498:44: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fd.cFileName + wcslen(fd.cFileName)))){
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:505:61: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(dst = wcp(dst, dend, L'\0', src, src + wcslen(src)))){
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:545:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((pathlen=(int)wcslen(pathWithCanonicalPrefix)) > MAX_PATH - 1) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:556:43: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
canonicalPrefix + wcslen(canonicalPrefix)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:561:40: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fd.cFileName + wcslen(fd.cFileName)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/canonicalize_md.c:566:58: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(dst = wcp(dst, dend, L'\0', src, src + wcslen(src)))) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/dirent_md.c:66:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirp->path = (char *)malloc(strlen(dirname) + 5);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:95:27: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirlen = (int)wcslen(dir);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:106:40: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curDirLenCached = (int)wcslen(dir);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:156:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = (int)wcslen(ps);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:492:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:501:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (jint)read;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:599:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(utf8_jvmErrorMsg, "Out of memory", cbErrorMsg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:602:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(utf8_jvmErrorMsg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:626:21: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(utf16_osErrorMsg, rtError, cbErrorMsg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:629:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = wcslen(utf16_osErrorMsg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:652:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(utf8_jvmErrorMsg, "Secondary error while OS message extraction", cbErrorMsg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/io/io_util_md.c:655:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(utf8_jvmErrorMsg);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/ProcessImpl_md.c:466:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pathlen = wcslen(chars);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:125:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(systemPath) + strlen(gb18030Font) < MAX_PATH + 1) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:125:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(systemPath) + strlen(gb18030Font) < MAX_PATH + 1) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:182:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(ret, "-");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:292:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(*script) != 4) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:538:30: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (uname != NULL && wcslen(uname) > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/lang/java_props_md.c:682:42: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, wcstr, wcslen(wcstr));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:292:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curr->name = (char *)malloc(strlen(dev_name) + 1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:315:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(curr->displayName, ifrowP->bDescr, ifrowP->dwDescrLen);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface.c:575:47: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(jsize)wcslen ((PWCHAR)ifs->displayName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:307:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nif->name = malloc (strlen(newname)+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:308:52: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nif->displayName = malloc (wcslen(ptr->FriendlyName)*2+2);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/net/NetworkInterface_winXP.c:486:48: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(jsize)wcslen ((PWCHAR)ifs->displayName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:412:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mapFileName = malloc(strlen(java_home_dir) + strlen(MAPPINGS_FILE) + 1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/java/util/TimeZone_md.c:412:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mapFileName = malloc(strlen(java_home_dir) + strlen(MAPPINGS_FILE) + 1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/awt/splashscreen/splashscreen_sys.c:68:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:56:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(windir) > BSIZE-7) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:64:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(fontpath,";");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:203:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen((LPWSTR)fullName) >= LF_FACESIZE) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:248:41: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(jsize)wcslen((LPWSTR)lpelfe->elfFullName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:359:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = wcslen(lpelfe->elfLogFont.lfFaceName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:417:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t TTSLEN = strlen(TTSUFFIX);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:420:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:443:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t TTSLEN = wcslen(TTSUFFIX);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:446:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = wcslen(name);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:470:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dslen = strlen(data);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:531:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dslen = wcslen(data);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:557:59: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fontStr = (*env)->NewString(env, ptr1, (jsize)wcslen(ptr1));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:575:55: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fontStr = (*env)->NewString(env, name, (jsize)wcslen(name));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:677:9: [1] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant character.
wcscpy(lfw.lfFaceName, L""); /* one face per family (CHECK) */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/font/fontpath.c:685:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(lfa.lfFaceName, ""); /* one face per family */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp:402:17: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(id) > 21) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp:404:17: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(vendorId, id+8, 4);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DPipelineManager.cpp:408:17: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(deviceId, id+17, 4);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/java2d/d3d/D3DShaderGen.c:122:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch = fgetc(fpTmp)) != EOF) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:331:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(originalString);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:339:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(allocatedString, originalString, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:408:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullCounterPathLen = strlen(objectName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:409:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullCounterPathLen += strlen(counterName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:420:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullCounterPathLen += strlen(imageName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:431:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullCounterPathLen += strlen(instance);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:455:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullCounterPathLen += strlen(instance);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:895:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pCount = 0, tmp = instances; *tmp != '\0'; tmp = &tmp[strlen(tmp)+1], pCount++);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:913:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (index = 0, tmp = instances; *tmp != '\0'; tmp = &tmp[strlen(tmp)+1], ++index) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:1048:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdhIDProcessCounterFmtLen = strlen(pdhProcessImageName);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:1049:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdhIDProcessCounterFmtLen += strlen(pdhLocalizedProcessObject);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/management/OperatingSystemImpl.c:1050:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pdhIDProcessCounterFmtLen += strlen(pdhLocalizedIDProcessCounter);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:62:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s1)+1;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:65:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len + strlen(s2) > MAX_STR_LEN) /* insufficient space */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:69:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(s1, " ");
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(result) > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:179:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((ret != ERROR_SUCCESS) || (strlen(result) == 0)) &&
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/dns/ResolverConfigurationImpl.c:200:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (((ret != ERROR_SUCCESS) || (strlen(result) == 0)) &&
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:163:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(override) > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:173:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(s, urlhost, strlen(s)) == 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/spi/DefaultProxySelector.c:215:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(pproto);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthSequence.c:123:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AuthId.UserLength = (unsigned long) strlen( pUser );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthSequence.c:128:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AuthId.PasswordLength = (unsigned long) strlen( pPassword );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/net/www/protocol/http/ntlm/NTLMAuthSequence.c:133:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
AuthId.DomainLength = (unsigned long) strlen( pDomain );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c:65:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* receives number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c:84:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return convertReturnVal(env, (jint)read, JNI_TRUE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c:109:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* receives number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/DatagramDispatcher.c:131:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return convertLongReturnVal(env, (jlong)read, JNI_TRUE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:57:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:70:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return convertReturnVal(env, (jint)read, JNI_TRUE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:97:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:99:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:100:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
totalRead += read;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:102:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < num) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:160:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/FileDispatcherImpl.c:182:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return convertReturnVal(env, (jint)read, JNI_TRUE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/IOUtil.c:171:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/IOUtil.c:182:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/IOUtil.c:183:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
totalRead += read;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/Iocp.c:156:70: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, (const jchar *)message, (jsize)wcslen(message));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c:65:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* receives number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c:79:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return convertReturnVal(env, (jint)read, JNI_TRUE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c:118:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
&read, /* receives number of bytes read */
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/ch/SocketDispatcher.c:135:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return convertLongReturnVal(env, (jlong)read, JNI_TRUE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/RegistryFileTypeDetector.c:54:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jsize len = (jsize)wcslen((WCHAR*)data);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:209:70: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, (const jchar *)message, (jsize)wcslen(message));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:342:70: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jstring name = (*env)->NewString(env, data.cFileName, (jsize)wcslen(data.cFileName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:375:63: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, data->cFileName, (jsize)wcslen(data->cFileName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:398:72: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jstring name = (*env)->NewString(env, data.cStreamName, (jsize)wcslen(data.cStreamName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:426:64: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, data.cStreamName, (jsize)wcslen(data.cStreamName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:581:72: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = (*env)->NewString(env, (const jchar *)fileSystemName, (jsize)wcslen(fileSystemName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:585:68: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str = (*env)->NewString(env, (const jchar *)volumeName, (jsize)wcslen(volumeName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:644:73: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, (const jchar *)volumeName, (jsize)wcslen(volumeName));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:844:62: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = (*env)->NewString(env, (const jchar *)domain, (jsize)wcslen(domain));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:849:60: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = (*env)->NewString(env, (const jchar *)name, (jsize)wcslen(name));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/nio/fs/WindowsNativeDispatcher.c:898:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(jsize)wcslen(string));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:712:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Length = (ULONG)wcslen(TargetPrefix.Buffer) * sizeof(WCHAR);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:804:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Name.Length = (USHORT)strlen(Name.Buffer);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:878:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Length = (ULONG)wcslen( SourceString ) * sizeof( WCHAR );
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:944:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(realm, domainName.Buffer, domainName.Length/sizeof(WCHAR));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/krb5/NativeCreds.c:984:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
realmLen = (ULONG)wcslen((PWCHAR)realm);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c:109:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exceptionMessage = (char *) malloc(sizeof(char) * (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/security/pkcs11/wrapper/p11_md.c:109:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
exceptionMessage = (char *) malloc(sizeof(char) * (strlen((LPTSTR) lpMsgBuf) + strlen(libraryNameStr) + 1));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/tools/attach/WindowsVirtualMachine.c:620:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cstr, str, len);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:238:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, pattern, (jsize)wcslen(pattern));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:274:57: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_string = (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:284:61: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_string = (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:312:52: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_string = (*env)->NewString(env, ad, (jsize)wcslen(ad));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:387:50: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = (*env)->NewString(env, pattern, (jsize)wcslen(pattern));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:427:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:490:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:511:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:574:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:717:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (*env)->NewString(env, buf, (jsize)wcslen(buf));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:782:62: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp_string = (*env)->NewString(env, name, (jsize)wcslen(name));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:799:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcscat_s(ret, BUFLEN-wcslen(ret), number); // "+12.34"
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:801:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcscat_s(ret, BUFLEN-wcslen(ret), fix); // "+12.34$"
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:802:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcscat_s(ret, BUFLEN-wcslen(ret), L";"); // "+12.34$;"
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:804:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcscat_s(ret, BUFLEN-wcslen(ret), fix); // "+12.34$;("
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:805:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcscat_s(ret, BUFLEN-wcslen(ret), number); // "+12.34$;(12.34"
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/util/locale/provider/HostLocaleProviderAdapter_md.c:807:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcscat_s(ret, BUFLEN-wcslen(ret), fix); // "+12.34$;(12.34$)"
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:38:102: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define JNU_NewStringPlatform(env, x) env->NewString(reinterpret_cast<jchar*>(x), static_cast<jsize>(_tcslen(x)))
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:202:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static_cast<jsize>(wcslen(pStrret->pOleStr)));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:207:102: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define JNU_NewStringPlatform(env, x) env->NewString(reinterpret_cast<jchar*>(x), static_cast<jsize>(_tcslen(x)))
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/ShellFolder2.cpp:730:5: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(reinterpret_cast<LPWSTR>(wszPath), reinterpret_cast<LPCWSTR>(strPath), nLength);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/WPrinterJob.cpp:109:8: [1] (buffer) lstrcpyn:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
lstrcpyn(pPrinterName, cBuffer, index+1);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt.h:183:108: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define JNU_NewStringPlatform(env, x) env->NewString(reinterpret_cast<const jchar*>(x), static_cast<jsize>(_tcslen(x)))
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DataTransferer.cpp:196:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jsize length = (jsize)strlen(encoding);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.cpp:1504:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0) memmove(pv, (void *)(m_buffer + m_off), read);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.cpp:1504:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > 0) memmove(pv, (void *)(m_buffer + m_off), read);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.cpp:1506:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_off += read;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_DnDDS.cpp:1509:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*pcbRead = read;
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp:299:13: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(fileBuffer, tmp, bufferLimit - 2); // the fileBuffer is double null terminated string
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_FileDialog.cpp:383:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: (jint)_tcslen(ofn.lpstrFile);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:389:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(text)<=wcslen(tail)) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:389:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(text)<=wcslen(tail)) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:392:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t* p = text+wcslen(text)-wcslen(tail);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:392:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wchar_t* p = text+wcslen(text)-wcslen(tail);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1683:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(m_szCodePageSubkey) > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1700:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(&(szSubKey[strlen(szSubKey)]), lpszCP);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1744:13: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(m_szDefaultEUDCFile) > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1767:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DASSERT(strlen((LPCSTR)szFileName) > 0);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Font.cpp:1784:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wcslen(szEUDCFileName) > 0) {
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp:460:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? _tcslen(info2->pDriverName)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp:463:40: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? _tcslen(pPrinterName)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp:466:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
? _tcslen(info2->pPortName)
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp:1014:24: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LPTSTR pbuf = (_tcslen(lpcNames + devnames->wDeviceOffset) == 0 ?
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintControl.cpp:1023:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pbuf = (_tcslen(lpcNames + devnames->wOutputOffset) == 0 ?
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:1312:30: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = wcslen(defPort);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:2287:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nameLen = wcslen(fontNameW);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:2470:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strLen = wcslen(wText);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4205:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WORD drvNameLen = static_cast<WORD>(_tcslen(p2->pDriverName)); // driver name
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4206:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WORD ptrNameLen = static_cast<WORD>(_tcslen(p2->pPrinterName)); // printer name
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_PrintJob.cpp:4207:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WORD porNameLen = static_cast<WORD>(_tcslen(p2->pPortName)); // port name
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TextComponent.cpp:313:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return static_cast<int>(wcslen(pStr));
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_Toolkit.cpp:224:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = _tcslen(buf);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TrayIcon.cpp:713:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(m_nid.szTip, tooltip, TRAY_ICON_TOOLTIP_MAX_SIZE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TrayIcon.cpp:819:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(m_nid.szInfoTitle, caption, TRAY_ICON_BALLOON_TITLE_MAX_SIZE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_TrayIcon.cpp:832:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy(m_nid.szInfo, text, TRAY_ICON_BALLOON_INFO_MAX_SIZE);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:61:29: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t iFormatLen = _tcslen(lpszFormat);
data/ikvm-8.1.5717.0+ds/openjdk-8u45-b14/jdk/src/windows/native/sun/windows/awt_ole.cpp:63:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t iTimeLen = _tcslen(szTime);
ANALYSIS SUMMARY:
Hits = 845
Lines analyzed = 155951 in approximately 9.05 seconds (17236 lines/second)
Physical Source Lines of Code (SLOC) = 104928
Hits@level = [0] 186 [1] 269 [2] 384 [3] 35 [4] 157 [5] 0
Hits@level+ = [0+] 1031 [1+] 845 [2+] 576 [3+] 192 [4+] 157 [5+] 0
Hits/KSLOC@level+ = [0+] 9.82579 [1+] 8.05314 [2+] 5.48948 [3+] 1.82983 [4+] 1.49626 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.