Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libgarmin-0~svn320/src/GarminTypedef.h
Examining data/libgarmin-0~svn320/src/align.h
Examining data/libgarmin-0~svn320/src/array.c
Examining data/libgarmin-0~svn320/src/array.h
Examining data/libgarmin-0~svn320/src/bsp.c
Examining data/libgarmin-0~svn320/src/bsp.h
Examining data/libgarmin-0~svn320/src/extras.h
Examining data/libgarmin-0~svn320/src/garmin.c
Examining data/libgarmin-0~svn320/src/garmin_fat.c
Examining data/libgarmin-0~svn320/src/garmin_fat.h
Examining data/libgarmin-0~svn320/src/garmin_lbl.c
Examining data/libgarmin-0~svn320/src/garmin_lbl.h
Examining data/libgarmin-0~svn320/src/garmin_mdr.h
Examining data/libgarmin-0~svn320/src/garmin_mps.c
Examining data/libgarmin-0~svn320/src/garmin_net.c
Examining data/libgarmin-0~svn320/src/garmin_net.h
Examining data/libgarmin-0~svn320/src/garmin_nod.c
Examining data/libgarmin-0~svn320/src/garmin_nod.h
Examining data/libgarmin-0~svn320/src/garmin_obj.c
Examining data/libgarmin-0~svn320/src/garmin_order.c
Examining data/libgarmin-0~svn320/src/garmin_order.h
Examining data/libgarmin-0~svn320/src/garmin_rgn.c
Examining data/libgarmin-0~svn320/src/garmin_rgn.h
Examining data/libgarmin-0~svn320/src/garmin_route.c
Examining data/libgarmin-0~svn320/src/garmin_subdiv.c
Examining data/libgarmin-0~svn320/src/garmin_subdiv.h
Examining data/libgarmin-0~svn320/src/garmin_tdb.c
Examining data/libgarmin-0~svn320/src/garmin_tdb.h
Examining data/libgarmin-0~svn320/src/garmin_typ.c
Examining data/libgarmin-0~svn320/src/geoutils.c
Examining data/libgarmin-0~svn320/src/geoutils.h
Examining data/libgarmin-0~svn320/src/libgarmin.h
Examining data/libgarmin-0~svn320/src/libgarmin_priv.h
Examining data/libgarmin-0~svn320/src/list.c
Examining data/libgarmin-0~svn320/src/list.h
Examining data/libgarmin-0~svn320/src/win32support.h
Examining data/libgarmin-0~svn320/src/garmin_mdr.c
Examining data/libgarmin-0~svn320/utils/bsptest.c
Examining data/libgarmin-0~svn320/utils/garroute.c
Examining data/libgarmin-0~svn320/utils/gartest.c
Examining data/libgarmin-0~svn320/utils/garxor.c
Examining data/libgarmin-0~svn320/utils/garxtract.c
FINAL RESULTS:
data/libgarmin-0~svn320/src/garmin.c:301:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, gmpfile);
data/libgarmin-0~svn320/src/garmin.c:323:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s.TRE", buf);
data/libgarmin-0~svn320/src/garmin.c:325:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s.RGN", buf);
data/libgarmin-0~svn320/src/garmin.c:327:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s.LBL", buf);
data/libgarmin-0~svn320/src/garmin.c:329:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s.NET", buf);
data/libgarmin-0~svn320/src/garmin.c:331:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf1, "%s.NOD", buf);
data/libgarmin-0~svn320/src/garmin_fat.c:107:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn,"%s.%s", sub->mapid, ext);
data/libgarmin-0~svn320/src/garmin_fat.c:122:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn,"%s.GMP", sub->mapid);
data/libgarmin-0~svn320/src/garmin_fat.c:129:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn,"%s.%s", sub->mapid, ext);
data/libgarmin-0~svn320/src/garmin_fat.c:171:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fe->filename, name);
data/libgarmin-0~svn320/src/garmin_mdr.c:291:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sz += sprintf(buf+sz, "%s%c", inasc ? "" : "[", a[i]);
data/libgarmin-0~svn320/src/garmin_mdr.c:294:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sz += sprintf(buf+sz, "%s%02X ", inasc ? "]" : "",a[i]);
data/libgarmin-0~svn320/src/garmin_mdr.c:539:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/libgarmin-0~svn320/src/garmin_mps.c:22:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log(x, y...) fprintf(stderr, ## y)
data/libgarmin-0~svn320/src/garmin_mps.c:46:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s.img", gar->tdbdir, file);
data/libgarmin-0~svn320/src/garmin_nod.c:138:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fp, fmt, ap);
data/libgarmin-0~svn320/src/garmin_order.c:11:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log(n,x...) fprintf(stdout, ## x)
data/libgarmin-0~svn320/src/garmin_rgn.c:1029:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, imgs[rc]);
data/libgarmin-0~svn320/src/garmin_rgn.c:1039:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, imgs[j]);
data/libgarmin-0~svn320/src/garmin_rgn.c:1276:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Checking %s", sub->mapid);
data/libgarmin-0~svn320/src/garmin_tdb.c:17:22: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log(x, y...) fprintf(stderr, ## y)
data/libgarmin-0~svn320/src/garmin_tdb.c:41:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s/%s.img", gar->tdbdir, file);
data/libgarmin-0~svn320/src/garmin_tdb.c:174:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(imgname, "%s", tp+1);
data/libgarmin-0~svn320/src/geoutils.c:30:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log(x, y ...) fprintf(stdout, ## y)
data/libgarmin-0~svn320/src/geoutils.c:39:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,"%s%slulat=%f, lulong=%f, rllat=%f, rllong=%f\n",
data/libgarmin-0~svn320/src/libgarmin.h:131:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format(printf,4,5)));
data/libgarmin-0~svn320/utils/bsptest.c:7:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define log(x, y ...) fprintf(stdout, ## y)
data/libgarmin-0~svn320/utils/garroute.c:21:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/libgarmin-0~svn320/utils/gartest.c:16:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/libgarmin-0~svn320/utils/garxor.c:85:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(in,"%s/%s", path, namelist[n]->d_name);
data/libgarmin-0~svn320/utils/garxor.c:86:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(out,"%s/%s.tmp", path, namelist[n]->d_name);
data/libgarmin-0~svn320/utils/garxor.c:89:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ren,"%s/%s.orig", path, namelist[n]->d_name);
data/libgarmin-0~svn320/utils/garxor.c:131:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s.tmp", argv[1]);
data/libgarmin-0~svn320/utils/garxtract.c:18:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/libgarmin-0~svn320/src/GarminTypedef.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8]; ///< 0x00000001 .. 0x00000008
data/libgarmin-0~svn320/src/GarminTypedef.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[3]; ///< 0x00000009 .. 0x0000000B
data/libgarmin-0~svn320/src/GarminTypedef.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[7]; ///< 0x00000010 .. 0x00000016
data/libgarmin-0~svn320/src/GarminTypedef.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[7]; ///< 0x00000041 .. 0x00000047
data/libgarmin-0~svn320/src/GarminTypedef.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc1[20]; ///< 0x00000049 .. 0x0000005C
data/libgarmin-0~svn320/src/GarminTypedef.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc2[31]; ///< 0x00000065 .. 0x00000083
data/libgarmin-0~svn320/src/GarminTypedef.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[10]; ///< 0x00000002 .. 0x0000000B
data/libgarmin-0~svn320/src/garmin.c:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/src/garmin.c:52:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(buf+sz, "%02X ",a[i]);
data/libgarmin-0~svn320/src/garmin.c:72:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, flags);
data/libgarmin-0~svn320/src/garmin.c:126:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[i] ^= g->xor;
data/libgarmin-0~svn320/src/garmin.c:142:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[i] ^= g->xor;
data/libgarmin-0~svn320/src/garmin.c:160:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)buf)[i] ^= g->xor;
data/libgarmin-0~svn320/src/garmin.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modename[50] = "";
data/libgarmin-0~svn320/src/garmin.c:211:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modename, "GPS Backend");
data/libgarmin-0~svn320/src/garmin.c:213:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modename, "Parser");
data/libgarmin-0~svn320/src/garmin.c:215:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(modename, "Data dumper");
data/libgarmin-0~svn320/src/garmin.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20], *cp;
data/libgarmin-0~svn320/src/garmin.c:298:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[20];
data/libgarmin-0~svn320/src/garmin_fat.c:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[20];
data/libgarmin-0~svn320/src/garmin_fat.c:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[20];
data/libgarmin-0~svn320/src/garmin_fat.c:187:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fe->filename, fent->name, 8);
data/libgarmin-0~svn320/src/garmin_fat.c:192:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cp, fent->type, 3);
data/libgarmin-0~svn320/src/garmin_fat.c:290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/src/garmin_fat.h:3:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[13];
data/libgarmin-0~svn320/src/garmin_lbl.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dbuf[5*len];
data/libgarmin-0~svn320/src/garmin_lbl.c:177:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
c+=sprintf(dbuf+c, "0x%02X,", cp[i]);
data/libgarmin-0~svn320/src/garmin_lbl.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[3];
data/libgarmin-0~svn320/src/garmin_lbl.c:376:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(l->codepage,"Windows-%d", lbl.codepage);
data/libgarmin-0~svn320/src/garmin_lbl.c:378:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(l->codepage,"Big5");
data/libgarmin-0~svn320/src/garmin_lbl.c:380:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(l->codepage,"ascii");
data/libgarmin-0~svn320/src/garmin_lbl.c:431:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libgarmin-0~svn320/src/garmin_lbl.c:599:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rec[lbl.lbl7_rec_size];
data/libgarmin-0~svn320/src/garmin_lbl.c:661:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rec[lbl.lbl5_rec_size];
data/libgarmin-0~svn320/src/garmin_lbl.c:774:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/libgarmin-0~svn320/src/garmin_lbl.c:837:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(out+sz, "%d%d", a, b);
data/libgarmin-0~svn320/src/garmin_lbl.c:840:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(out+sz, "%d-", a);
data/libgarmin-0~svn320/src/garmin_lbl.c:842:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(out+sz, "-%d", b);
data/libgarmin-0~svn320/src/garmin_lbl.c:892:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/libgarmin-0~svn320/src/garmin_lbl.c:893:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[1024];
data/libgarmin-0~svn320/src/garmin_mdr.c:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[m->idxfiles_len];
data/libgarmin-0~svn320/src/garmin_mdr.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/src/garmin_mdr.c:279:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(buf+sz, "%02X ",a[i]);
data/libgarmin-0~svn320/src/garmin_mdr.c:286:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/src/garmin_mdr.c:303:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char head[6];
data/libgarmin-0~svn320/src/garmin_mdr.c:307:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char text[3];
data/libgarmin-0~svn320/src/garmin_mdr.c:317:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/libgarmin-0~svn320/src/garmin_mdr.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[10];
data/libgarmin-0~svn320/src/garmin_mdr.c:330:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "header");
data/libgarmin-0~svn320/src/garmin_mdr.c:348:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/libgarmin-0~svn320/src/garmin_mdr.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[10];
data/libgarmin-0~svn320/src/garmin_mdr.c:357:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "lbl");
data/libgarmin-0~svn320/src/garmin_mdr.c:377:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[recsize];
data/libgarmin-0~svn320/src/garmin_mdr.c:379:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[10];
data/libgarmin-0~svn320/src/garmin_mdr.c:405:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[recsize];
data/libgarmin-0~svn320/src/garmin_mdr.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[10];
data/libgarmin-0~svn320/src/garmin_mdr.c:420:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pref, "%d", i);
data/libgarmin-0~svn320/src/garmin_mps.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[4096];
data/libgarmin-0~svn320/src/garmin_mps.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imgname[128];
data/libgarmin-0~svn320/src/garmin_mps.c:68:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, OPENFLAGS);
data/libgarmin-0~svn320/src/garmin_net.c:105:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/libgarmin-0~svn320/src/garmin_net.c:389:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/libgarmin-0~svn320/src/garmin_net.c:433:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(buf + sz, "%d %d ", i, ri->rio[i]);
data/libgarmin-0~svn320/src/garmin_net.c:607:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/libgarmin-0~svn320/src/garmin_net.c:775:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/libgarmin-0~svn320/src/garmin_nod.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/src/garmin_nod.c:75:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(buf+sz, "%02X ",a[i]);
data/libgarmin-0~svn320/src/garmin_nod.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libgarmin-0~svn320/src/garmin_nod.c:88:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "nodes/path.txt");
data/libgarmin-0~svn320/src/garmin_nod.c:90:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "w+");
data/libgarmin-0~svn320/src/garmin_nod.c:92:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "a+");
data/libgarmin-0~svn320/src/garmin_nod.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libgarmin-0~svn320/src/garmin_nod.c:103:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "nodes/%d-%d.txt", node->offset,node->nodeid);
data/libgarmin-0~svn320/src/garmin_nod.c:104:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "w");
data/libgarmin-0~svn320/src/garmin_nod.c:113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libgarmin-0~svn320/src/garmin_nod.c:117:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "nodes/%d-%d.txt", node->offset,node->nodeid);
data/libgarmin-0~svn320/src/garmin_nod.c:118:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "a+");
data/libgarmin-0~svn320/src/garmin_nod.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libgarmin-0~svn320/src/garmin_nod.c:133:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "nodes/%d-%d.txt", node->offset, node->nodeid);
data/libgarmin-0~svn320/src/garmin_nod.c:134:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "a+");
data/libgarmin-0~svn320/src/garmin_nod.c:355:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/libgarmin-0~svn320/src/garmin_nod.c:363:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "nod1 %ld", offset);
data/libgarmin-0~svn320/src/garmin_nod.c:699:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tfmap = fopen(filename, "w");
data/libgarmin-0~svn320/src/garmin_nod.h:90:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bitmap[0];
data/libgarmin-0~svn320/src/garmin_obj.c:695:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libgarmin-0~svn320/src/garmin_obj.c:1119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/libgarmin-0~svn320/src/garmin_obj.c:1180:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r = atoi(cp);
data/libgarmin-0~svn320/src/garmin_obj.c:1319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[len*3+1];
data/libgarmin-0~svn320/src/garmin_obj.c:1322:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sz += sprintf(buf+sz, "%02X ", src[i]);
data/libgarmin-0~svn320/src/garmin_obj.c:1331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libgarmin-0~svn320/src/garmin_obj.c:1332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extra[100];
data/libgarmin-0~svn320/src/garmin_obj.c:1357:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(extra, " d:%u sc:%u eb:%u dt:%d",
data/libgarmin-0~svn320/src/garmin_obj.c:1503:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192];
data/libgarmin-0~svn320/src/garmin_order.h:4:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char order[256];
data/libgarmin-0~svn320/src/garmin_rgn.c:271:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rec[recsize];
data/libgarmin-0~svn320/src/garmin_rgn.c:584:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[tre->tre1_size];
data/libgarmin-0~svn320/src/garmin_rgn.c:618:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ml->ml, cp, s);
data/libgarmin-0~svn320/src/garmin_rgn.c:655:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sub->id = atoi(sub->mapid);
data/libgarmin-0~svn320/src/garmin_rgn.c:897:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(sub->mapid);
data/libgarmin-0~svn320/src/garmin_rgn.c:902:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(sub->mapid);
data/libgarmin-0~svn320/src/garmin_rgn.c:913:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
minid = atoi(sub->mapid);
data/libgarmin-0~svn320/src/garmin_rgn.c:1019:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/libgarmin-0~svn320/src/garmin_rgn.c:1263:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/libgarmin-0~svn320/src/garmin_tdb.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[4096];
data/libgarmin-0~svn320/src/garmin_tdb.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char imgname[128];
data/libgarmin-0~svn320/src/garmin_tdb.c:63:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, (OPENFLAGS&~O_NOATIME));
data/libgarmin-0~svn320/src/garmin_tdb.c:135:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgname, "%08u", *(u_int32_t *)cp);
data/libgarmin-0~svn320/src/garmin_tdb.c:199:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(imgname, "%08u", *(u_int32_t *)cp);
data/libgarmin-0~svn320/src/geoutils.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/libgarmin-0~svn320/src/libgarmin_priv.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char codepage[512];
data/libgarmin-0~svn320/utils/garroute.c:149:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "w");
data/libgarmin-0~svn320/utils/garroute.c:181:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(argv[2]);
data/libgarmin-0~svn320/utils/garroute.c:189:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ofrom = atoi(argv[4]);
data/libgarmin-0~svn320/utils/garroute.c:191:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
oto = atoi(argv[5]);
data/libgarmin-0~svn320/utils/garroute.c:219:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/libgarmin-0~svn320/utils/garroute.c:220:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"/tmp/%d-graph.txt", ofrom);
data/libgarmin-0~svn320/utils/gartest.c:61:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
debug = atoi(argv[i+1]);
data/libgarmin-0~svn320/utils/garxor.c:13:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/utils/garxor.c:19:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(in, O_RDONLY);
data/libgarmin-0~svn320/utils/garxor.c:24:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd1 = open(out, O_RDWR|O_CREAT|O_TRUNC, 0660);
data/libgarmin-0~svn320/utils/garxor.c:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[4096];
data/libgarmin-0~svn320/utils/garxor.c:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[4096];
data/libgarmin-0~svn320/utils/garxor.c:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ren[4096];
data/libgarmin-0~svn320/utils/garxor.c:130:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libgarmin-0~svn320/utils/garxtract.c:48:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC, 0660);
data/libgarmin-0~svn320/src/garmin.c:122:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(g->fd, buf, count);
data/libgarmin-0~svn320/src/garmin.c:138:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(g->fd, buf, count);
data/libgarmin-0~svn320/src/garmin.c:374:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(g->fd, &g->xor, sizeof(g->xor)) != sizeof(g->xor)) {
data/libgarmin-0~svn320/src/garmin.c:420:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, &hdr, sizeof(struct hdr_img_t));
data/libgarmin-0~svn320/src/garmin_lbl.c:844:11: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sz += sprintf(out+sz, " ");
data/libgarmin-0~svn320/src/garmin_mps.c:74:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, &block, sizeof(struct tdb_block)) ==
data/libgarmin-0~svn320/src/garmin_mps.c:81:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, buf, block.size);
data/libgarmin-0~svn320/src/garmin_mps.c:90:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp+=strlen(cp) + 1;
data/libgarmin-0~svn320/src/garmin_mps.c:99:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/libgarmin-0~svn320/src/garmin_mps.c:101:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/libgarmin-0~svn320/src/garmin_mps.c:103:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/libgarmin-0~svn320/src/garmin_mps.c:115:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp+=strlen(cp)+1;
data/libgarmin-0~svn320/src/garmin_obj.c:540:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncasecmp(str, needle, strlen(needle));
data/libgarmin-0~svn320/src/garmin_obj.c:1153:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "/");
data/libgarmin-0~svn320/src/garmin_obj.c:1508:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "/");
data/libgarmin-0~svn320/src/garmin_tdb.c:69:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(fd, &block, sizeof(struct tdb_block)) ==
data/libgarmin-0~svn320/src/garmin_tdb.c:76:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd, buf, block.size);
data/libgarmin-0~svn320/src/garmin_tdb.c:87:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp+=16+strlen(cp+16) + 1;
data/libgarmin-0~svn320/src/garmin_tdb.c:110:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp+=4+strlen(cp+4) + 1;
data/libgarmin-0~svn320/src/garmin_tdb.c:119:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp+=1+ strlen(cp+1) + 1;
data/libgarmin-0~svn320/src/garmin_tdb.c:127:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp+=2+strlen(cp+2) + 1;
data/libgarmin-0~svn320/src/garmin_tdb.c:168:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/libgarmin-0~svn320/src/garmin_tdb.c:176:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(imgname, file, sizeof(imgname)-1);
data/libgarmin-0~svn320/src/garmin_tdb.c:228:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp += strlen(cp) + 1;
data/libgarmin-0~svn320/utils/garxor.c:29:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((rc = read(fd, buf, sizeof(buf))) > 0) {
ANALYSIS SUMMARY:
Hits = 184
Lines analyzed = 11510 in approximately 0.34 seconds (34163 lines/second)
Physical Source Lines of Code (SLOC) = 10111
Hits@level = [0] 66 [1] 25 [2] 125 [3] 0 [4] 34 [5] 0
Hits@level+ = [0+] 250 [1+] 184 [2+] 159 [3+] 34 [4+] 34 [5+] 0
Hits/KSLOC@level+ = [0+] 24.7255 [1+] 18.198 [2+] 15.7254 [3+] 3.36267 [4+] 3.36267 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.