Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jdim-0.4.0/src/aamanager.cpp
Examining data/jdim-0.4.0/src/aamanager.h
Examining data/jdim-0.4.0/src/article/articleadmin.cpp
Examining data/jdim-0.4.0/src/article/articleadmin.h
Examining data/jdim-0.4.0/src/article/articleview.cpp
Examining data/jdim-0.4.0/src/article/articleview.h
Examining data/jdim-0.4.0/src/article/articleviewbase.cpp
Examining data/jdim-0.4.0/src/article/articleviewbase.h
Examining data/jdim-0.4.0/src/article/articleviewetc.cpp
Examining data/jdim-0.4.0/src/article/articleviewetc.h
Examining data/jdim-0.4.0/src/article/articleviewinfo.cpp
Examining data/jdim-0.4.0/src/article/articleviewinfo.h
Examining data/jdim-0.4.0/src/article/articleviewpopup.cpp
Examining data/jdim-0.4.0/src/article/articleviewpopup.h
Examining data/jdim-0.4.0/src/article/articleviewpreview.cpp
Examining data/jdim-0.4.0/src/article/articleviewpreview.h
Examining data/jdim-0.4.0/src/article/articleviewsearch.cpp
Examining data/jdim-0.4.0/src/article/articleviewsearch.h
Examining data/jdim-0.4.0/src/article/caret.h
Examining data/jdim-0.4.0/src/article/drawareabase.cpp
Examining data/jdim-0.4.0/src/article/drawareabase.h
Examining data/jdim-0.4.0/src/article/drawareainfo.cpp
Examining data/jdim-0.4.0/src/article/drawareainfo.h
Examining data/jdim-0.4.0/src/article/drawareamain.cpp
Examining data/jdim-0.4.0/src/article/drawareamain.h
Examining data/jdim-0.4.0/src/article/drawareapopup.cpp
Examining data/jdim-0.4.0/src/article/drawareapopup.h
Examining data/jdim-0.4.0/src/article/embeddedimage.cpp
Examining data/jdim-0.4.0/src/article/embeddedimage.h
Examining data/jdim-0.4.0/src/article/font.cpp
Examining data/jdim-0.4.0/src/article/font.h
Examining data/jdim-0.4.0/src/article/layouttree.cpp
Examining data/jdim-0.4.0/src/article/layouttree.h
Examining data/jdim-0.4.0/src/article/preference.cpp
Examining data/jdim-0.4.0/src/article/preference.h
Examining data/jdim-0.4.0/src/article/scrollinfo.h
Examining data/jdim-0.4.0/src/article/toolbar.cpp
Examining data/jdim-0.4.0/src/article/toolbar.h
Examining data/jdim-0.4.0/src/article/toolbarsearch.cpp
Examining data/jdim-0.4.0/src/article/toolbarsearch.h
Examining data/jdim-0.4.0/src/article/toolbarsimple.cpp
Examining data/jdim-0.4.0/src/article/toolbarsimple.h
Examining data/jdim-0.4.0/src/articleitemmenupref.cpp
Examining data/jdim-0.4.0/src/articleitemmenupref.h
Examining data/jdim-0.4.0/src/articleitempref.cpp
Examining data/jdim-0.4.0/src/articleitempref.h
Examining data/jdim-0.4.0/src/bbslist/addetcdialog.cpp
Examining data/jdim-0.4.0/src/bbslist/addetcdialog.h
Examining data/jdim-0.4.0/src/bbslist/bbslistadmin.cpp
Examining data/jdim-0.4.0/src/bbslist/bbslistadmin.h
Examining data/jdim-0.4.0/src/bbslist/bbslistview.cpp
Examining data/jdim-0.4.0/src/bbslist/bbslistview.h
Examining data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp
Examining data/jdim-0.4.0/src/bbslist/bbslistviewbase.h
Examining data/jdim-0.4.0/src/bbslist/columns.cpp
Examining data/jdim-0.4.0/src/bbslist/columns.h
Examining data/jdim-0.4.0/src/bbslist/editlistwin.cpp
Examining data/jdim-0.4.0/src/bbslist/editlistwin.h
Examining data/jdim-0.4.0/src/bbslist/favoriteview.cpp
Examining data/jdim-0.4.0/src/bbslist/favoriteview.h
Examining data/jdim-0.4.0/src/bbslist/historyview.cpp
Examining data/jdim-0.4.0/src/bbslist/historyview.h
Examining data/jdim-0.4.0/src/bbslist/selectdialog.cpp
Examining data/jdim-0.4.0/src/bbslist/selectdialog.h
Examining data/jdim-0.4.0/src/bbslist/selectlistview.cpp
Examining data/jdim-0.4.0/src/bbslist/selectlistview.h
Examining data/jdim-0.4.0/src/bbslist/toolbar.cpp
Examining data/jdim-0.4.0/src/bbslist/toolbar.h
Examining data/jdim-0.4.0/src/board/boardadmin.cpp
Examining data/jdim-0.4.0/src/board/boardadmin.h
Examining data/jdim-0.4.0/src/board/boardview.cpp
Examining data/jdim-0.4.0/src/board/boardview.h
Examining data/jdim-0.4.0/src/board/boardviewbase.cpp
Examining data/jdim-0.4.0/src/board/boardviewbase.h
Examining data/jdim-0.4.0/src/board/boardviewlog.cpp
Examining data/jdim-0.4.0/src/board/boardviewlog.h
Examining data/jdim-0.4.0/src/board/boardviewnext.cpp
Examining data/jdim-0.4.0/src/board/boardviewnext.h
Examining data/jdim-0.4.0/src/board/boardviewsidebar.cpp
Examining data/jdim-0.4.0/src/board/boardviewsidebar.h
Examining data/jdim-0.4.0/src/board/columns.h
Examining data/jdim-0.4.0/src/board/preference.cpp
Examining data/jdim-0.4.0/src/board/preference.h
Examining data/jdim-0.4.0/src/board/toolbar.cpp
Examining data/jdim-0.4.0/src/board/toolbar.h
Examining data/jdim-0.4.0/src/boardcolumnsid.h
Examining data/jdim-0.4.0/src/boarditemmenupref.cpp
Examining data/jdim-0.4.0/src/boarditemmenupref.h
Examining data/jdim-0.4.0/src/boarditempref.cpp
Examining data/jdim-0.4.0/src/boarditempref.h
Examining data/jdim-0.4.0/src/browserpref.h
Examining data/jdim-0.4.0/src/browsers.h
Examining data/jdim-0.4.0/src/cache.cpp
Examining data/jdim-0.4.0/src/cache.h
Examining data/jdim-0.4.0/src/colorid.h
Examining data/jdim-0.4.0/src/command.cpp
Examining data/jdim-0.4.0/src/command.h
Examining data/jdim-0.4.0/src/command_args.h
Examining data/jdim-0.4.0/src/compmanager.cpp
Examining data/jdim-0.4.0/src/compmanager.h
Examining data/jdim-0.4.0/src/config/aboutconfig.cpp
Examining data/jdim-0.4.0/src/config/aboutconfig.h
Examining data/jdim-0.4.0/src/config/aboutconfigdiag.cpp
Examining data/jdim-0.4.0/src/config/aboutconfigdiag.h
Examining data/jdim-0.4.0/src/config/configitems.cpp
Examining data/jdim-0.4.0/src/config/configitems.h
Examining data/jdim-0.4.0/src/config/defaultconf.h
Examining data/jdim-0.4.0/src/config/globalconf.cpp
Examining data/jdim-0.4.0/src/config/globalconf.h
Examining data/jdim-0.4.0/src/control/buttonconfig.cpp
Examining data/jdim-0.4.0/src/control/buttonconfig.h
Examining data/jdim-0.4.0/src/control/buttonpref.cpp
Examining data/jdim-0.4.0/src/control/buttonpref.h
Examining data/jdim-0.4.0/src/control/control.cpp
Examining data/jdim-0.4.0/src/control/control.h
Examining data/jdim-0.4.0/src/control/controlid.h
Examining data/jdim-0.4.0/src/control/controllabel.h
Examining data/jdim-0.4.0/src/control/controlutil.cpp
Examining data/jdim-0.4.0/src/control/controlutil.h
Examining data/jdim-0.4.0/src/control/defaultconf.h
Examining data/jdim-0.4.0/src/control/get_config.h
Examining data/jdim-0.4.0/src/control/keyconfig.cpp
Examining data/jdim-0.4.0/src/control/keyconfig.h
Examining data/jdim-0.4.0/src/control/keypref.cpp
Examining data/jdim-0.4.0/src/control/keypref.h
Examining data/jdim-0.4.0/src/control/keysyms.h
Examining data/jdim-0.4.0/src/control/mouseconfig.cpp
Examining data/jdim-0.4.0/src/control/mouseconfig.h
Examining data/jdim-0.4.0/src/control/mousekeyconf.cpp
Examining data/jdim-0.4.0/src/control/mousekeyconf.h
Examining data/jdim-0.4.0/src/control/mousekeyitem.h
Examining data/jdim-0.4.0/src/control/mousekeypref.cpp
Examining data/jdim-0.4.0/src/control/mousekeypref.h
Examining data/jdim-0.4.0/src/control/mousepref.cpp
Examining data/jdim-0.4.0/src/control/mousepref.h
Examining data/jdim-0.4.0/src/core.cpp
Examining data/jdim-0.4.0/src/core.h
Examining data/jdim-0.4.0/src/cssmanager.cpp
Examining data/jdim-0.4.0/src/cssmanager.h
Examining data/jdim-0.4.0/src/data_info.h
Examining data/jdim-0.4.0/src/dbimg/delimgcachediag.cpp
Examining data/jdim-0.4.0/src/dbimg/delimgcachediag.h
Examining data/jdim-0.4.0/src/dbimg/delimgdiag.h
Examining data/jdim-0.4.0/src/dbimg/img.cpp
Examining data/jdim-0.4.0/src/dbimg/img.h
Examining data/jdim-0.4.0/src/dbimg/imginterface.cpp
Examining data/jdim-0.4.0/src/dbimg/imginterface.h
Examining data/jdim-0.4.0/src/dbimg/imgroot.cpp
Examining data/jdim-0.4.0/src/dbimg/imgroot.h
Examining data/jdim-0.4.0/src/dbtree/article2ch.cpp
Examining data/jdim-0.4.0/src/dbtree/article2ch.h
Examining data/jdim-0.4.0/src/dbtree/article2chcompati.cpp
Examining data/jdim-0.4.0/src/dbtree/article2chcompati.h
Examining data/jdim-0.4.0/src/dbtree/articlebase.cpp
Examining data/jdim-0.4.0/src/dbtree/articlebase.h
Examining data/jdim-0.4.0/src/dbtree/articlehash.cpp
Examining data/jdim-0.4.0/src/dbtree/articlehash.h
Examining data/jdim-0.4.0/src/dbtree/articlejbbs.cpp
Examining data/jdim-0.4.0/src/dbtree/articlejbbs.h
Examining data/jdim-0.4.0/src/dbtree/articlelocal.cpp
Examining data/jdim-0.4.0/src/dbtree/articlelocal.h
Examining data/jdim-0.4.0/src/dbtree/articlemachi.cpp
Examining data/jdim-0.4.0/src/dbtree/articlemachi.h
Examining data/jdim-0.4.0/src/dbtree/board2ch.cpp
Examining data/jdim-0.4.0/src/dbtree/board2ch.h
Examining data/jdim-0.4.0/src/dbtree/board2chcompati.cpp
Examining data/jdim-0.4.0/src/dbtree/board2chcompati.h
Examining data/jdim-0.4.0/src/dbtree/boardbase.cpp
Examining data/jdim-0.4.0/src/dbtree/boardbase.h
Examining data/jdim-0.4.0/src/dbtree/boardfactory.cpp
Examining data/jdim-0.4.0/src/dbtree/boardfactory.h
Examining data/jdim-0.4.0/src/dbtree/boardjbbs.cpp
Examining data/jdim-0.4.0/src/dbtree/boardjbbs.h
Examining data/jdim-0.4.0/src/dbtree/boardlocal.cpp
Examining data/jdim-0.4.0/src/dbtree/boardlocal.h
Examining data/jdim-0.4.0/src/dbtree/boardmachi.cpp
Examining data/jdim-0.4.0/src/dbtree/boardmachi.h
Examining data/jdim-0.4.0/src/dbtree/etcboardinfo.h
Examining data/jdim-0.4.0/src/dbtree/frontloader.cpp
Examining data/jdim-0.4.0/src/dbtree/frontloader.h
Examining data/jdim-0.4.0/src/dbtree/interface.cpp
Examining data/jdim-0.4.0/src/dbtree/interface.h
Examining data/jdim-0.4.0/src/dbtree/node.h
Examining data/jdim-0.4.0/src/dbtree/nodetree2ch.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetree2ch.h
Examining data/jdim-0.4.0/src/dbtree/nodetree2chcompati.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetree2chcompati.h
Examining data/jdim-0.4.0/src/dbtree/nodetreebase.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetreebase.h
Examining data/jdim-0.4.0/src/dbtree/nodetreedummy.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetreedummy.h
Examining data/jdim-0.4.0/src/dbtree/nodetreejbbs.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetreejbbs.h
Examining data/jdim-0.4.0/src/dbtree/nodetreelocal.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetreelocal.h
Examining data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp
Examining data/jdim-0.4.0/src/dbtree/nodetreemachi.h
Examining data/jdim-0.4.0/src/dbtree/root.cpp
Examining data/jdim-0.4.0/src/dbtree/root.h
Examining data/jdim-0.4.0/src/dbtree/ruleloader.cpp
Examining data/jdim-0.4.0/src/dbtree/ruleloader.h
Examining data/jdim-0.4.0/src/dbtree/settingloader.cpp
Examining data/jdim-0.4.0/src/dbtree/settingloader.h
Examining data/jdim-0.4.0/src/dbtree/spchar_decoder.cpp
Examining data/jdim-0.4.0/src/dbtree/spchar_decoder.h
Examining data/jdim-0.4.0/src/dbtree/spchar_tbl.h
Examining data/jdim-0.4.0/src/dispatchmanager.cpp
Examining data/jdim-0.4.0/src/dispatchmanager.h
Examining data/jdim-0.4.0/src/dndmanager.cpp
Examining data/jdim-0.4.0/src/dndmanager.h
Examining data/jdim-0.4.0/src/environment.cpp
Examining data/jdim-0.4.0/src/environment.h
Examining data/jdim-0.4.0/src/fontcolorpref.cpp
Examining data/jdim-0.4.0/src/fontcolorpref.h
Examining data/jdim-0.4.0/src/fontid.h
Examining data/jdim-0.4.0/src/global.h
Examining data/jdim-0.4.0/src/globalabonepref.h
Examining data/jdim-0.4.0/src/globalabonethreadpref.h
Examining data/jdim-0.4.0/src/gtkmmversion.h
Examining data/jdim-0.4.0/src/history/historymanager.cpp
Examining data/jdim-0.4.0/src/history/historymanager.h
Examining data/jdim-0.4.0/src/history/historymenu.cpp
Examining data/jdim-0.4.0/src/history/historymenu.h
Examining data/jdim-0.4.0/src/history/historysubmenu.cpp
Examining data/jdim-0.4.0/src/history/historysubmenu.h
Examining data/jdim-0.4.0/src/history/viewhistory.cpp
Examining data/jdim-0.4.0/src/history/viewhistory.h
Examining data/jdim-0.4.0/src/history/viewhistoryitem.h
Examining data/jdim-0.4.0/src/httpcode.h
Examining data/jdim-0.4.0/src/icons/iconfiles.h
Examining data/jdim-0.4.0/src/icons/iconid.h
Examining data/jdim-0.4.0/src/icons/iconmanager.cpp
Examining data/jdim-0.4.0/src/icons/iconmanager.h
Examining data/jdim-0.4.0/src/image/imageadmin.cpp
Examining data/jdim-0.4.0/src/image/imageadmin.h
Examining data/jdim-0.4.0/src/image/imagearea.cpp
Examining data/jdim-0.4.0/src/image/imagearea.h
Examining data/jdim-0.4.0/src/image/imageareabase.cpp
Examining data/jdim-0.4.0/src/image/imageareabase.h
Examining data/jdim-0.4.0/src/image/imageareaicon.cpp
Examining data/jdim-0.4.0/src/image/imageareaicon.h
Examining data/jdim-0.4.0/src/image/imageareapopup.cpp
Examining data/jdim-0.4.0/src/image/imageareapopup.h
Examining data/jdim-0.4.0/src/image/imageview.cpp
Examining data/jdim-0.4.0/src/image/imageview.h
Examining data/jdim-0.4.0/src/image/imageviewbase.cpp
Examining data/jdim-0.4.0/src/image/imageviewbase.h
Examining data/jdim-0.4.0/src/image/imageviewicon.cpp
Examining data/jdim-0.4.0/src/image/imageviewicon.h
Examining data/jdim-0.4.0/src/image/imageviewpopup.cpp
Examining data/jdim-0.4.0/src/image/imageviewpopup.h
Examining data/jdim-0.4.0/src/image/imagewin.cpp
Examining data/jdim-0.4.0/src/image/imagewin.h
Examining data/jdim-0.4.0/src/image/preference.cpp
Examining data/jdim-0.4.0/src/image/preference.h
Examining data/jdim-0.4.0/src/iomonitor.cpp
Examining data/jdim-0.4.0/src/iomonitor.h
Examining data/jdim-0.4.0/src/jddebug.h
Examining data/jdim-0.4.0/src/jdlib/confloader.cpp
Examining data/jdim-0.4.0/src/jdlib/confloader.h
Examining data/jdim-0.4.0/src/jdlib/constptr.h
Examining data/jdim-0.4.0/src/jdlib/cookiemanager.cpp
Examining data/jdim-0.4.0/src/jdlib/cookiemanager.h
Examining data/jdim-0.4.0/src/jdlib/heap.cpp
Examining data/jdim-0.4.0/src/jdlib/heap.h
Examining data/jdim-0.4.0/src/jdlib/hkana.h
Examining data/jdim-0.4.0/src/jdlib/imgloader.cpp
Examining data/jdim-0.4.0/src/jdlib/imgloader.h
Examining data/jdim-0.4.0/src/jdlib/jdiconv.cpp
Examining data/jdim-0.4.0/src/jdlib/jdiconv.h
Examining data/jdim-0.4.0/src/jdlib/jdmigemo.cpp
Examining data/jdim-0.4.0/src/jdlib/jdmigemo.h
Examining data/jdim-0.4.0/src/jdlib/jdregex.cpp
Examining data/jdim-0.4.0/src/jdlib/jdregex.h
Examining data/jdim-0.4.0/src/jdlib/jdthread.cpp
Examining data/jdim-0.4.0/src/jdlib/jdthread.h
Examining data/jdim-0.4.0/src/jdlib/loader.cpp
Examining data/jdim-0.4.0/src/jdlib/loader.h
Examining data/jdim-0.4.0/src/jdlib/loaderdata.cpp
Examining data/jdim-0.4.0/src/jdlib/loaderdata.h
Examining data/jdim-0.4.0/src/jdlib/misccharcode.cpp
Examining data/jdim-0.4.0/src/jdlib/misccharcode.h
Examining data/jdim-0.4.0/src/jdlib/miscgtk.cpp
Examining data/jdim-0.4.0/src/jdlib/miscgtk.h
Examining data/jdim-0.4.0/src/jdlib/miscmsg.cpp
Examining data/jdim-0.4.0/src/jdlib/miscmsg.h
Examining data/jdim-0.4.0/src/jdlib/misctime.cpp
Examining data/jdim-0.4.0/src/jdlib/misctime.h
Examining data/jdim-0.4.0/src/jdlib/misctrip.cpp
Examining data/jdim-0.4.0/src/jdlib/misctrip.h
Examining data/jdim-0.4.0/src/jdlib/miscutil.cpp
Examining data/jdim-0.4.0/src/jdlib/miscutil.h
Examining data/jdim-0.4.0/src/jdlib/miscx.cpp
Examining data/jdim-0.4.0/src/jdlib/miscx.h
Examining data/jdim-0.4.0/src/jdlib/refptr_lock.h
Examining data/jdim-0.4.0/src/jdlib/ssl.cpp
Examining data/jdim-0.4.0/src/jdlib/ssl.h
Examining data/jdim-0.4.0/src/jdlib/tfidf.cpp
Examining data/jdim-0.4.0/src/jdlib/tfidf.h
Examining data/jdim-0.4.0/src/jdlib/timeout.cpp
Examining data/jdim-0.4.0/src/jdlib/timeout.h
Examining data/jdim-0.4.0/src/jdversion.h
Examining data/jdim-0.4.0/src/linkfiltermanager.cpp
Examining data/jdim-0.4.0/src/linkfiltermanager.h
Examining data/jdim-0.4.0/src/linkfilterpref.cpp
Examining data/jdim-0.4.0/src/linkfilterpref.h
Examining data/jdim-0.4.0/src/livepref.cpp
Examining data/jdim-0.4.0/src/livepref.h
Examining data/jdim-0.4.0/src/login2ch.cpp
Examining data/jdim-0.4.0/src/login2ch.h
Examining data/jdim-0.4.0/src/loginbe.cpp
Examining data/jdim-0.4.0/src/loginbe.h
Examining data/jdim-0.4.0/src/main.cpp
Examining data/jdim-0.4.0/src/mainitempref.cpp
Examining data/jdim-0.4.0/src/mainitempref.h
Examining data/jdim-0.4.0/src/maintoolbar.cpp
Examining data/jdim-0.4.0/src/maintoolbar.h
Examining data/jdim-0.4.0/src/menuslots.cpp
Examining data/jdim-0.4.0/src/message/confirmdiag.cpp
Examining data/jdim-0.4.0/src/message/confirmdiag.h
Examining data/jdim-0.4.0/src/message/logitem.h
Examining data/jdim-0.4.0/src/message/logmanager.cpp
Examining data/jdim-0.4.0/src/message/logmanager.h
Examining data/jdim-0.4.0/src/message/messageadmin.cpp
Examining data/jdim-0.4.0/src/message/messageadmin.h
Examining data/jdim-0.4.0/src/message/messageview.cpp
Examining data/jdim-0.4.0/src/message/messageview.h
Examining data/jdim-0.4.0/src/message/messageviewbase.cpp
Examining data/jdim-0.4.0/src/message/messageviewbase.h
Examining data/jdim-0.4.0/src/message/messagewin.cpp
Examining data/jdim-0.4.0/src/message/messagewin.h
Examining data/jdim-0.4.0/src/message/post.cpp
Examining data/jdim-0.4.0/src/message/post.h
Examining data/jdim-0.4.0/src/message/toolbar.cpp
Examining data/jdim-0.4.0/src/message/toolbar.h
Examining data/jdim-0.4.0/src/msgitempref.cpp
Examining data/jdim-0.4.0/src/msgitempref.h
Examining data/jdim-0.4.0/src/openurldiag.cpp
Examining data/jdim-0.4.0/src/openurldiag.h
Examining data/jdim-0.4.0/src/passwdpref.h
Examining data/jdim-0.4.0/src/prefdiagfactory.cpp
Examining data/jdim-0.4.0/src/prefdiagfactory.h
Examining data/jdim-0.4.0/src/privacypref.h
Examining data/jdim-0.4.0/src/proxypref.h
Examining data/jdim-0.4.0/src/searchitempref.cpp
Examining data/jdim-0.4.0/src/searchitempref.h
Examining data/jdim-0.4.0/src/searchloader.cpp
Examining data/jdim-0.4.0/src/searchloader.h
Examining data/jdim-0.4.0/src/searchmanager.cpp
Examining data/jdim-0.4.0/src/searchmanager.h
Examining data/jdim-0.4.0/src/session.cpp
Examining data/jdim-0.4.0/src/session.h
Examining data/jdim-0.4.0/src/setupwizard.cpp
Examining data/jdim-0.4.0/src/setupwizard.h
Examining data/jdim-0.4.0/src/sharedbuffer.cpp
Examining data/jdim-0.4.0/src/sharedbuffer.h
Examining data/jdim-0.4.0/src/sidebaritempref.cpp
Examining data/jdim-0.4.0/src/sidebaritempref.h
Examining data/jdim-0.4.0/src/sign.h
Examining data/jdim-0.4.0/src/skeleton/aamenu.cpp
Examining data/jdim-0.4.0/src/skeleton/aamenu.h
Examining data/jdim-0.4.0/src/skeleton/aboutdiag.cpp
Examining data/jdim-0.4.0/src/skeleton/aboutdiag.h
Examining data/jdim-0.4.0/src/skeleton/admin.cpp
Examining data/jdim-0.4.0/src/skeleton/admin.h
Examining data/jdim-0.4.0/src/skeleton/backforwardbutton.cpp
Examining data/jdim-0.4.0/src/skeleton/backforwardbutton.h
Examining data/jdim-0.4.0/src/skeleton/compentry.cpp
Examining data/jdim-0.4.0/src/skeleton/compentry.h
Examining data/jdim-0.4.0/src/skeleton/detaildiag.cpp
Examining data/jdim-0.4.0/src/skeleton/detaildiag.h
Examining data/jdim-0.4.0/src/skeleton/dispatchable.cpp
Examining data/jdim-0.4.0/src/skeleton/dispatchable.h
Examining data/jdim-0.4.0/src/skeleton/dragnote.cpp
Examining data/jdim-0.4.0/src/skeleton/dragnote.h
Examining data/jdim-0.4.0/src/skeleton/dragtreeview.cpp
Examining data/jdim-0.4.0/src/skeleton/dragtreeview.h
Examining data/jdim-0.4.0/src/skeleton/editcolumns.cpp
Examining data/jdim-0.4.0/src/skeleton/editcolumns.h
Examining data/jdim-0.4.0/src/skeleton/edittreeview.cpp
Examining data/jdim-0.4.0/src/skeleton/edittreeview.h
Examining data/jdim-0.4.0/src/skeleton/editview.cpp
Examining data/jdim-0.4.0/src/skeleton/editview.h
Examining data/jdim-0.4.0/src/skeleton/editviewdialog.h
Examining data/jdim-0.4.0/src/skeleton/entry.cpp
Examining data/jdim-0.4.0/src/skeleton/entry.h
Examining data/jdim-0.4.0/src/skeleton/filediag.h
Examining data/jdim-0.4.0/src/skeleton/hpaned.cpp
Examining data/jdim-0.4.0/src/skeleton/hpaned.h
Examining data/jdim-0.4.0/src/skeleton/iconpopup.h
Examining data/jdim-0.4.0/src/skeleton/imgbutton.cpp
Examining data/jdim-0.4.0/src/skeleton/imgbutton.h
Examining data/jdim-0.4.0/src/skeleton/imgtogglebutton.cpp
Examining data/jdim-0.4.0/src/skeleton/imgtogglebutton.h
Examining data/jdim-0.4.0/src/skeleton/imgtoolbutton.h
Examining data/jdim-0.4.0/src/skeleton/jdtoolbar.cpp
Examining data/jdim-0.4.0/src/skeleton/jdtoolbar.h
Examining data/jdim-0.4.0/src/skeleton/label_entry.cpp
Examining data/jdim-0.4.0/src/skeleton/label_entry.h
Examining data/jdim-0.4.0/src/skeleton/loadable.cpp
Examining data/jdim-0.4.0/src/skeleton/loadable.h
Examining data/jdim-0.4.0/src/skeleton/lockable.h
Examining data/jdim-0.4.0/src/skeleton/login.cpp
Examining data/jdim-0.4.0/src/skeleton/login.h
Examining data/jdim-0.4.0/src/skeleton/menubutton.cpp
Examining data/jdim-0.4.0/src/skeleton/menubutton.h
Examining data/jdim-0.4.0/src/skeleton/msgdiag.cpp
Examining data/jdim-0.4.0/src/skeleton/msgdiag.h
Examining data/jdim-0.4.0/src/skeleton/notebook.cpp
Examining data/jdim-0.4.0/src/skeleton/notebook.h
Examining data/jdim-0.4.0/src/skeleton/panecontrol.cpp
Examining data/jdim-0.4.0/src/skeleton/panecontrol.h
Examining data/jdim-0.4.0/src/skeleton/popupwin.cpp
Examining data/jdim-0.4.0/src/skeleton/popupwin.h
Examining data/jdim-0.4.0/src/skeleton/popupwinbase.cpp
Examining data/jdim-0.4.0/src/skeleton/popupwinbase.h
Examining data/jdim-0.4.0/src/skeleton/prefdiag.cpp
Examining data/jdim-0.4.0/src/skeleton/prefdiag.h
Examining data/jdim-0.4.0/src/skeleton/selectitempref.cpp
Examining data/jdim-0.4.0/src/skeleton/selectitempref.h
Examining data/jdim-0.4.0/src/skeleton/tablabel.cpp
Examining data/jdim-0.4.0/src/skeleton/tablabel.h
Examining data/jdim-0.4.0/src/skeleton/tabnote.cpp
Examining data/jdim-0.4.0/src/skeleton/tabnote.h
Examining data/jdim-0.4.0/src/skeleton/tabswitchbutton.cpp
Examining data/jdim-0.4.0/src/skeleton/tabswitchbutton.h
Examining data/jdim-0.4.0/src/skeleton/tabswitchmenu.cpp
Examining data/jdim-0.4.0/src/skeleton/tabswitchmenu.h
Examining data/jdim-0.4.0/src/skeleton/textloader.cpp
Examining data/jdim-0.4.0/src/skeleton/textloader.h
Examining data/jdim-0.4.0/src/skeleton/toolbar.cpp
Examining data/jdim-0.4.0/src/skeleton/toolbar.h
Examining data/jdim-0.4.0/src/skeleton/toolbarnote.cpp
Examining data/jdim-0.4.0/src/skeleton/toolbarnote.h
Examining data/jdim-0.4.0/src/skeleton/toolmenubutton.cpp
Examining data/jdim-0.4.0/src/skeleton/toolmenubutton.h
Examining data/jdim-0.4.0/src/skeleton/treeviewbase.cpp
Examining data/jdim-0.4.0/src/skeleton/treeviewbase.h
Examining data/jdim-0.4.0/src/skeleton/undobuffer.cpp
Examining data/jdim-0.4.0/src/skeleton/undobuffer.h
Examining data/jdim-0.4.0/src/skeleton/vbox.cpp
Examining data/jdim-0.4.0/src/skeleton/vbox.h
Examining data/jdim-0.4.0/src/skeleton/view.cpp
Examining data/jdim-0.4.0/src/skeleton/view.h
Examining data/jdim-0.4.0/src/skeleton/viewnote.cpp
Examining data/jdim-0.4.0/src/skeleton/viewnote.h
Examining data/jdim-0.4.0/src/skeleton/vpaned.cpp
Examining data/jdim-0.4.0/src/skeleton/vpaned.h
Examining data/jdim-0.4.0/src/skeleton/window.cpp
Examining data/jdim-0.4.0/src/skeleton/window.h
Examining data/jdim-0.4.0/src/sound/playsound.cpp
Examining data/jdim-0.4.0/src/sound/playsound.h
Examining data/jdim-0.4.0/src/sound/soundmanager.cpp
Examining data/jdim-0.4.0/src/sound/soundmanager.h
Examining data/jdim-0.4.0/src/type.h
Examining data/jdim-0.4.0/src/updatemanager.cpp
Examining data/jdim-0.4.0/src/updatemanager.h
Examining data/jdim-0.4.0/src/urlreplacemanager.cpp
Examining data/jdim-0.4.0/src/urlreplacemanager.h
Examining data/jdim-0.4.0/src/usrcmdmanager.cpp
Examining data/jdim-0.4.0/src/usrcmdmanager.h
Examining data/jdim-0.4.0/src/usrcmdpref.cpp
Examining data/jdim-0.4.0/src/usrcmdpref.h
Examining data/jdim-0.4.0/src/viewfactory.cpp
Examining data/jdim-0.4.0/src/viewfactory.h
Examining data/jdim-0.4.0/src/winmain.cpp
Examining data/jdim-0.4.0/src/winmain.h
Examining data/jdim-0.4.0/src/xml/document.cpp
Examining data/jdim-0.4.0/src/xml/document.h
Examining data/jdim-0.4.0/src/xml/dom.cpp
Examining data/jdim-0.4.0/src/xml/dom.h
Examining data/jdim-0.4.0/src/xml/tools.cpp
Examining data/jdim-0.4.0/src/xml/tools.h
Examining data/jdim-0.4.0/src/browsers.cpp
Examining data/jdim-0.4.0/test/gtest_jdlib_cookiemanager.cpp
Examining data/jdim-0.4.0/test/gtest_jdlib_misctime.cpp
Examining data/jdim-0.4.0/test/gtest_jdlib_misctrip.cpp
Examining data/jdim-0.4.0/test/gtest_jdlib_miscutil.cpp
Examining data/jdim-0.4.0/test/gtest_xml_dom.cpp
Examining data/jdim-0.4.0/debian/patches/browsers.cpp
FINAL RESULTS:
data/jdim-0.4.0/src/dbtree/root.cpp:1295:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
else chmod( file_etctxt.c_str(), S_IWUSR | S_IRUSR );
data/jdim-0.4.0/src/message/logmanager.cpp:342:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod( newpath.c_str(), S_IWUSR | S_IRUSR );
data/jdim-0.4.0/src/message/logmanager.cpp:356:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod( path.c_str(), S_IWUSR | S_IRUSR );
data/jdim-0.4.0/src/skeleton/login.cpp:96:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod( path.c_str(), S_IWUSR | S_IRUSR );
data/jdim-0.4.0/src/jddebug.h:31:1: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system( com.str().c_str() ); \
data/jdim-0.4.0/src/jdlib/miscmsg.cpp:15:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
( strcpy( (_buf), ctime( (_clock) ) ), (_buf) )
data/jdim-0.4.0/src/jdlib/misctrip.cpp:150:43: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
const char *crypted = crypt( key_binary, salt.c_str() );
data/jdim-0.4.0/src/jdlib/misctrip.cpp:224:27: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
const char *crypted = crypt( key.c_str(), salt.c_str() );
data/jdim-0.4.0/src/cache.cpp:1186:17: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char* ret = realpath( to_locale_cstr( path ), resolved_path );
data/jdim-0.4.0/src/jdlib/misctime.cpp:196:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tz = getenv("TZ");
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1694:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( ! name || ! getenv( name ) ) return std::string();
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1697:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
strncpy( env.data(), getenv( name ), size );
data/jdim-0.4.0/src/main.cpp:367:20: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while( ( opt = getopt_long( argc, argv, "ht:mnslg:V", options, nullptr ) ) != -1 )
data/jdim-0.4.0/test/gtest_jdlib_misctime.cpp:22:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
m_save_tz = Glib::getenv( "TZ" );
data/jdim-0.4.0/src/aamanager.cpp:256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpchar[2];
data/jdim-0.4.0/src/article/articleviewbase.cpp:740:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if( command == "goto_num" ) goto_num( atoi( arg1.c_str() ), atoi( arg2.c_str() ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:740:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if( command == "goto_num" ) goto_num( atoi( arg1.c_str() ), atoi( arg2.c_str() ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2249:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tmp_num = atoi( args.arg1.c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3008:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_url_tmp = DBTREE::url_readcgi( m_url_article, atoi( url.substr( strlen( PROTO_RES ) ).c_str() ), 0 );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3013:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_url_tmp = DBTREE::url_readcgi( m_url_article, atoi( url.substr( strlen( PROTO_ANCHORE ) ).c_str() ), 0 );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3538:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi( m_str_num.c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3557:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi( m_str_num.c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3623:79: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
">>" + m_str_num + "\n" + m_article->get_res_str( atoi( m_str_num.c_str() ), true ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3718:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpstr += m_article->get_res_str( atoi( m_str_num.c_str() ), ref );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3776:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int center = atoi( m_str_num.c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3877:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int number = atoi( m_str_num.c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:4057:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int res_number = atoi( m_str_num.c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:4262:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int id = atoi( controlid.c_str() );
data/jdim-0.4.0/src/article/articleviewetc.cpp:625:17: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
show_refer( atol( m_str_num.c_str() ) );
data/jdim-0.4.0/src/article/articleviewetc.cpp:756:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_num = atoi( url.substr( url.find( POSTLOG_SIGN ) + strlen( POSTLOG_SIGN ) ).c_str() );
data/jdim-0.4.0/src/article/articleviewetc.cpp:793:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int id = atoi( controlid.c_str() );
data/jdim-0.4.0/src/article/articleviewpopup.h:127:25: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
show_refer( atol( m_str_num.c_str() ) );
data/jdim-0.4.0/src/article/articleviewsearch.cpp:444:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int id = atoi( controlid.c_str() );
data/jdim-0.4.0/src/article/drawareabase.cpp:3204:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy( layout->node->text, tmp_str.c_str(), tmp_str.size() + 1 );
data/jdim-0.4.0/src/article/preference.cpp:233:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi( num_str.c_str() );
data/jdim-0.4.0/src/article/preference.cpp:237:102: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( pos != std::string::npos ) number_end = MIN( (int)vec_abone_res.size(), MAX( number, atoi( num_str.substr( pos + 1 ).c_str() ) ) );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:1666:69: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void BBSListViewBase::check_update_dir( const bool root, const bool open )
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:1698:133: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( type == TYPE_THREAD || type == TYPE_THREAD_UPDATE ) CORE::get_checkupdate_manager()->push_back( DBTREE::url_dat( url ), open );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:1700:85: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CORE::get_checkupdate_manager()->push_back( DBTREE::url_subject( url ), open );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:2007:61: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void BBSListViewBase::checkupdate_selected_rows( const bool open )
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:2019:133: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( type == TYPE_THREAD || type == TYPE_THREAD_UPDATE ) CORE::get_checkupdate_manager()->push_back( DBTREE::url_dat( url ), open );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:2021:85: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CORE::get_checkupdate_manager()->push_back( DBTREE::url_subject( url ), open );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:2287:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int y = atoi( root->getAttribute( "y" ).c_str() );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.cpp:2830:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int id = atoi( controlid.c_str() );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.h:270:60: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void check_update_dir( const bool root, const bool open );
data/jdim-0.4.0/src/bbslist/bbslistviewbase.h:319:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void checkupdate_selected_rows( const bool open );
data/jdim-0.4.0/src/board/boardviewbase.cpp:2734:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int id = atoi( controlid.c_str() );
data/jdim-0.4.0/src/board/boardviewsidebar.cpp:30:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_dirid = atoi( url.substr( url.find( SIDEBAR_SIGN ) + strlen( SIDEBAR_SIGN ) ).c_str() );
data/jdim-0.4.0/src/board/preference.cpp:482:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
DBTREE::board_set_local_proxy_port( get_url(), atoi( m_proxy_frame.entry_port.get_text().c_str() ) );
data/jdim-0.4.0/src/board/preference.cpp:490:54: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
DBTREE::board_set_local_proxy_port_w( get_url(), atoi( m_proxy_frame_w.entry_port.get_text().c_str() ) );
data/jdim-0.4.0/src/browsers.cpp:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char browsers[ BROWSER_NUM ][ 2 ][ MAX_TEXT ]={
data/jdim-0.4.0/src/cache.cpp:675:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open( to_locale_cstr( path ) );
data/jdim-0.4.0/src/cache.cpp:689:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open( to_locale_cstr( path ), std::ios::binary );
data/jdim-0.4.0/src/cache.cpp:715:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout.open( to_locale_cstr( path ), fmode );
data/jdim-0.4.0/src/cache.cpp:1181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_path[ PATH_MAX + 1 ];
data/jdim-0.4.0/src/config/aboutconfigdiag.cpp:71:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( m_value ) *m_value = atoi( m_entry.get_text().c_str() );
data/jdim-0.4.0/src/control/controlutil.cpp:314:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[ 2 ];
data/jdim-0.4.0/src/control/keysyms.h:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[ MAX_KEYNAME ];
data/jdim-0.4.0/src/control/mouseconfig.cpp:92:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const guint motion = atoi( str_motion.c_str() );
data/jdim-0.4.0/src/core.cpp:3199:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CORE::get_usrcmd_manager()->exec( atoi( command.arg1.c_str() ), // コマンド番号
data/jdim-0.4.0/src/core.cpp:3203:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi( command.arg4.c_str() ) // レス番号
data/jdim-0.4.0/src/core.cpp:4314:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Core::check_update( const bool open )
data/jdim-0.4.0/src/core.cpp:4335:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ! open ) BBSLIST::get_admin()->set_command( "check_update_root", SESSION::get_sidebar_current_url() );
data/jdim-0.4.0/src/core.h:244:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void check_update( const bool open );
data/jdim-0.4.0/src/dbimg/img.cpp:289:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fout = fopen( to_locale_cstr( path ), "wb" );
data/jdim-0.4.0/src/dbimg/img.cpp:387:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[ size ];
data/jdim-0.4.0/src/dbimg/img.cpp:790:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) set_code( atoi( str_tmp.c_str() ) );
data/jdim-0.4.0/src/dbimg/img.cpp:797:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) set_total_length( atoi( str_tmp.c_str() ) );
data/jdim-0.4.0/src/dbimg/img.cpp:801:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_mosaic = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbimg/img.cpp:805:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_type = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbimg/img.cpp:809:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_width = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbimg/img.cpp:813:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_height = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/article2chcompati.cpp:30:50: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( i != std::string::npos ) set_since_time( atol( ckey ) );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1843:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_access_time.tv_sec = ( atoi( ( *(it_tmp++) ).c_str() ) << 16 ) + atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1843:84: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_access_time.tv_sec = ( atoi( ( *(it_tmp++) ).c_str() ) << 16 ) + atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1844:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_access_time.tv_usec = atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1854:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_write_time.tv_sec = ( atoi( ( *(it_tmp++) ).c_str() ) << 16 ) + atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1854:83: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_write_time.tv_sec = ( atoi( ( *(it_tmp++) ).c_str() ) << 16 ) + atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1855:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_write_time.tv_usec = atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1870:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_write_fixname = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1875:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_write_fixmail = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1880:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_status = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1913:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_abone_transparent = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1918:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_abone_chain = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1936:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_bookmarked_thread = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1953:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_abone_age = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1961:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_check_update_time.tv_sec = ( atoi( ( *(it_tmp++) ).c_str() ) << 16 ) + atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1961:90: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_check_update_time.tv_sec = ( atoi( ( *(it_tmp++) ).c_str() ) << 16 ) + atoi( ( *(it_tmp++) ).c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1968:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_abone_board = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:1973:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_abone_global = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/dbtree/articlehash.cpp:47:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const size_t hash = atoi( id.c_str() ) & ( HASH_TBLSIZE -1 );
data/jdim-0.4.0/src/dbtree/articlejbbs.cpp:26:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_since_time( atol( get_key().c_str() ) );
data/jdim-0.4.0/src/dbtree/articlemachi.cpp:29:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_since_time( atol( get_key().c_str() ) );
data/jdim-0.4.0/src/dbtree/board2chcompati.cpp:334:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const auto num = std::atoi( str_num.c_str() );
data/jdim-0.4.0/src/dbtree/boardbase.cpp:626:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_from = atoi( regex.str( 4 ).c_str() );
data/jdim-0.4.0/src/dbtree/boardbase.cpp:627:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_to = atoi( regex.str( 6 ).c_str() );
data/jdim-0.4.0/src/dbtree/boardjbbs.cpp:217:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const auto num = std::atoi( str_num.c_str() );
data/jdim-0.4.0/src/dbtree/boardmachi.cpp:146:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_from = atoi( regex.str( 5 ).c_str() );
data/jdim-0.4.0/src/dbtree/boardmachi.cpp:150:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_to = atoi( regex.str( 7 ).c_str() );
data/jdim-0.4.0/src/dbtree/boardmachi.cpp:277:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const auto num = std::atoi( str_num.c_str() );
data/jdim-0.4.0/src/dbtree/nodetree2ch.cpp:145:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int id = atoi( regex.str( 3 ).c_str() + 1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:308:40: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num_from = MAX( 1, atol( ( *it_pl ).c_str() ) );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:314:88: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ( i = ( *it_pl ).find( "-" ) ) != std::string::npos ) num_to = atol( ( *it_pl ).substr( i +1 ).c_str() );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:905:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink, link, n_link );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:928:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpnode->linkinfo->ancinfo, ancinfo, sizeof( ANCINFO ) * lng_ancinfo );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:945:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink, link, n_link );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:983:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpthumb, thumb, n_thumb );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1017:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpnode->text, text, n ); tmpnode->text[ n ] = '\0';
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1130:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_resume_head, data, length_chk );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1216:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_fout = fopen( to_locale_cstr( path_cache ), "ab" );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1723:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[256];
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1725:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmp_str, str + pos, pos_end - pos );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1743:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( header->headinfo->name, str, lng );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1753:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( header->headinfo->name, str_tmp.c_str(), str_tmp.length() );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmplink[ LNG_LINK ];
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1804:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpid[ LNG_ID ];
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1853:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpid, str + start_block, lng_id_tmp );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1857:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink, PROTO_ID, sizeof( PROTO_ID ) );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1858:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink + sizeof( PROTO_ID ) - 1, tmpid, lng_id_tmp + 1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1895:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpid, str + start_block + strlen_of_BE, lng_id_tmp );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1899:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink, PROTO_BE, sizeof( PROTO_BE ) );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1900:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink + sizeof( PROTO_BE ) -1, tmpid, lng_id_tmp + 1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2052:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_char[kMaxBytesOfUTF8Char]{}; // FIXME: std::stringを受け付けるdecode_char()を作る
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2211:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpstr[ LNG_LINK +16 ]; // 画面に表示する文字列
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2212:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmplink[ LNG_LINK +16 ]; // 編集したリンク文字列
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2226:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmplink, PROTO_ANCHORE, strlen( PROTO_ANCHORE ) );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2262:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpreplace[ LNG_LINK +16 ]; // Urlreplaceで変換した後のリンク文字列
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2275:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpreplace, tmplink, lng_replace +1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2283:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpreplace, tmplink, lng_replace +1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2287:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpreplace, tmpurl.c_str(), lng_replace +1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2305:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( tmpstr, pos, n_in );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2346:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_char[kMaxBytesOfUTF8Char]{};
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2523:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[kMaxBytesOfUTF8Char]{};
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_out[ 64 ];
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2629:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( str_out, tmp_out, lng_out );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2630:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( str_out + lng_out, pos, n );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2649:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( str_out + lng_out, pos, n2 );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2679:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( str_out + lng_out, pos, offset + n );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2724:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/jdim-0.4.0/src/dbtree/nodetreebase.h:59:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_resume_head[ RESUME_CHKSIZE ];
data/jdim-0.4.0/src/dbtree/nodetreejbbs.cpp:173:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number_str[ 64 ];
data/jdim-0.4.0/src/dbtree/nodetreejbbs.cpp:175:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( number_str, lines + pos_sec[ 0 ], MIN( lng_sec[ 0 ], 64 -1 ) );
data/jdim-0.4.0/src/dbtree/nodetreejbbs.cpp:176:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number_in = atoi( number_str );
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:184:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num_tmp[ 8 ];
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:185:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( num_tmp, line.c_str() + strlen( "<dt>" ), 5 );
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:187:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi( num_tmp ) <= id_header() ) continue;
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:286:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi( m_regex->str( 1 ).c_str() );
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:307:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi( m_regex->str( 1 ).c_str() );
data/jdim-0.4.0/src/dbtree/spchar_tbl.h:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ 256 ];
data/jdim-0.4.0/src/history/historymanager.cpp:237:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int top = atoi( subdir->getAttribute( "top" ).c_str() );
data/jdim-0.4.0/src/history/historymanager.cpp:238:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int cur = atoi( subdir->getAttribute( "cur" ).c_str() );
data/jdim-0.4.0/src/history/historymanager.cpp:239:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int end = atoi( subdir->getAttribute( "end" ).c_str() );
data/jdim-0.4.0/src/iomonitor.cpp:106:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( m_fifo_fd = open( m_fifo_file.c_str(), O_WRONLY | O_NONBLOCK ) ) == -1 )
data/jdim-0.4.0/src/iomonitor.cpp:135:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ( m_fifo_fd = open( m_fifo_file.c_str(), O_RDWR | O_NONBLOCK ) ) == -1 )
data/jdim-0.4.0/src/iomonitor.cpp:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[ COMMAND_MAX_LENGTH ];
data/jdim-0.4.0/src/jdlib/confloader.cpp:189:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val_int = atoi( val_str.c_str() );
data/jdim-0.4.0/src/jdlib/imgloader.cpp:126:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( to_locale_cstr( m_file ), "rb" );
data/jdim-0.4.0/src/jdlib/jdiconv.cpp:100:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_buf_in, m_buf_in_tmp, m_byte_left_in );
data/jdim-0.4.0/src/jdlib/jdiconv.cpp:102:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_buf_in + m_byte_left_in , str_in, size_in );
data/jdim-0.4.0/src/jdlib/jdiconv.cpp:130:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_tmp[256];
data/jdim-0.4.0/src/jdlib/jdiconv.cpp:208:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf_out, ucs2_str.c_str(), ucs2_str.size() ); buf_out += ucs2_str.size();
data/jdim-0.4.0/src/jdlib/loader.cpp:445:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_data.port = atoi( m_data.host.substr( i+1 ).c_str() );
data/jdim-0.4.0/src/jdlib/loader.cpp:626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rbuf[256];
data/jdim-0.4.0/src/jdlib/loader.cpp:1260:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( i == std::string::npos ) m_data.code = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/jdlib/loader.cpp:1261:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else m_data.code = atoi( str_tmp.substr( 0, i ).c_str() );
data/jdim-0.4.0/src/jdlib/loader.cpp:1271:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! str_tmp.empty() ) m_data.length = atoi( str_tmp.c_str() );
data/jdim-0.4.0/src/jdlib/loader.cpp:1538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_buf_zlib_in + m_zstream.avail_in , buf, read_size );
data/jdim-0.4.0/src/jdlib/loader.h:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_str_sizepart[ 64 ]; // サイズ部のバッファ。64byte以下と仮定(超えるとエラー)
data/jdim-0.4.0/src/jdlib/miscgtk.cpp:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_value[ CHAR_BUF ];
data/jdim-0.4.0/src/jdlib/miscmsg.cpp:32:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 256 ];
data/jdim-0.4.0/src/jdlib/misctime.cpp:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char month[4];
data/jdim-0.4.0/src/jdlib/misctime.cpp:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzone[4];
data/jdim-0.4.0/src/jdlib/misctrip.cpp:117:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_binary[17] = { 0 };
data/jdim-0.4.0/src/jdlib/miscutil.cpp:860:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_char[ bufsize ];
data/jdim-0.4.0/src/jdlib/miscutil.cpp:897:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_char[ bufsize ];
data/jdim-0.4.0/src/jdlib/miscutil.cpp:991:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char s_url_char[ 128 ] = {
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1044:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[3] = { url[ a + 1 ], url[ a + 2 ], '\0' };
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1045:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[3] = { '\0', '\0', '\0' };
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1089:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_tmp[ tmplng ];
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1171:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[ 4 ];
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_num[ 16 ];
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( str_num, in_char + offset, lng );
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1384:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( offset == 2 ) num = atoi( str_num );
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1412:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_char[ 64 ];
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1445:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else if( ( ( unsigned char ) utfstr[ 0 ] & 0xf0 ) == 0xe0 ){
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1452:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else if( ( ( unsigned char ) utfstr[ 0 ] & 0x80 ) == 0 ){ // ascii
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1457:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else if( ( ( unsigned char ) utfstr[ 0 ] & 0xe0 ) == 0xc0 ){
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1463:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
else if( ( ( unsigned char ) utfstr[ 0 ] & 0xf8 ) == 0xf0 ){
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1545:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char Win[size][4] = {
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1551:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char Unix[size][4] = {
data/jdim-0.4.0/src/login2ch.cpp:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_rawdata + m_lng_rawdata , data, size );
data/jdim-0.4.0/src/loginbe.cpp:148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_rawdata + m_lng_rawdata , data, size );
data/jdim-0.4.0/src/main.cpp:403:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! regex.str( 2 ).empty() ) init_w = atoi( regex.str( 2 ).c_str() );
data/jdim-0.4.0/src/main.cpp:404:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! regex.str( 3 ).empty() ) init_h = atoi( regex.str( 3 ).c_str() );
data/jdim-0.4.0/src/main.cpp:405:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! regex.str( 4 ).empty() ) init_x = atoi( regex.str( 4 ).c_str() );
data/jdim-0.4.0/src/main.cpp:406:61: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( ! regex.str( 5 ).empty() ) init_y = atoi( regex.str( 5 ).c_str() );
data/jdim-0.4.0/src/message/logitem.h:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[ LOGITEM_SIZE_HEAD ];
data/jdim-0.4.0/src/message/logmanager.cpp:400:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int tmpno = atoi( target.substr( path.length() ).c_str() );
data/jdim-0.4.0/src/message/post.cpp:351:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time_t sec = atoi( regex.str( 2 ).c_str() );
data/jdim-0.4.0/src/proxypref.h:77:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CONFIG::set_proxy_port_for2ch( atoi( m_frame_2ch.entry_port.get_text().c_str() ) );
data/jdim-0.4.0/src/proxypref.h:83:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CONFIG::set_proxy_port_for2ch_w( atoi( m_frame_2ch_w.entry_port.get_text().c_str() ) );
data/jdim-0.4.0/src/proxypref.h:89:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CONFIG::set_proxy_port_for_data( atoi( m_frame_data.entry_port.get_text().c_str() ) );
data/jdim-0.4.0/src/searchmanager.cpp:272:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.num = std::atoi( regex.str( 3 ).c_str() ); // マッチしていなければ 0 になる
data/jdim-0.4.0/src/skeleton/admin.cpp:603:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_current_page( atoi( command.arg1.c_str() ) );
data/jdim-0.4.0/src/skeleton/admin.cpp:759:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
back_viewhistory( command.url, atoi( command.arg1.c_str() ) );
data/jdim-0.4.0/src/skeleton/admin.cpp:764:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
forward_viewhistory( command.url, atoi( command.arg1.c_str() ) );
data/jdim-0.4.0/src/skeleton/admin.cpp:777:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int sec = atoi( command.arg2.c_str() );
data/jdim-0.4.0/src/skeleton/admin.cpp:1103:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if( open_method.find( "page" ) == 0 ) openpage = atoi( open_method.c_str() + 4 );
data/jdim-0.4.0/src/skeleton/admin.cpp:2430:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Admin::check_update_all_tabs( const bool open )
data/jdim-0.4.0/src/skeleton/admin.cpp:2432:60: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
check_update_all_tabs( m_notebook->get_current_page(), open );
data/jdim-0.4.0/src/skeleton/admin.cpp:2439:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Admin::check_update_all_tabs( const int from_page, const bool open )
data/jdim-0.4.0/src/skeleton/admin.cpp:2452:114: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( view && view->get_enable_autoreload() ) CORE::get_checkupdate_manager()->push_back( view->get_url(), open );
data/jdim-0.4.0/src/skeleton/admin.cpp:2458:114: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( view && view->get_enable_autoreload() ) CORE::get_checkupdate_manager()->push_back( view->get_url(), open );
data/jdim-0.4.0/src/skeleton/admin.h:263:48: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void check_update_all_tabs( const bool open );
data/jdim-0.4.0/src/skeleton/admin.h:264:69: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void check_update_all_tabs( const int from_page, const bool open );
data/jdim-0.4.0/src/skeleton/dragtreeview.cpp:582:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int rownum = atoi( path_str.c_str() );
data/jdim-0.4.0/src/skeleton/dragtreeview.cpp:588:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rownum = atoi( path_str.c_str() );
data/jdim-0.4.0/src/sound/playsound.cpp:114:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen( m_wavfile.c_str(), "rb" );
data/jdim-0.4.0/src/sound/playsound.h:24:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[ 4 ]; // = "RIFF"
data/jdim-0.4.0/src/sound/playsound.h:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[ 8 ]; // "WAVEfmt "
data/jdim-0.4.0/src/sound/playsound.h:44:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[ 4 ]; // = "data"
data/jdim-0.4.0/src/updatemanager.cpp:91:73: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void CheckUpdate_Manager::push_back( const std::string& url, const bool open )
data/jdim-0.4.0/src/updatemanager.cpp:97:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
<< " open = " << open
data/jdim-0.4.0/src/updatemanager.cpp:129:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( open ) m_list_open.push_back( url );
data/jdim-0.4.0/src/updatemanager.h:47:60: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void push_back( const std::string& url, const bool open );
data/jdim-0.4.0/src/xml/dom.cpp:497:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
row[ columns.m_dirid ] = atoi( child->getAttribute( "dirid" ).c_str() );
data/jdim-0.4.0/src/article/articleviewbase.cpp:1601:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ! id_str.empty() ) html += " " + id_str.substr( strlen( PROTO_ID ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:1697:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::string raw_id = id_name.substr( strlen( PROTO_ID ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2234:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
args.arg1 = url.substr( strlen( PROTO_ANCHORE) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2248:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
args.arg1 = url.substr( strlen( PROTO_RES ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2274:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string url_tmp = url.substr( strlen( PROTO_OR ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2279:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
args.arg1 = url_tmp.substr( i + strlen( KEYWORD_SIGN ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2290:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::string url_tmp = url.substr( strlen( PROTO_BM ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2477:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( sssp ) url = url.substr( strlen( PROTO_SSSP ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2578:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CORE::core_set_command( "open_article_postlog" ,"", url.substr( strlen( PROTO_POSTLOG ) ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2591:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< url.substr( strlen( PROTO_BE ) )
data/jdim-0.4.0/src/article/articleviewbase.cpp:2612:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_jump_to = url.substr( strlen( PROTO_ANCHORE ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2673:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::string url_tmp = url.substr( strlen( PROTO_OR ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2678:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::string query = url_tmp.substr( i + strlen( KEYWORD_SIGN ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:2687:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const std::string url_tmp = url.substr( strlen( PROTO_BM ) );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3008:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_url_tmp = DBTREE::url_readcgi( m_url_article, atoi( url.substr( strlen( PROTO_RES ) ).c_str() ), 0 );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3013:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_url_tmp = DBTREE::url_readcgi( m_url_article, atoi( url.substr( strlen( PROTO_ANCHORE ) ).c_str() ), 0 );
data/jdim-0.4.0/src/article/articleviewbase.cpp:3693:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string id = m_id_name.substr( strlen( PROTO_ID ) );
data/jdim-0.4.0/src/article/articleviewetc.cpp:26:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int pos0 = url.find( RES_SIGN ) + strlen( RES_SIGN );
data/jdim-0.4.0/src/article/articleviewetc.cpp:30:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_str_center = url.substr( pos1 + strlen( CENTER_SIGN ) );
data/jdim-0.4.0/src/article/articleviewetc.cpp:112:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, m_str_name{ url.substr( url.find( NAME_SIGN ) + strlen( NAME_SIGN ) ) }
data/jdim-0.4.0/src/article/articleviewetc.cpp:193:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, m_str_id{ url.substr( url.find( ID_SIGN ) + strlen( ID_SIGN ) ) }
data/jdim-0.4.0/src/article/articleviewetc.cpp:203:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
set_label( " [ " + m_str_id.substr( strlen( PROTO_ID ) ) + " ] - " + DBTREE::article_subject( url_article() ));
data/jdim-0.4.0/src/article/articleviewetc.cpp:585:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
, m_str_num{ url.substr( url.find( REFER_SIGN ) + strlen( REFER_SIGN ) ) }
data/jdim-0.4.0/src/article/articleviewetc.cpp:666:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int pos0 = url.find( KEYWORD_SIGN ) + strlen( KEYWORD_SIGN );
data/jdim-0.4.0/src/article/articleviewetc.cpp:670:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_mode_or = ( url.substr( pos1 + strlen( ORMODE_SIGN ) ) == "1" );
data/jdim-0.4.0/src/article/articleviewetc.cpp:756:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_num = atoi( url.substr( url.find( POSTLOG_SIGN ) + strlen( POSTLOG_SIGN ) ).c_str() );
data/jdim-0.4.0/src/article/drawareabase.cpp:1432:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ! layout->lng_text ) layout->lng_text = strlen( layout->text );
data/jdim-0.4.0/src/article/drawareabase.cpp:2699:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( byte_to == 0 ) byte_to = strlen( layout->text );
data/jdim-0.4.0/src/article/drawareabase.cpp:2825:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( byte_to != strlen( layout->text ) ) draw_string( layout, ci, color_text, color_back, byte_to, strlen( layout->text ) );
data/jdim-0.4.0/src/article/drawareabase.cpp:2825:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( byte_to != strlen( layout->text ) ) draw_string( layout, ci, color_text, color_back, byte_to, strlen( layout->text ) );
data/jdim-0.4.0/src/article/drawareabase.cpp:3869:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t lng = strlen( tmplayout->text );
data/jdim-0.4.0/src/article/drawareabase.cpp:4722:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy_to = strlen( tmplayout->text );
data/jdim-0.4.0/src/board/boardviewsidebar.cpp:30:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_dirid = atoi( url.substr( url.find( SIDEBAR_SIGN ) + strlen( SIDEBAR_SIGN ) ).c_str() );
data/jdim-0.4.0/src/cache.cpp:303:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( url.c_str()[ 0 ] == 'f' && url.c_str()[ 1 ] == 'i' ) return url.substr( strlen( "file://" ) );
data/jdim-0.4.0/src/cache.cpp:691:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read( data, n );
data/jdim-0.4.0/src/control/controlutil.cpp:369:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label.replace( pos, strlen( "..." ), "(_S)..." );
data/jdim-0.4.0/src/control/controlutil.cpp:373:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label.replace( pos, strlen( "..." ), "(_F)..." );
data/jdim-0.4.0/src/control/controlutil.cpp:377:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label.replace( pos, strlen( "..." ), "(_U)..." );
data/jdim-0.4.0/src/control/controlutil.cpp:382:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label.replace( pos, strlen( "..." ), "(_P)..." );
data/jdim-0.4.0/src/control/controlutil.cpp:386:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label.replace( pos, strlen( "..." ), "(_O)..." );
data/jdim-0.4.0/src/control/controlutil.cpp:390:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
label.replace( pos, strlen( "..." ), "(_M)..." );
data/jdim-0.4.0/src/control/mousekeyitem.h:58:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
int equal( const std::string& str_motion )
data/jdim-0.4.0/src/control/mousekeyitem.h:73:41: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( mode == m_mode ) return equal( str_motion );
data/jdim-0.4.0/src/cssmanager.cpp:656:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lng = strlen( text );
data/jdim-0.4.0/src/cssmanager.cpp:665:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( tmpdom->chardat, text, lng + 1 );
data/jdim-0.4.0/src/dbtree/articlebase.cpp:51:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int n = strlen( targetname ); \
data/jdim-0.4.0/src/dbtree/articlebase.cpp:125:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool ArticleBase::equal( const std::string& datbase, const std::string& id )
data/jdim-0.4.0/src/dbtree/articlebase.cpp:728:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string id_tmp = id.substr( strlen( PROTO_ID ) );
data/jdim-0.4.0/src/dbtree/articlebase.h:130:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal( const std::string& datbase, const std::string& id );
data/jdim-0.4.0/src/dbtree/articlehash.cpp:78:61: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for( ; it != m_table[ hash ].end(); ++it ) if( ( *it )->equal( datbase, id ) ) return *it;
data/jdim-0.4.0/src/dbtree/articlelocal.cpp:33:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool ArticleLocal::equal( const std::string& datbase, const std::string& id )
data/jdim-0.4.0/src/dbtree/articlelocal.h:22:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal( const std::string& datbase, const std::string& id ) override;
data/jdim-0.4.0/src/dbtree/boardbase.cpp:128:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool BoardBase::equal( const std::string& url )
data/jdim-0.4.0/src/dbtree/boardbase.cpp:1745:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string id_tmp = id.substr( strlen( PROTO_ID ) );
data/jdim-0.4.0/src/dbtree/boardbase.h:285:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal( const std::string& url );
data/jdim-0.4.0/src/dbtree/boardlocal.cpp:33:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool BoardLocal::equal( const std::string& url )
data/jdim-0.4.0/src/dbtree/boardlocal.h:22:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal( const std::string& url ) override;
data/jdim-0.4.0/src/dbtree/boardmachi.cpp:44:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool BoardMachi::equal( const std::string& url )
data/jdim-0.4.0/src/dbtree/boardmachi.h:22:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal( const std::string& url ) override;
data/jdim-0.4.0/src/dbtree/nodetree2chcompati.cpp:142:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return m_iconv->convert( rawlines, strlen( rawlines ), byte );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:999:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return create_node_ntext( text, strlen( text ), color_text, bold, fontid );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1435:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lng = strlen( rawlines );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1446:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length_chk = MIN( lng, MIN( (RESUME_CHKSIZE - 1), strlen( m_resume_head ) ) );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1592:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
create_node_link( str_broken, strlen( str_broken ) , PROTO_BROKEN, strlen( PROTO_BROKEN ), COLOR_CHAR_LINK, false );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1592:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
create_node_link( str_broken, strlen( str_broken ) , PROTO_BROKEN, strlen( PROTO_BROKEN ), COLOR_CHAR_LINK, false );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1676:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
create_node_link( namestr, strlen( namestr ) , PROTO_NAME, strlen( PROTO_NAME ), COLOR_CHAR, false, FONT_MAIL );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1676:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
create_node_link( namestr, strlen( namestr ) , PROTO_NAME, strlen( PROTO_NAME ), COLOR_CHAR, false, FONT_MAIL );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1859:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_link_tmp = strlen( tmplink );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:1903:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
create_node_link( "?", 1, tmplink, strlen( tmplink ), COLOR_CHAR, false, FONT_MAIL );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2213:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lng_str = 0, lng_link = strlen( PROTO_ANCHORE );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2226:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( tmplink, PROTO_ANCHORE, strlen( PROTO_ANCHORE ) );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2227:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_str += strlen( tmpstr ) - lng_str;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2228:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_link += strlen( tmplink ) - lng_link;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2239:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_str += strlen( tmpstr ) - lng_str;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2240:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_link += strlen( tmplink ) - lng_link;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2268:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lng_link = convert_amp( tmplink, strlen( tmplink ) ); // & → &
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2820:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
<< "len = " << strlen( str_link ) << " lng_link = " << lng_link << " n_in = " << n_in << std::endl;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:2972:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int ln_protoid = strlen( PROTO_ID );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:3580:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( memcmp( p, "http", strlen( "http" ) ) != 0 ) return false;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:3581:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen( "http" );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:3583:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( memcmp( p, "://", strlen( "://" ) ) != 0 ) return false;
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:3584:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen( "://" );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:3589:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cs_len = strlen( *q );
data/jdim-0.4.0/src/dbtree/nodetreebase.cpp:3593:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove( p, p + cs_len, strlen( p + cs_len ) + 1 );
data/jdim-0.4.0/src/dbtree/nodetreebase.h:280:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
byte = strlen( rawlines );
data/jdim-0.4.0/src/dbtree/nodetreejbbs.cpp:136:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* lines = m_iconv->convert( rawlines, strlen( rawlines ), byte_lines );
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:185:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy( num_tmp, line.c_str() + strlen( "<dt>" ), 5 );
data/jdim-0.4.0/src/dbtree/nodetreemachi.cpp:258:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* str_lines = m_iconv->convert( rawlines, strlen( rawlines ), byte_lines );
data/jdim-0.4.0/src/dbtree/root.cpp:149:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
else if( m_get_board->equal( url ) ){
data/jdim-0.4.0/src/dbtree/root.cpp:189:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if( board->equal( url ) ){
data/jdim-0.4.0/src/dbtree/spchar_decoder.cpp:117:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n_in = strlen( ucstbl[ i ].str ) +1;
data/jdim-0.4.0/src/environment.cpp:127:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(git_date);
data/jdim-0.4.0/src/environment.cpp:147:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_length = strlen(git_hash);
data/jdim-0.4.0/src/environment.cpp:242:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( rc == ERROR_SUCCESS && strlen( regVal ) > 0 )
data/jdim-0.4.0/src/environment.cpp:264:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( rc == ERROR_SUCCESS && strlen( regVal ) > 0 )
data/jdim-0.4.0/src/environment.cpp:459:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
( strlen( machine ) != 4
data/jdim-0.4.0/src/iomonitor.cpp:229:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t command_length = strlen( command );
data/jdim-0.4.0/src/iomonitor.cpp:270:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Glib::IOStatus io_status = m_iochannel->read( buffer, COMMAND_MAX_LENGTH );
data/jdim-0.4.0/src/jdlib/loader.cpp:587:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t send_size = strlen( msg_send.data() );
data/jdim-0.4.0/src/jdlib/loader.cpp:806:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t send_size = strlen( msg_send.data() );
data/jdim-0.4.0/src/jdlib/loader.cpp:860:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( ssl->write( msg_send.data(), strlen( msg_send.data() ) ) < 0 ){
data/jdim-0.4.0/src/jdlib/loader.cpp:922:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmpsize = ssl->read( m_buf + read_size, m_lng_buf - read_size - mrg );
data/jdim-0.4.0/src/jdlib/misccharcode.cpp:48:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t input_length = strlen( input );
data/jdim-0.4.0/src/jdlib/misccharcode.cpp:96:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t input_length = strlen( input );
data/jdim-0.4.0/src/jdlib/misccharcode.cpp:139:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t input_length = strlen( input );
data/jdim-0.4.0/src/jdlib/misccharcode.cpp:197:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t input_length = strlen( input );
data/jdim-0.4.0/src/jdlib/misctime.cpp:73:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
rc = sscanf(date.c_str(), "%*3s, %2d %3s %4d %2d:%2d:%2d %3s",
data/jdim-0.4.0/src/jdlib/miscutil.cpp:626:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t chr_in_length = strlen( chr_in );
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1642:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( path.find( "http://" ) == 0 ) lng = strlen( "http://" );
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1643:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if( path.find( "https://" ) == 0 ) lng = strlen( "https://" );
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1644:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if( path.find( "ftp://" ) == 0 ) lng = strlen( "ftp://" );
data/jdim-0.4.0/src/jdlib/miscutil.cpp:1697:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( env.data(), getenv( name ), size );
data/jdim-0.4.0/src/jdlib/ssl.cpp:82:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = gnutls_server_name_set( m_session, GNUTLS_NAME_DNS, host, strlen( host ) );
data/jdim-0.4.0/src/jdlib/ssl.cpp:112:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gnutls_server_name_set( m_session, GNUTLS_NAME_DNS, host, strlen( host ) );
data/jdim-0.4.0/src/jdlib/ssl.cpp:191:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int JDSSL::read( char* buf, const size_t bufsize )
data/jdim-0.4.0/src/jdlib/ssl.cpp:324:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int JDSSL::read( char* buf, const size_t bufsize )
data/jdim-0.4.0/src/jdlib/ssl.h:57:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read( char* buf, const size_t bufsize );
data/jdim-0.4.0/src/login2ch.cpp:178:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sid = sid.substr( strlen( "SESSION-ID=" ) );
data/jdim-0.4.0/src/main.cpp:324:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen( argv[ i ] ) > MAX_SAFE_ARGV )
data/jdim-0.4.0/src/message/messageviewbase.cpp:1009:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string str_enc = m_iconv->convert( (char*)msgc, strlen( msgc ), byte_out );
data/jdim-0.4.0/src/skeleton/login.cpp:63:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string path = CACHE::path_passwd( get_url().substr( strlen( "jdlogin://" ) ) );
data/jdim-0.4.0/src/skeleton/login.cpp:85:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::string path = CACHE::path_passwd( get_url().substr( strlen( "jdlogin://" ) ) );
ANALYSIS SUMMARY:
Hits = 348
Lines analyzed = 123341 in approximately 2.58 seconds (47780 lines/second)
Physical Source Lines of Code (SLOC) = 76934
Hits@level = [0] 20 [1] 122 [2] 212 [3] 6 [4] 4 [5] 4
Hits@level+ = [0+] 368 [1+] 348 [2+] 226 [3+] 14 [4+] 8 [5+] 4
Hits/KSLOC@level+ = [0+] 4.78332 [1+] 4.52336 [2+] 2.93758 [3+] 0.181974 [4+] 0.103985 [5+] 0.0519926
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.