Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jikespg-1.3/src/c370.h
Examining data/jikespg-1.3/src/common.h
Examining data/jikespg-1.3/src/globals.c
Examining data/jikespg-1.3/src/header.h
Examining data/jikespg-1.3/src/lpgact.h
Examining data/jikespg-1.3/src/lpgdcl.h
Examining data/jikespg-1.3/src/lpgdef.h
Examining data/jikespg-1.3/src/lpgparse.h
Examining data/jikespg-1.3/src/lpgprs.h
Examining data/jikespg-1.3/src/lpgsym.h
Examining data/jikespg-1.3/src/lpgutil.c
Examining data/jikespg-1.3/src/main.c
Examining data/jikespg-1.3/src/mkfirst.c
Examining data/jikespg-1.3/src/mkred.c
Examining data/jikespg-1.3/src/mkstates.c
Examining data/jikespg-1.3/src/partset.c
Examining data/jikespg-1.3/src/prntstat.c
Examining data/jikespg-1.3/src/produce.c
Examining data/jikespg-1.3/src/ptables.c
Examining data/jikespg-1.3/src/reduce.h
Examining data/jikespg-1.3/src/remsp.c
Examining data/jikespg-1.3/src/resolve.c
Examining data/jikespg-1.3/src/space.h
Examining data/jikespg-1.3/src/spacetab.c
Examining data/jikespg-1.3/src/tabutil.c
Examining data/jikespg-1.3/src/timetab.c
Examining data/jikespg-1.3/src/ctabs.c
Examining data/jikespg-1.3/src/lpgparse.c
FINAL RESULTS:
data/jikespg-1.3/src/ctabs.c:648:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok, RETRIEVE_NAME(i));
data/jikespg-1.3/src/ctabs.c:765:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok, RETRIEVE_NAME(i));
data/jikespg-1.3/src/ctabs.c:1609:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, sym_tag);
data/jikespg-1.3/src/ctabs.c:1626:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "Escaped symbol %s is an invalid C variable.\n",tok);
data/jikespg-1.3/src/ctabs.c:1631:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, "%s may be an invalid variable name.\n", tok);
data/jikespg-1.3/src/ctabs.c:1635:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(line, " %s%s%s = %i,\n\0",
data/jikespg-1.3/src/lpgparse.c:87:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:575:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:615:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line, "\"%s\" is an invalid option", temp);
data/jikespg-1.3/src/lpgparse.c:628:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:681:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(act_file, temp);
data/jikespg-1.3/src/lpgparse.c:684:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blockb, temp);
data/jikespg-1.3/src/lpgparse.c:686:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(blocke, temp);
data/jikespg-1.3/src/lpgparse.c:693:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:749:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:792:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hact_file, temp);
data/jikespg-1.3/src/lpgparse.c:795:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hblockb, temp);
data/jikespg-1.3/src/lpgparse.c:797:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hblocke, temp);
data/jikespg-1.3/src/lpgparse.c:806:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:821:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:840:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:855:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:874:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:881:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:910:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:917:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(prefix,temp);
data/jikespg-1.3/src/lpgparse.c:935:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:951:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:958:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix,temp);
data/jikespg-1.3/src/lpgparse.c:971:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:989:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:999:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1023:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1036:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1051:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line, "\"%s\" is an invalid option", token);
data/jikespg-1.3/src/lpgparse.c:1088:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old_parm, parm); /* Save new options passed to program */
data/jikespg-1.3/src/lpgparse.c:1119:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parm, p2 + strlen(ooptions));
data/jikespg-1.3/src/lpgparse.c:1138:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:1150:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parm, old_parm);
data/jikespg-1.3/src/lpgparse.c:1160:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pn,file_prefix);
data/jikespg-1.3/src/lpgparse.c:1165:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sn,file_prefix);
data/jikespg-1.3/src/lpgparse.c:1170:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(an,file_prefix);
data/jikespg-1.3/src/lpgparse.c:1175:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(han,file_prefix);
data/jikespg-1.3/src/lpgparse.c:1178:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(act_file, "%s.%s.%s", an, at, am);
data/jikespg-1.3/src/lpgparse.c:1179:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hact_file, "%s.%s.%s", han, hat, ham);
data/jikespg-1.3/src/lpgparse.c:1180:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sym_file, "%s.%s.%s", sn, st, sm);
data/jikespg-1.3/src/lpgparse.c:1181:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(def_file, "%sDEF.%s.%s", file_prefix, (java_bit ? "JAVA" : "H"), sm);
data/jikespg-1.3/src/lpgparse.c:1182:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prs_file, "%s.%s.%s", pn, pt, pm);
data/jikespg-1.3/src/lpgparse.c:1183:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dcl_file, "%sDCL.%s.%s", file_prefix, (java_bit ? "JAVA" : "H"), sm);
data/jikespg-1.3/src/lpgparse.c:1187:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(act_file, "%sACT.%s", file_prefix, (java_bit ? "JAVA" : "H"));
data/jikespg-1.3/src/lpgparse.c:1189:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hact_file, "%sHDR.%s", file_prefix, (java_bit ? "JAVA" : "H"));
data/jikespg-1.3/src/lpgparse.c:1190:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sym_file, "%sSYM.%s", file_prefix, (java_bit ? "JAVA" : "H"));
data/jikespg-1.3/src/lpgparse.c:1191:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(def_file, "%sDEF.%s", file_prefix, (java_bit ? "JAVA" : "H"));
data/jikespg-1.3/src/lpgparse.c:1192:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prs_file, "%sPRS.%s", file_prefix, (java_bit ? "JAVA" : "H"));
data/jikespg-1.3/src/lpgparse.c:1193:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dcl_file, "%sDCL.%s", file_prefix, (java_bit ? "JAVA" : "H"));
data/jikespg-1.3/src/lpgparse.c:1196:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(act_file, "%sact.%s", file_prefix, (java_bit ? "java" : "h"));
data/jikespg-1.3/src/lpgparse.c:1198:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hact_file, "%shdr.%s", file_prefix, (java_bit ? "java" : "h"));
data/jikespg-1.3/src/lpgparse.c:1199:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sym_file, "%ssym.%s", file_prefix, (java_bit ? "java" : "h"));
data/jikespg-1.3/src/lpgparse.c:1200:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(def_file, "%sdef.%s", file_prefix, (java_bit ? "java" : "h"));
data/jikespg-1.3/src/lpgparse.c:1201:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(prs_file, "%sprs.%s", file_prefix, (java_bit ? "java" : "h"));
data/jikespg-1.3/src/lpgparse.c:1202:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dcl_file, "%sdcl.%s", file_prefix, (java_bit ? "java" : "h"));
data/jikespg-1.3/src/lpgparse.c:1232:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "ACTFILE-NAME=%s",an);
data/jikespg-1.3/src/lpgparse.c:1233:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "ACTFILE-TYPE=%s",at);
data/jikespg-1.3/src/lpgparse.c:1234:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "ACTFILE-MODE=%s",am);
data/jikespg-1.3/src/lpgparse.c:1236:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "ACTFILE-NAME=%s",act_file);
data/jikespg-1.3/src/lpgparse.c:1239:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "BLOCKB=%s",blockb);
data/jikespg-1.3/src/lpgparse.c:1241:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "BLOCKE=%s", blocke);
data/jikespg-1.3/src/lpgparse.c:1278:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "FILE-PREFIX=%s", file_prefix);
data/jikespg-1.3/src/lpgparse.c:1304:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "HACTFILE-NAME=%s", han);
data/jikespg-1.3/src/lpgparse.c:1305:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "HACTFILE-TYPE=%s", hat);
data/jikespg-1.3/src/lpgparse.c:1306:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "HACTFILE-MODE=%s", ham);
data/jikespg-1.3/src/lpgparse.c:1308:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "HACTFILE-NAME=%s", hact_file);
data/jikespg-1.3/src/lpgparse.c:1314:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "HBLOCKB=%s", hblockb);
data/jikespg-1.3/src/lpgparse.c:1316:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "HBLOCKE=%s", hblocke);
data/jikespg-1.3/src/lpgparse.c:1342:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "PREFIX=%s",prefix);
data/jikespg-1.3/src/lpgparse.c:1380:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(opt_string[++top], "SUFFIX=%s",suffix);
data/jikespg-1.3/src/lpgparse.c:1420:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output_line, opt_string[i]);
data/jikespg-1.3/src/lpgparse.c:1482:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1494:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1786:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:1833:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:1886:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:1931:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1962:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:2156:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:2214:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:2222:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:2229:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:2403:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:2424:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:2466:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:2510:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input_buffer, p1);
data/jikespg-1.3/src/lpgparse.c:2707:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:2800:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 12);
data/jikespg-1.3/src/lpgparse.c:2802:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", rule_no, temp1);
data/jikespg-1.3/src/lpgparse.c:2810:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 12);
data/jikespg-1.3/src/lpgparse.c:2812:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", num_symbols, temp1);
data/jikespg-1.3/src/lpgparse.c:2823:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 11);
data/jikespg-1.3/src/lpgparse.c:2825:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%s%s", grm_file, temp1);
data/jikespg-1.3/src/lpgparse.c:2827:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%s", grm_file);
data/jikespg-1.3/src/lpgparse.c:2841:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 10);
data/jikespg-1.3/src/lpgparse.c:2875:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp2, BLANK);
data/jikespg-1.3/src/lpgparse.c:2876:32: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp2, symbol);
data/jikespg-1.3/src/lpgparse.c:2887:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, temp2);
data/jikespg-1.3/src/lpgparse.c:2888:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, temp1);
data/jikespg-1.3/src/lpgparse.c:2895:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 10);
data/jikespg-1.3/src/lpgparse.c:2897:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", RHS_SIZE(rule_no), temp1);
data/jikespg-1.3/src/lpgparse.c:2905:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 10);
data/jikespg-1.3/src/lpgparse.c:2907:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", line_no + 1, temp1);
data/jikespg-1.3/src/lpgparse.c:2915:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 10);
data/jikespg-1.3/src/lpgparse.c:2917:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", num_rules, temp1);
data/jikespg-1.3/src/lpgparse.c:2928:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 13);
data/jikespg-1.3/src/lpgparse.c:2930:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", line_no, temp1);
data/jikespg-1.3/src/lpgparse.c:2941:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 14);
data/jikespg-1.3/src/lpgparse.c:2943:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", num_terminals, temp1);
data/jikespg-1.3/src/lpgparse.c:2954:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp1, text + k + 18);
data/jikespg-1.3/src/lpgparse.c:2956:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text + k, "%d%s", num_non_terminals, temp1);
data/jikespg-1.3/src/lpgparse.c:2975:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(suffix, text + j); /* Copy rest of text into "suffix". */
data/jikespg-1.3/src/lpgparse.c:3001:24: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(q -> line, suffix);
data/jikespg-1.3/src/lpgparse.c:3007:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tail -> line, suffix);
data/jikespg-1.3/src/lpgparse.c:3021:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, root -> line);
data/jikespg-1.3/src/lpgparse.c:3040:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, symbol);
data/jikespg-1.3/src/lpgparse.c:3042:20: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, suffix);
data/jikespg-1.3/src/lpgparse.c:3062:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:3077:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, input_line_root -> line);
data/jikespg-1.3/src/lpgparse.c:3112:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line, "predefined macro \"%s\""
data/jikespg-1.3/src/lpgparse.c:3127:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg_line, "Redefinition of macro \"%s\""
data/jikespg-1.3/src/lpgparse.c:3219:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(defelmt[num_defs].name, macro_name);
data/jikespg-1.3/src/lpgparse.c:3360:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, temp);
data/jikespg-1.3/src/lpgparse.c:3389:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, temp);
data/jikespg-1.3/src/lpgparse.c:3393:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/lpgparse.c:3425:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, temp);
data/jikespg-1.3/src/lpgparse.c:3454:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, temp);
data/jikespg-1.3/src/lpgparse.c:3460:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/lpgparse.c:3474:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempbuffer1, BLANK);
data/jikespg-1.3/src/lpgparse.c:3476:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempbuffer1, BLANK);
data/jikespg-1.3/src/lpgparse.c:3480:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, temp);
data/jikespg-1.3/src/lpgparse.c:3481:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/lpgutil.c:602:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out, in);
data/jikespg-1.3/src/lpgutil.c:638:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line,indent);
data/jikespg-1.3/src/lpgutil.c:648:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, token+len + 1);
data/jikespg-1.3/src/lpgutil.c:651:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line,indent);
data/jikespg-1.3/src/lpgutil.c:652:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line,token);
data/jikespg-1.3/src/lpgutil.c:710:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/lpgutil.c:711:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/lpgutil.c:723:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/lpgutil.c:739:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/lpgutil.c:740:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/lpgutil.c:751:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line,tok);
data/jikespg-1.3/src/lpgutil.c:848:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, buffer);
data/jikespg-1.3/src/main.c:98:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parm, p+1); /* Copy from next char till end */
data/jikespg-1.3/src/main.c:100:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(parm, argv[++i]); /* Next argument is first option */
data/jikespg-1.3/src/main.c:104:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(parm, BLANK);
data/jikespg-1.3/src/main.c:105:16: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(parm, argv[++i]);
data/jikespg-1.3/src/main.c:122:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(parm, argv[j]+1);
data/jikespg-1.3/src/main.c:125:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(parm, argv[j]);
data/jikespg-1.3/src/main.c:129:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(parm, BLANK);
data/jikespg-1.3/src/main.c:145:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grm_file, argv[1]);
data/jikespg-1.3/src/main.c:153:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lis_file, "%s.LISTING", file_prefix);
data/jikespg-1.3/src/main.c:154:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tab_file, "%s.TABLE", file_prefix);
data/jikespg-1.3/src/main.c:160:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grm_file, "%s.GRAMMAR", argv[1]);
data/jikespg-1.3/src/main.c:161:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lis_file, "%s.LISTING", argv[1]);
data/jikespg-1.3/src/main.c:162:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tab_file, "%s.TABLE", argv[1]);
data/jikespg-1.3/src/main.c:163:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_prefix, argv[1]);
data/jikespg-1.3/src/main.c:169:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grm_file, "%s.GRAMMAR.*", argv[1]);
data/jikespg-1.3/src/main.c:170:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lis_file, "%s.LISTING.A", argv[1]);
data/jikespg-1.3/src/main.c:171:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tab_file, "%s.TABLE.A", argv[1]);
data/jikespg-1.3/src/main.c:174:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grm_file, "%s.%s.*", argv[1], strupr(argv[2]));
data/jikespg-1.3/src/main.c:175:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lis_file, "%s.LISTING.A", argv[1]);
data/jikespg-1.3/src/main.c:176:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tab_file, "%s.TABLE.A", argv[1]);
data/jikespg-1.3/src/main.c:181:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(grm_file, "%s.%s.%s", argv[1], argv[2], argv[3]);
data/jikespg-1.3/src/main.c:182:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lis_file, "%s.LISTING.%s", argv[1], argv[3]);
data/jikespg-1.3/src/main.c:183:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tab_file, "%s.TABLE.%s", argv[1], argv[3]);
data/jikespg-1.3/src/main.c:196:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(grm_file, argv[argc - 1]);
data/jikespg-1.3/src/main.c:204:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmpbuf, slash + 1);
data/jikespg-1.3/src/main.c:205:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(tmpbuf, grm_file);
data/jikespg-1.3/src/main.c:211:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lis_file, tmpbuf);
data/jikespg-1.3/src/main.c:212:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tab_file, tmpbuf);
data/jikespg-1.3/src/mkfirst.c:661:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:662:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line,BLANK);
data/jikespg-1.3/src/mkfirst.c:1134:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1135:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1477:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1478:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1480:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1523:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1524:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1617:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1619:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1621:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1622:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1641:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1643:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1645:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1646:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1772:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1773:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/mkfirst.c:1819:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/mkfirst.c:1820:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/produce.c:488:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/produce.c:1448:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/produce.c:1449:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/produce.c:1471:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, tok);
data/jikespg-1.3/src/produce.c:1472:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, BLANK);
data/jikespg-1.3/src/spacetab.c:1675:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_ptr, tok);
data/jikespg-1.3/src/spacetab.c:1713:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_ptr, tok);
data/jikespg-1.3/src/tabutil.c:1010:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok, RETRIEVE_NAME(i));
data/jikespg-1.3/src/tabutil.c:1021:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_ptr, tok);
data/jikespg-1.3/src/tabutil.c:1028:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok, tok+68);
data/jikespg-1.3/src/tabutil.c:1036:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tok, tok+72);
data/jikespg-1.3/src/timetab.c:745:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_ptr, tok);
data/jikespg-1.3/src/timetab.c:788:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output_ptr, tok);
data/jikespg-1.3/src/ctabs.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dcl_tag[SYMBOL_SIZE],
data/jikespg-1.3/src/ctabs.c:537:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "w, recfm=%cB, lrecl=%d",
data/jikespg-1.3/src/ctabs.c:541:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*file = fopen(file_name, msg_line)) == NULL)
data/jikespg-1.3/src/ctabs.c:544:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((*file = fopen(file_name, "w")) == NULL)
data/jikespg-1.3/src/ctabs.c:553:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_tag, file_name, p - file_name);
data/jikespg-1.3/src/ctabs.c:635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tok[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/ctabs.c:685:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:725:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:739:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:755:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tok[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/ctabs.c:808:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:973:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:985:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:1063:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:1068:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:1123:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:1175:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:1235:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:1602:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[SYMBOL_SIZE + /* max length of a token symbol */
data/jikespg-1.3/src/ctabs.c:1608:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "interface ");
data/jikespg-1.3/src/ctabs.c:1610:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, "\n{\n public final static int\n");
data/jikespg-1.3/src/ctabs.c:1612:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy(line, "enum {\n");
data/jikespg-1.3/src/ctabs.c:2103:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Table contains entries that are > "
data/jikespg-1.3/src/ctabs.c:2424:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2457:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Shifts: %d",shift_count);
data/jikespg-1.3/src/ctabs.c:2460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Shift/Reduces: %d",shift_reduce_count);
data/jikespg-1.3/src/ctabs.c:2465:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2471:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Gotos: %d",goto_count);
data/jikespg-1.3/src/ctabs.c:2474:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Goto/Reduces: %d",goto_reduce_count);
data/jikespg-1.3/src/ctabs.c:2477:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Reduces: %d",reduce_count);
data/jikespg-1.3/src/ctabs.c:2480:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Defaults: %d",default_count);
data/jikespg-1.3/src/ctabs.c:2693:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2814:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Table contains entries that are > "
data/jikespg-1.3/src/ctabs.c:2901:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2952:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, " Number of Shifts: %d", shift_count);
data/jikespg-1.3/src/ctabs.c:2955:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2962:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2968:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, " Number of Gotos: %d", goto_count);
data/jikespg-1.3/src/ctabs.c:2971:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ctabs.c:2975:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, " Number of Reduces: %d", reduce_count);
data/jikespg-1.3/src/ctabs.c:2978:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, " Number of Defaults: %d", default_count);
data/jikespg-1.3/src/globals.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grm_file[80],
data/jikespg-1.3/src/globals.c:144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blockb[MAX_PARM_SIZE] = {'/', '.'},
data/jikespg-1.3/src/lpgparse.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char code[256] = {0};
data/jikespg-1.3/src/lpgparse.c:53:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sysgrm = fopen(grm_file, "r")) == (FILE *) NULL)
data/jikespg-1.3/src/lpgparse.c:65:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(grm_file, ".g");
data/jikespg-1.3/src/lpgparse.c:66:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sysgrm = fopen(grm_file, "r")) == (FILE *) NULL)
data/jikespg-1.3/src/lpgparse.c:105:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
syslis = fopen(lis_file, "w, lrecl=85, recfm=VBA");
data/jikespg-1.3/src/lpgparse.c:107:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
syslis = fopen(lis_file, "w");
data/jikespg-1.3/src/lpgparse.c:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *c,
data/jikespg-1.3/src/lpgparse.c:642:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, parm+j, i - j); /* copy into TEMP */
data/jikespg-1.3/src/lpgparse.c:652:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(an, temp, 8);
data/jikespg-1.3/src/lpgparse.c:662:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(at, temp, 8);
data/jikespg-1.3/src/lpgparse.c:672:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(am, temp, 2);
data/jikespg-1.3/src/lpgparse.c:690:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default_opt = MIN(atoi(temp), 5);
data/jikespg-1.3/src/lpgparse.c:706:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file_prefix, temp, 5);
data/jikespg-1.3/src/lpgparse.c:762:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(han, temp, 8);
data/jikespg-1.3/src/lpgparse.c:772:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hat, temp, 8);
data/jikespg-1.3/src/lpgparse.c:782:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ham, temp, 2);
data/jikespg-1.3/src/lpgparse.c:818:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lalr_level = atoi(temp);
data/jikespg-1.3/src/lpgparse.c:837:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maximum_distance = atoi(temp);
data/jikespg-1.3/src/lpgparse.c:852:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minimum_distance = atoi(temp);
data/jikespg-1.3/src/lpgparse.c:898:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmpval = atoi(temp);
data/jikespg-1.3/src/lpgparse.c:901:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "OUTPUT_SIZE cannot exceed %d",
data/jikespg-1.3/src/lpgparse.c:948:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stack_size = atoi(temp);
data/jikespg-1.3/src/lpgparse.c:1077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old_parm[MAX_LINE_SIZE + 1],
data/jikespg-1.3/src/lpgparse.c:1083:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ooptions[9] = " OPTIONS";
data/jikespg-1.3/src/lpgparse.c:1161:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pn, "PRS");
data/jikespg-1.3/src/lpgparse.c:1166:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sn, "SYM");
data/jikespg-1.3/src/lpgparse.c:1171:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(an, "ACT");
data/jikespg-1.3/src/lpgparse.c:1176:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(han, "HDR");
data/jikespg-1.3/src/lpgparse.c:1227:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "ACTION");
data/jikespg-1.3/src/lpgparse.c:1229:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOACTION");
data/jikespg-1.3/src/lpgparse.c:1244:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "BYTE");
data/jikespg-1.3/src/lpgparse.c:1247:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "CONFLICTS");
data/jikespg-1.3/src/lpgparse.c:1249:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOCONFLICTS");
data/jikespg-1.3/src/lpgparse.c:1252:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NODEFAULT");
data/jikespg-1.3/src/lpgparse.c:1254:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "DEFAULT=%d",default_opt);
data/jikespg-1.3/src/lpgparse.c:1257:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "DEBUG");
data/jikespg-1.3/src/lpgparse.c:1259:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NODEBUG");
data/jikespg-1.3/src/lpgparse.c:1262:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "DEFERRED");
data/jikespg-1.3/src/lpgparse.c:1264:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NODEFERRED");
data/jikespg-1.3/src/lpgparse.c:1267:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "EDIT");
data/jikespg-1.3/src/lpgparse.c:1269:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOEDIT");
data/jikespg-1.3/src/lpgparse.c:1272:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "ERROR-MAPS");
data/jikespg-1.3/src/lpgparse.c:1274:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOERROR-MAPS");
data/jikespg-1.3/src/lpgparse.c:1276:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "ESCAPE=%c", escape);
data/jikespg-1.3/src/lpgparse.c:1280:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "FIRST");
data/jikespg-1.3/src/lpgparse.c:1282:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOFIRST");
data/jikespg-1.3/src/lpgparse.c:1285:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "FOLLOW");
data/jikespg-1.3/src/lpgparse.c:1287:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOFOLLOW");
data/jikespg-1.3/src/lpgparse.c:1290:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "GENERATE-PARSER=C");
data/jikespg-1.3/src/lpgparse.c:1292:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "GENERATE-PARSER=C++");
data/jikespg-1.3/src/lpgparse.c:1294:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "GENERATE-PARSER=JAVA");
data/jikespg-1.3/src/lpgparse.c:1296:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOGENERATE-PARSER");
data/jikespg-1.3/src/lpgparse.c:1299:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "GOTO-DEFAULT");
data/jikespg-1.3/src/lpgparse.c:1301:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOGOTO-DEFAULT");
data/jikespg-1.3/src/lpgparse.c:1312:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "HALF-WORD");
data/jikespg-1.3/src/lpgparse.c:1319:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "LALR=%d", lalr_level);
data/jikespg-1.3/src/lpgparse.c:1322:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "LIST");
data/jikespg-1.3/src/lpgparse.c:1324:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOLIST");
data/jikespg-1.3/src/lpgparse.c:1326:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "MAX-DISTANCE=%d",maximum_distance);
data/jikespg-1.3/src/lpgparse.c:1327:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "MIN-DISTANCE=%d",minimum_distance);
data/jikespg-1.3/src/lpgparse.c:1329:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NAMES=MAXIMUM");
data/jikespg-1.3/src/lpgparse.c:1331:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NAMES=MINIMUM");
data/jikespg-1.3/src/lpgparse.c:1333:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NAMES=OPTIMIZED");
data/jikespg-1.3/src/lpgparse.c:1336:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NT-CHECK");
data/jikespg-1.3/src/lpgparse.c:1338:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NONT-CHECK");
data/jikespg-1.3/src/lpgparse.c:1340:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "ORMARK=%c", ormark);
data/jikespg-1.3/src/lpgparse.c:1341:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "OUTPUT-SIZE=%d", output_size);
data/jikespg-1.3/src/lpgparse.c:1345:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "READ-REDUCE");
data/jikespg-1.3/src/lpgparse.c:1347:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOREAD-REDUCE");
data/jikespg-1.3/src/lpgparse.c:1351:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "RECORD-FORMAT=F");
data/jikespg-1.3/src/lpgparse.c:1353:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "RECORD-FORMAT=V");
data/jikespg-1.3/src/lpgparse.c:1357:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "SCOPES");
data/jikespg-1.3/src/lpgparse.c:1359:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOSCOPES");
data/jikespg-1.3/src/lpgparse.c:1362:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "SHIFT-DEFAULT");
data/jikespg-1.3/src/lpgparse.c:1364:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOSHIFT-DEFAULT");
data/jikespg-1.3/src/lpgparse.c:1367:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "SINGLE-PRODUCTIONS");
data/jikespg-1.3/src/lpgparse.c:1369:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOSINGLE-PRODUCTIONS");
data/jikespg-1.3/src/lpgparse.c:1372:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "SLR");
data/jikespg-1.3/src/lpgparse.c:1374:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(opt_string[++top], "STACK-SIZE=%d",stack_size);
data/jikespg-1.3/src/lpgparse.c:1376:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "STATES");
data/jikespg-1.3/src/lpgparse.c:1378:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOSTATES");
data/jikespg-1.3/src/lpgparse.c:1383:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOTABLE");
data/jikespg-1.3/src/lpgparse.c:1385:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "TABLE=SPACE");
data/jikespg-1.3/src/lpgparse.c:1387:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "TABLE=TIME");
data/jikespg-1.3/src/lpgparse.c:1390:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOTRACE");
data/jikespg-1.3/src/lpgparse.c:1392:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "TRACE=CONFLICTS");
data/jikespg-1.3/src/lpgparse.c:1394:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "TRACE=FULL");
data/jikespg-1.3/src/lpgparse.c:1397:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "VERBOSE");
data/jikespg-1.3/src/lpgparse.c:1399:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOVERBOSE");
data/jikespg-1.3/src/lpgparse.c:1402:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "WARNINGS");
data/jikespg-1.3/src/lpgparse.c:1404:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOWARNINGS");
data/jikespg-1.3/src/lpgparse.c:1407:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "XREF");
data/jikespg-1.3/src/lpgparse.c:1409:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opt_string[++top], "NOXREF");
data/jikespg-1.3/src/lpgparse.c:1412:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output_line, " ");
data/jikespg-1.3/src/lpgparse.c:1418:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(output_line, " ");
data/jikespg-1.3/src/lpgparse.c:1422:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(output_line, " ");
data/jikespg-1.3/src/lpgparse.c:1458:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "BLOCKB and BLOCKE");
data/jikespg-1.3/src/lpgparse.c:1460:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "BLOCKB and ESCAPE");
data/jikespg-1.3/src/lpgparse.c:1462:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "BLOCKB and ORMARK");
data/jikespg-1.3/src/lpgparse.c:1464:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "ESCAPE and BLOCKE");
data/jikespg-1.3/src/lpgparse.c:1466:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "ORMARK and BLOCKE");
data/jikespg-1.3/src/lpgparse.c:1468:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "HBLOCKB and HBLOCKE");
data/jikespg-1.3/src/lpgparse.c:1470:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "HBLOCKB and ESCAPE");
data/jikespg-1.3/src/lpgparse.c:1472:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "HBLOCKB and ORMARK");
data/jikespg-1.3/src/lpgparse.c:1474:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "ESCAPE and HBLOCKE");
data/jikespg-1.3/src/lpgparse.c:1476:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "ORMARK and HBLOCKE");
data/jikespg-1.3/src/lpgparse.c:1478:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "ORMARK and ESCAPE");
data/jikespg-1.3/src/lpgparse.c:1485:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1498:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1770:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tok_string[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:1819:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1873:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/lpgparse.c:1929:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tok_string, p1, i);
data/jikespg-1.3/src/lpgparse.c:1960:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tok_string, p1, ct_length);
data/jikespg-1.3/src/lpgparse.c:2150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tok_string, p1, ct_length);
data/jikespg-1.3/src/lpgparse.c:2191:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(terminal[top].name, ct_ptr, ct_length);
data/jikespg-1.3/src/lpgparse.c:2206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tok_string[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2211:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "End-of file reached prematurely");
data/jikespg-1.3/src/lpgparse.c:2333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2336:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "w, recfm=%cB, lrecl=%d",
data/jikespg-1.3/src/lpgparse.c:2340:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysact = fopen(act_file, msg_line);
data/jikespg-1.3/src/lpgparse.c:2341:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
syshact = fopen(hact_file, msg_line);
data/jikespg-1.3/src/lpgparse.c:2343:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sysact = fopen(act_file, "w");
data/jikespg-1.3/src/lpgparse.c:2344:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
syshact = fopen(hact_file, "w");
data/jikespg-1.3/src/lpgparse.c:2363:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((sysgrm = fopen(grm_file, "r")) == (FILE *) NULL)
data/jikespg-1.3/src/lpgparse.c:2388:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
defelmt[i].macro = (char *)
data/jikespg-1.3/src/lpgparse.c:2479:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, linestart + actelmt[i].start_column, len);
data/jikespg-1.3/src/lpgparse.c:2537:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, p1, len);
data/jikespg-1.3/src/lpgparse.c:2636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2779:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp1[MAX_LINE_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[MAX_LINE_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2781:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[MAX_LINE_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbol[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:2804:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", rule_no);
data/jikespg-1.3/src/lpgparse.c:2814:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", num_symbols);
data/jikespg-1.3/src/lpgparse.c:2862:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp2, " ->");
data/jikespg-1.3/src/lpgparse.c:2864:24: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp2, " ::=");
data/jikespg-1.3/src/lpgparse.c:2867:24: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp2, " ... ");
data/jikespg-1.3/src/lpgparse.c:2881:37: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(temp2, "...");
data/jikespg-1.3/src/lpgparse.c:2899:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", RHS_SIZE(rule_no));
data/jikespg-1.3/src/lpgparse.c:2909:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", line_no + 1);
data/jikespg-1.3/src/lpgparse.c:2919:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", num_rules);
data/jikespg-1.3/src/lpgparse.c:2932:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", line_no);
data/jikespg-1.3/src/lpgparse.c:2945:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", num_terminals);
data/jikespg-1.3/src/lpgparse.c:2958:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + k, "%d", num_non_terminals);
data/jikespg-1.3/src/lpgparse.c:2971:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(symbol, text + k, j - k); /* copy macro name into symbol */
data/jikespg-1.3/src/lpgparse.c:3162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macro_name[MAX_LINE_SIZE + 1];
data/jikespg-1.3/src/lpgparse.c:3285:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/lpgparse.c:3348:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ::= ");
data/jikespg-1.3/src/lpgparse.c:3375:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, " "); /* 8 spaces */
data/jikespg-1.3/src/lpgparse.c:3410:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "%-4d ", rule_no);
data/jikespg-1.3/src/lpgparse.c:3428:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " -> ");
data/jikespg-1.3/src/lpgparse.c:3430:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ::= ");
data/jikespg-1.3/src/lpgparse.c:3455:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " -> ");
data/jikespg-1.3/src/lpgparse.c:3461:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, "| ");
data/jikespg-1.3/src/lpgparse.c:3470:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuffer1[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.h:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char han[9] = "",
data/jikespg-1.3/src/lpgparse.h:228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.h:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgparse.h:272:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char kdefine[8] = " define",
data/jikespg-1.3/src/lpgparse.h:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_SIZE + 1];
data/jikespg-1.3/src/lpgutil.c:629:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/lpgutil.c:644:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, token, len);
data/jikespg-1.3/src/lpgutil.c:673:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/lpgutil.c:691:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ::= ");
data/jikespg-1.3/src/lpgutil.c:722:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tok, " .");
data/jikespg-1.3/src/lpgutil.c:744:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tok, " (%d)", rule_no);
data/jikespg-1.3/src/lpgutil.c:791:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/lpgutil.c:829:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "( ");
data/jikespg-1.3/src/lpgutil.c:843:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, " ");
data/jikespg-1.3/src/lpgutil.c:847:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d ", q -> value);
data/jikespg-1.3/src/main.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *dot,
data/jikespg-1.3/src/main.c:222:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lis_file, tmpbuf, dot - tmpbuf);
data/jikespg-1.3/src/main.c:223:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tab_file, tmpbuf, dot - tmpbuf);
data/jikespg-1.3/src/main.c:228:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(lis_file, ".l"); /* add .l extension for listing file */
data/jikespg-1.3/src/main.c:229:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tab_file, ".t"); /* add .t extension for table file */
data/jikespg-1.3/src/main.c:242:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "\nNumber of Terminals: %d",
data/jikespg-1.3/src/main.c:246:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Nonterminals: %d",
data/jikespg-1.3/src/main.c:250:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Productions: %d", num_rules + 1);
data/jikespg-1.3/src/main.c:255:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Single Productions: %d",
data/jikespg-1.3/src/main.c:260:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Items: %d", num_items);
data/jikespg-1.3/src/main.c:277:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "\nNumber of Terminals: %d", num_terminals - 1);
data/jikespg-1.3/src/main.c:280:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Nonterminals: %d", num_non_terminals - 1);
data/jikespg-1.3/src/main.c:283:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Productions: %d", num_rules + 1);
data/jikespg-1.3/src/main.c:288:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/main.c:294:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Items: %d", num_items);
data/jikespg-1.3/src/main.c:298:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Scopes: %d", num_scopes);
data/jikespg-1.3/src/main.c:302:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of States: %d", num_states);
data/jikespg-1.3/src/main.c:307:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/main.c:313:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Shift actions: %d", num_shifts);
data/jikespg-1.3/src/main.c:316:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Goto actions: %d", num_gotos);
data/jikespg-1.3/src/main.c:321:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/main.c:325:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/main.c:330:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Reduce actions: %d", num_reductions);
data/jikespg-1.3/src/main.c:333:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/main.c:337:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/mkfirst.c:609:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/mkfirst.c:650:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, " ");
data/jikespg-1.3/src/mkfirst.c:1022:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/mkfirst.c:1115:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "*** ERROR: The following Non-terminal");
data/jikespg-1.3/src/mkfirst.c:1117:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " does not generate any terminal strings: ");
data/jikespg-1.3/src/mkfirst.c:1120:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, "s do not generate any terminal strings: ");
data/jikespg-1.3/src/mkfirst.c:1122:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, " "); /* 8 spaces */
data/jikespg-1.3/src/mkfirst.c:1386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/mkfirst.c:1462:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, " "); /* 8 spaces */
data/jikespg-1.3/src/mkfirst.c:1465:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "*** The following Terminal is useless: ");
data/jikespg-1.3/src/mkfirst.c:1509:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, " "); /* 8 spaces */
data/jikespg-1.3/src/mkfirst.c:1512:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(line, "*** The following Non-Terminal is useless: ");
data/jikespg-1.3/src/mkfirst.c:1556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/mkfirst.c:1599:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ==>> ");
data/jikespg-1.3/src/mkfirst.c:1610:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tok, "%d", rule_no);
data/jikespg-1.3/src/mkfirst.c:1634:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tok, "%d", rule_no);
data/jikespg-1.3/src/mkfirst.c:1748:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/mkfirst.c:1759:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ==>> ");
data/jikespg-1.3/src/mkfirst.c:1795:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/mkfirst.c:1806:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ==>> ");
data/jikespg-1.3/src/prntstat.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SYMBOL_SIZE + 1],
data/jikespg-1.3/src/prntstat.c:188:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PRINT_LINE_SIZE + 1];
data/jikespg-1.3/src/produce.c:471:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE],
data/jikespg-1.3/src/produce.c:478:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ::= ");
data/jikespg-1.3/src/produce.c:1413:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[PRINT_LINE_SIZE + 1],
data/jikespg-1.3/src/produce.c:1427:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " ::= ");
data/jikespg-1.3/src/produce.c:1456:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(line, " .");
data/jikespg-1.3/src/ptables.c:145:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ptables.c:150:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ptables.c:287:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ptables.c:291:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/ptables.c:454:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "w, recfm=%cB, lrecl=%d",
data/jikespg-1.3/src/ptables.c:457:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((systab = fopen(tab_file, msg_line)) == NULL)
data/jikespg-1.3/src/ptables.c:459:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((systab = fopen(tab_file, "w")) == NULL)
data/jikespg-1.3/src/resolve.c:968:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/spacetab.c:123:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of non-terminals eliminated: %d",
data/jikespg-1.3/src/spacetab.c:306:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Length of base Check Table: %d", check_size);
data/jikespg-1.3/src/spacetab.c:310:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Length of base Action Table: %ld", action_size);
data/jikespg-1.3/src/spacetab.c:313:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Number of entries in base Action Table: %d",
data/jikespg-1.3/src/spacetab.c:319:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Percentage of increase: %d.%d%%",
data/jikespg-1.3/src/spacetab.c:341:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Storage required for base Tables: %ld Bytes, %dK",
data/jikespg-1.3/src/spacetab.c:351:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Storage required for Rules: %ld Bytes", num_bytes);
data/jikespg-1.3/src/spacetab.c:870:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Length of Shift Check Table: %d",shift_check_size);
data/jikespg-1.3/src/spacetab.c:873:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Number of entries in Shift Check Table: %d",
data/jikespg-1.3/src/spacetab.c:883:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Percentage of increase: %d.%d%%",
data/jikespg-1.3/src/spacetab.c:899:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/spacetab.c:1273:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/spacetab.c:1277:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Shift actions saved by merging: %d",
data/jikespg-1.3/src/spacetab.c:1280:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Reduce actions saved by merging: %d",
data/jikespg-1.3/src/spacetab.c:1283:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of Reduce saved by default: %d",
data/jikespg-1.3/src/spacetab.c:1517:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Length of Terminal Check Table: %d",
data/jikespg-1.3/src/spacetab.c:1521:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Length of Terminal Action Table: %d",
data/jikespg-1.3/src/spacetab.c:1525:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Number of entries in Terminal Action Table: %d",
data/jikespg-1.3/src/spacetab.c:1532:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Percentage of increase: %d.%d%%",
data/jikespg-1.3/src/spacetab.c:1550:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/spacetab.c:1561:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/spacetab.c:1626:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Table contains entries that are > "
data/jikespg-1.3/src/spacetab.c:1678:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 64);
data/jikespg-1.3/src/spacetab.c:1686:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 72);
data/jikespg-1.3/src/spacetab.c:1692:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, len);
data/jikespg-1.3/src/spacetab.c:1716:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 64);
data/jikespg-1.3/src/spacetab.c:1724:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 72);
data/jikespg-1.3/src/spacetab.c:1730:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, len);
data/jikespg-1.3/src/spacetab.c:1920:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/spacetab.c:1954:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Shifts: %d",shift_count);
data/jikespg-1.3/src/spacetab.c:1957:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Shift/Reduces: %d",shift_reduce_count);
data/jikespg-1.3/src/spacetab.c:1962:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/spacetab.c:1968:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Gotos: %d",goto_count);
data/jikespg-1.3/src/spacetab.c:1971:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Goto/Reduces: %d",goto_reduce_count);
data/jikespg-1.3/src/spacetab.c:1974:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Reduces: %d",reduce_count);
data/jikespg-1.3/src/spacetab.c:1977:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Defaults: %d",default_count);
data/jikespg-1.3/src/spacetab.c:2172:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[12];
data/jikespg-1.3/src/tabutil.c:285:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Table has exceeded maximum limit of %d",
data/jikespg-1.3/src/tabutil.c:298:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:304:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tok[SYMBOL_SIZE + 1];
data/jikespg-1.3/src/tabutil.c:518:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:548:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:579:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:708:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:804:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:911:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:919:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:981:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Storage required for GOTO_STATES map: %d Bytes",
data/jikespg-1.3/src/tabutil.c:1024:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 68);
data/jikespg-1.3/src/tabutil.c:1032:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 72);
data/jikespg-1.3/src/tabutil.c:1038:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, name_len);
data/jikespg-1.3/src/tabutil.c:1142:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:1162:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/tabutil.c:1343:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:99:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:423:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Length of Check table: %ld", table_size);
data/jikespg-1.3/src/timetab.c:426:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,"Length of Action table: %ld", action_size);
data/jikespg-1.3/src/timetab.c:429:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:434:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Percentage of increase: %d.%d%%",
data/jikespg-1.3/src/timetab.c:446:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:472:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:528:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line, "Table contains entries that are > "
data/jikespg-1.3/src/timetab.c:610:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:661:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Shifts: %d",shift_count);
data/jikespg-1.3/src/timetab.c:664:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Shift/Reduces: %d",shift_reduce_count);
data/jikespg-1.3/src/timetab.c:669:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:674:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Gotos: %d",goto_count);
data/jikespg-1.3/src/timetab.c:677:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line,
data/jikespg-1.3/src/timetab.c:681:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Reduces: %d",reduce_count);
data/jikespg-1.3/src/timetab.c:684:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg_line," Number of Defaults: %d",default_count);
data/jikespg-1.3/src/timetab.c:748:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 64);
data/jikespg-1.3/src/timetab.c:756:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 72);
data/jikespg-1.3/src/timetab.c:762:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, len);
data/jikespg-1.3/src/timetab.c:791:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 64);
data/jikespg-1.3/src/timetab.c:798:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, 72);
data/jikespg-1.3/src/timetab.c:804:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output_ptr, tok, len);
data/jikespg-1.3/src/ctabs.c:649:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len[i] = strlen(tok);
data/jikespg-1.3/src/ctabs.c:766:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tok);
data/jikespg-1.3/src/ctabs.c:1640:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(strlen(line) > PARSER_LINE_SIZE)
data/jikespg-1.3/src/ctabs.c:1645:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&line[PARSER_LINE_SIZE - 2]) + 1);
data/jikespg-1.3/src/ctabs.c:1650:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 2] = '\0'; /* remove the string ",\n" from last line */
data/jikespg-1.3/src/lpgparse.c:57:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(grm_file); i > 0 &&
data/jikespg-1.3/src/lpgparse.c:240:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blockb_len = strlen(blockb);
data/jikespg-1.3/src/lpgparse.c:241:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blocke_len = strlen(blocke);
data/jikespg-1.3/src/lpgparse.c:243:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hblockb_len = strlen(hblockb);
data/jikespg-1.3/src/lpgparse.c:244:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hblocke_len = strlen(hblocke);
data/jikespg-1.3/src/lpgparse.c:405:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(parm, parm + i, strlen (parm + i) + 1);
data/jikespg-1.3/src/lpgparse.c:435:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(token);
data/jikespg-1.3/src/lpgparse.c:456:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(token, token + 2, strlen(token + 2) + 1);
data/jikespg-1.3/src/lpgparse.c:653:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pn[MIN(strlen(temp), 8)] = '\0';
data/jikespg-1.3/src/lpgparse.c:663:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
at[MIN(strlen(temp), 8)] = '\0';
data/jikespg-1.3/src/lpgparse.c:673:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
am[MIN(strlen(temp), 2)] = '\0';
data/jikespg-1.3/src/lpgparse.c:707:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_prefix[MIN(5, strlen(temp))] = '\0';
data/jikespg-1.3/src/lpgparse.c:763:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pn[MIN(strlen(temp), 8)] = '\0';
data/jikespg-1.3/src/lpgparse.c:773:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hat[MIN(strlen(temp), 8)] = '\0';
data/jikespg-1.3/src/lpgparse.c:783:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ham[MIN(strlen(temp), 2)] = '\0';
data/jikespg-1.3/src/lpgparse.c:800:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/jikespg-1.3/src/lpgparse.c:863:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/jikespg-1.3/src/lpgparse.c:925:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/jikespg-1.3/src/lpgparse.c:961:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/jikespg-1.3/src/lpgparse.c:979:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/jikespg-1.3/src/lpgparse.c:1119:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(parm, p2 + strlen(ooptions));
data/jikespg-1.3/src/lpgparse.c:1415:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(output_line) + strlen(opt_string[i]) > PRINT_LINE_SIZE-1)
data/jikespg-1.3/src/lpgparse.c:1415:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(output_line) + strlen(opt_string[i]) > PRINT_LINE_SIZE-1)
data/jikespg-1.3/src/lpgparse.c:1421:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(output_line) + 2 < PRINT_LINE_SIZE-1)
data/jikespg-1.3/src/lpgparse.c:1459:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(blockb) == 1 && blockb[0] == escape)
data/jikespg-1.3/src/lpgparse.c:1461:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(blockb) == 1 && blockb[0] == ormark)
data/jikespg-1.3/src/lpgparse.c:1463:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(blocke) == 1 && blocke[0] == escape)
data/jikespg-1.3/src/lpgparse.c:1465:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(blocke) == 1 && blocke[0] == ormark)
data/jikespg-1.3/src/lpgparse.c:1469:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hblockb) == 1 && hblockb[0] == escape)
data/jikespg-1.3/src/lpgparse.c:1471:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hblockb) == 1 && hblockb[0] == ormark)
data/jikespg-1.3/src/lpgparse.c:1473:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hblocke) == 1 && hblocke[0] == escape)
data/jikespg-1.3/src/lpgparse.c:1475:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(hblocke) == 1 && hblocke[0] == ormark)
data/jikespg-1.3/src/lpgparse.c:1491:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hblockb) <= strlen(blockb) &&
data/jikespg-1.3/src/lpgparse.c:1491:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(hblockb) <= strlen(blockb) &&
data/jikespg-1.3/src/lpgparse.c:1492:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcmp(hblockb, blockb, strlen(hblockb)) == 0)
data/jikespg-1.3/src/lpgparse.c:1541:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string_offset + strlen(string) >= string_size)
data/jikespg-1.3/src/lpgparse.c:2789:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(text);
data/jikespg-1.3/src/lpgparse.c:2844:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen(temp1) - 1;
data/jikespg-1.3/src/lpgparse.c:2866:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp2) > max_len)
data/jikespg-1.3/src/lpgparse.c:2873:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp2) + strlen(symbol) + 1 < max_len)
data/jikespg-1.3/src/lpgparse.c:2873:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp2) + strlen(symbol) + 1 < max_len)
data/jikespg-1.3/src/lpgparse.c:2880:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp2) + 3 < max_len)
data/jikespg-1.3/src/lpgparse.c:2889:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = k - 1 + strlen(temp2); /* Adjust cursor */
data/jikespg-1.3/src/lpgparse.c:2999:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q -> line) + strlen(suffix) < output_size)
data/jikespg-1.3/src/lpgparse.c:2999:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(q -> line) + strlen(suffix) < output_size)
data/jikespg-1.3/src/lpgparse.c:3019:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(root -> line) < output_size)
data/jikespg-1.3/src/lpgparse.c:3019:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(root -> line) < output_size)
data/jikespg-1.3/src/lpgparse.c:3047:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_len = strlen(text);
data/jikespg-1.3/src/lpgparse.c:3056:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > output_size)
data/jikespg-1.3/src/lpgparse.c:3058:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = strlen(text) - 1; j >= output_size; j--)
data/jikespg-1.3/src/lpgparse.c:3300:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill_in(line, (PRINT_LINE_SIZE - (strlen(blockb)+1)), '-');
data/jikespg-1.3/src/lpgparse.c:3316:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fill_in(line, (PRINT_LINE_SIZE - (strlen(blocke) + 1)), '-');
data/jikespg-1.3/src/lpgparse.c:3352:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(temp) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/lpgparse.c:3352:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(temp) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/lpgparse.c:3382:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(temp) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/lpgparse.c:3382:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(temp) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/lpgparse.c:3391:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) < PRINT_LINE_SIZE)
data/jikespg-1.3/src/lpgparse.c:3414:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) > PRINT_LINE_SIZE - 12)
data/jikespg-1.3/src/lpgparse.c:3416:17: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(line, temp, PRINT_LINE_SIZE - 12);
data/jikespg-1.3/src/lpgparse.c:3433:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = MIN(strlen(line) - 1, i);
data/jikespg-1.3/src/lpgparse.c:3443:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) > PRINT_LINE_SIZE - 12)
data/jikespg-1.3/src/lpgparse.c:3445:21: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(line, temp, PRINT_LINE_SIZE - 12);
data/jikespg-1.3/src/lpgparse.c:3468:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) + strlen(line) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/lpgparse.c:3468:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(temp) + strlen(line) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/lpgutil.c:578:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(in);
data/jikespg-1.3/src/lpgutil.c:631:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
toklen = strlen(token);
data/jikespg-1.3/src/lpgutil.c:642:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; toklen > len; toklen = strlen(temp))
data/jikespg-1.3/src/lpgutil.c:693:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = MIN(strlen(line)-1, i);
data/jikespg-1.3/src/lpgutil.c:702:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE - 4)
data/jikespg-1.3/src/lpgutil.c:702:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE - 4)
data/jikespg-1.3/src/lpgutil.c:720:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(tok, ".");
data/jikespg-1.3/src/lpgutil.c:731:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE -1)
data/jikespg-1.3/src/lpgutil.c:731:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE -1)
data/jikespg-1.3/src/lpgutil.c:745:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/lpgutil.c:745:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/lpgutil.c:839:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + number_len(q -> value) > PRINT_LINE_SIZE-2)
data/jikespg-1.3/src/lpgutil.c:852:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, ")");
data/jikespg-1.3/src/main.c:148:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(grm_file) - 1;
data/jikespg-1.3/src/main.c:190:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(argv[1]);
data/jikespg-1.3/src/mkfirst.c:655:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:655:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1128:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE-1)
data/jikespg-1.3/src/mkfirst.c:1128:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE-1)
data/jikespg-1.3/src/mkfirst.c:1470:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1470:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1517:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1517:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1600:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(line) - 1;
data/jikespg-1.3/src/mkfirst.c:1611:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1611:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1635:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1635:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tok) + strlen(line) > PRINT_LINE_SIZE)
data/jikespg-1.3/src/mkfirst.c:1765:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/mkfirst.c:1765:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/mkfirst.c:1812:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE-2)
data/jikespg-1.3/src/mkfirst.c:1812:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE-2)
data/jikespg-1.3/src/prntstat.c:55:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = MAX(max_size, strlen(temp));
data/jikespg-1.3/src/prntstat.c:63:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = MAX(max_size, strlen(temp));
data/jikespg-1.3/src/prntstat.c:71:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = MAX(max_size, strlen(temp));
data/jikespg-1.3/src/prntstat.c:226:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = MAX(max_size, strlen(temp));
data/jikespg-1.3/src/prntstat.c:234:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
max_size = MAX(max_size, strlen(temp));
data/jikespg-1.3/src/produce.c:480:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/produce.c:480:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/produce.c:1429:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = MIN(strlen(line) - 1, i);
data/jikespg-1.3/src/produce.c:1440:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 4)
data/jikespg-1.3/src/produce.c:1440:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 4)
data/jikespg-1.3/src/produce.c:1463:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/produce.c:1463:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(line) + strlen(tok) > PRINT_LINE_SIZE - 1)
data/jikespg-1.3/src/spacetab.c:1671:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tok);
data/jikespg-1.3/src/spacetab.c:1684:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/spacetab.c:1684:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/spacetab.c:1709:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tok);
data/jikespg-1.3/src/spacetab.c:1722:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/spacetab.c:1722:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/tabutil.c:1013:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(tok);
data/jikespg-1.3/src/tabutil.c:1030:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (name_len = strlen(tok); name_len > 72; name_len = strlen(tok))
data/jikespg-1.3/src/tabutil.c:1030:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (name_len = strlen(tok); name_len > 72; name_len = strlen(tok))
data/jikespg-1.3/src/timetab.c:741:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tok);
data/jikespg-1.3/src/timetab.c:754:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/timetab.c:754:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/timetab.c:784:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(tok);
data/jikespg-1.3/src/timetab.c:796:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
data/jikespg-1.3/src/timetab.c:796:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (len = strlen(tok); len > 72; len = strlen(tok))
ANALYSIS SUMMARY:
Hits = 693
Lines analyzed = 26041 in approximately 0.84 seconds (30867 lines/second)
Physical Source Lines of Code (SLOC) = 18076
Hits@level = [0] 208 [1] 128 [2] 353 [3] 0 [4] 212 [5] 0
Hits@level+ = [0+] 901 [1+] 693 [2+] 565 [3+] 212 [4+] 212 [5+] 0
Hits/KSLOC@level+ = [0+] 49.8451 [1+] 38.3381 [2+] 31.2569 [3+] 11.7283 [4+] 11.7283 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.