Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgarmin-0~svn320/src/GarminTypedef.h Examining data/libgarmin-0~svn320/src/align.h Examining data/libgarmin-0~svn320/src/array.c Examining data/libgarmin-0~svn320/src/array.h Examining data/libgarmin-0~svn320/src/bsp.c Examining data/libgarmin-0~svn320/src/bsp.h Examining data/libgarmin-0~svn320/src/extras.h Examining data/libgarmin-0~svn320/src/garmin.c Examining data/libgarmin-0~svn320/src/garmin_fat.c Examining data/libgarmin-0~svn320/src/garmin_fat.h Examining data/libgarmin-0~svn320/src/garmin_lbl.c Examining data/libgarmin-0~svn320/src/garmin_lbl.h Examining data/libgarmin-0~svn320/src/garmin_mdr.h Examining data/libgarmin-0~svn320/src/garmin_mps.c Examining data/libgarmin-0~svn320/src/garmin_net.c Examining data/libgarmin-0~svn320/src/garmin_net.h Examining data/libgarmin-0~svn320/src/garmin_nod.c Examining data/libgarmin-0~svn320/src/garmin_nod.h Examining data/libgarmin-0~svn320/src/garmin_obj.c Examining data/libgarmin-0~svn320/src/garmin_order.c Examining data/libgarmin-0~svn320/src/garmin_order.h Examining data/libgarmin-0~svn320/src/garmin_rgn.c Examining data/libgarmin-0~svn320/src/garmin_rgn.h Examining data/libgarmin-0~svn320/src/garmin_route.c Examining data/libgarmin-0~svn320/src/garmin_subdiv.c Examining data/libgarmin-0~svn320/src/garmin_subdiv.h Examining data/libgarmin-0~svn320/src/garmin_tdb.c Examining data/libgarmin-0~svn320/src/garmin_tdb.h Examining data/libgarmin-0~svn320/src/garmin_typ.c Examining data/libgarmin-0~svn320/src/geoutils.c Examining data/libgarmin-0~svn320/src/geoutils.h Examining data/libgarmin-0~svn320/src/libgarmin.h Examining data/libgarmin-0~svn320/src/libgarmin_priv.h Examining data/libgarmin-0~svn320/src/list.c Examining data/libgarmin-0~svn320/src/list.h Examining data/libgarmin-0~svn320/src/win32support.h Examining data/libgarmin-0~svn320/src/garmin_mdr.c Examining data/libgarmin-0~svn320/utils/bsptest.c Examining data/libgarmin-0~svn320/utils/garroute.c Examining data/libgarmin-0~svn320/utils/gartest.c Examining data/libgarmin-0~svn320/utils/garxor.c Examining data/libgarmin-0~svn320/utils/garxtract.c FINAL RESULTS: data/libgarmin-0~svn320/src/garmin.c:301:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, gmpfile); data/libgarmin-0~svn320/src/garmin.c:323:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf1, "%s.TRE", buf); data/libgarmin-0~svn320/src/garmin.c:325:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf1, "%s.RGN", buf); data/libgarmin-0~svn320/src/garmin.c:327:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf1, "%s.LBL", buf); data/libgarmin-0~svn320/src/garmin.c:329:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf1, "%s.NET", buf); data/libgarmin-0~svn320/src/garmin.c:331:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf1, "%s.NOD", buf); data/libgarmin-0~svn320/src/garmin_fat.c:107:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn,"%s.%s", sub->mapid, ext); data/libgarmin-0~svn320/src/garmin_fat.c:122:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn,"%s.GMP", sub->mapid); data/libgarmin-0~svn320/src/garmin_fat.c:129:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn,"%s.%s", sub->mapid, ext); data/libgarmin-0~svn320/src/garmin_fat.c:171:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fe->filename, name); data/libgarmin-0~svn320/src/garmin_mdr.c:291:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sz += sprintf(buf+sz, "%s%c", inasc ? "" : "[", a[i]); data/libgarmin-0~svn320/src/garmin_mdr.c:294:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sz += sprintf(buf+sz, "%s%02X ", inasc ? "]" : "",a[i]); data/libgarmin-0~svn320/src/garmin_mdr.c:539:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/libgarmin-0~svn320/src/garmin_mps.c:22:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(x, y...) fprintf(stderr, ## y) data/libgarmin-0~svn320/src/garmin_mps.c:46:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s.img", gar->tdbdir, file); data/libgarmin-0~svn320/src/garmin_nod.c:138:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(fp, fmt, ap); data/libgarmin-0~svn320/src/garmin_order.c:11:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(n,x...) fprintf(stdout, ## x) data/libgarmin-0~svn320/src/garmin_rgn.c:1029:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, imgs[rc]); data/libgarmin-0~svn320/src/garmin_rgn.c:1039:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, imgs[j]); data/libgarmin-0~svn320/src/garmin_rgn.c:1276:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Checking %s", sub->mapid); data/libgarmin-0~svn320/src/garmin_tdb.c:17:22: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(x, y...) fprintf(stderr, ## y) data/libgarmin-0~svn320/src/garmin_tdb.c:41:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s.img", gar->tdbdir, file); data/libgarmin-0~svn320/src/garmin_tdb.c:174:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(imgname, "%s", tp+1); data/libgarmin-0~svn320/src/geoutils.c:30:23: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(x, y ...) fprintf(stdout, ## y) data/libgarmin-0~svn320/src/geoutils.c:39:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"%s%slulat=%f, lulong=%f, rllat=%f, rllong=%f\n", data/libgarmin-0~svn320/src/libgarmin.h:131:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format(printf,4,5))); data/libgarmin-0~svn320/utils/bsptest.c:7:23: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define log(x, y ...) fprintf(stdout, ## y) data/libgarmin-0~svn320/utils/garroute.c:21:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/libgarmin-0~svn320/utils/gartest.c:16:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/libgarmin-0~svn320/utils/garxor.c:85:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(in,"%s/%s", path, namelist[n]->d_name); data/libgarmin-0~svn320/utils/garxor.c:86:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(out,"%s/%s.tmp", path, namelist[n]->d_name); data/libgarmin-0~svn320/utils/garxor.c:89:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(ren,"%s/%s.orig", path, namelist[n]->d_name); data/libgarmin-0~svn320/utils/garxor.c:131:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s.tmp", argv[1]); data/libgarmin-0~svn320/utils/garxtract.c:18:2: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/libgarmin-0~svn320/src/GarminTypedef.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; ///< 0x00000001 .. 0x00000008 data/libgarmin-0~svn320/src/GarminTypedef.h:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[3]; ///< 0x00000009 .. 0x0000000B data/libgarmin-0~svn320/src/GarminTypedef.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[7]; ///< 0x00000010 .. 0x00000016 data/libgarmin-0~svn320/src/GarminTypedef.h:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char identifier[7]; ///< 0x00000041 .. 0x00000047 data/libgarmin-0~svn320/src/GarminTypedef.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc1[20]; ///< 0x00000049 .. 0x0000005C data/libgarmin-0~svn320/src/GarminTypedef.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char desc2[31]; ///< 0x00000065 .. 0x00000083 data/libgarmin-0~svn320/src/GarminTypedef.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[10]; ///< 0x00000002 .. 0x0000000B data/libgarmin-0~svn320/src/garmin.c:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/src/garmin.c:52:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(buf+sz, "%02X ",a[i]); data/libgarmin-0~svn320/src/garmin.c:72:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, flags); data/libgarmin-0~svn320/src/garmin.c:126:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)buf)[i] ^= g->xor; data/libgarmin-0~svn320/src/garmin.c:142:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)buf)[i] ^= g->xor; data/libgarmin-0~svn320/src/garmin.c:160:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)buf)[i] ^= g->xor; data/libgarmin-0~svn320/src/garmin.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modename[50] = ""; data/libgarmin-0~svn320/src/garmin.c:211:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modename, "GPS Backend"); data/libgarmin-0~svn320/src/garmin.c:213:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modename, "Parser"); data/libgarmin-0~svn320/src/garmin.c:215:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(modename, "Data dumper"); data/libgarmin-0~svn320/src/garmin.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20], *cp; data/libgarmin-0~svn320/src/garmin.c:298:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[20]; data/libgarmin-0~svn320/src/garmin_fat.c:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[20]; data/libgarmin-0~svn320/src/garmin_fat.c:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[20]; data/libgarmin-0~svn320/src/garmin_fat.c:187:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fe->filename, fent->name, 8); data/libgarmin-0~svn320/src/garmin_fat.c:192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, fent->type, 3); data/libgarmin-0~svn320/src/garmin_fat.c:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/src/garmin_fat.h:3:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[13]; data/libgarmin-0~svn320/src/garmin_lbl.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dbuf[5*len]; data/libgarmin-0~svn320/src/garmin_lbl.c:177:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. c+=sprintf(dbuf+c, "0x%02X,", cp[i]); data/libgarmin-0~svn320/src/garmin_lbl.c:243:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[3]; data/libgarmin-0~svn320/src/garmin_lbl.c:376:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(l->codepage,"Windows-%d", lbl.codepage); data/libgarmin-0~svn320/src/garmin_lbl.c:378:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(l->codepage,"Big5"); data/libgarmin-0~svn320/src/garmin_lbl.c:380:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(l->codepage,"ascii"); data/libgarmin-0~svn320/src/garmin_lbl.c:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libgarmin-0~svn320/src/garmin_lbl.c:599:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rec[lbl.lbl7_rec_size]; data/libgarmin-0~svn320/src/garmin_lbl.c:661:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rec[lbl.lbl5_rec_size]; data/libgarmin-0~svn320/src/garmin_lbl.c:774:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/libgarmin-0~svn320/src/garmin_lbl.c:837:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(out+sz, "%d%d", a, b); data/libgarmin-0~svn320/src/garmin_lbl.c:840:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(out+sz, "%d-", a); data/libgarmin-0~svn320/src/garmin_lbl.c:842:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(out+sz, "-%d", b); data/libgarmin-0~svn320/src/garmin_lbl.c:892:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256]; data/libgarmin-0~svn320/src/garmin_lbl.c:893:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char l[1024]; data/libgarmin-0~svn320/src/garmin_mdr.c:240:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[m->idxfiles_len]; data/libgarmin-0~svn320/src/garmin_mdr.c:276:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/src/garmin_mdr.c:279:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(buf+sz, "%02X ",a[i]); data/libgarmin-0~svn320/src/garmin_mdr.c:286:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/src/garmin_mdr.c:303:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char head[6]; data/libgarmin-0~svn320/src/garmin_mdr.c:307:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char text[3]; data/libgarmin-0~svn320/src/garmin_mdr.c:317:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/libgarmin-0~svn320/src/garmin_mdr.c:319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref[10]; data/libgarmin-0~svn320/src/garmin_mdr.c:330:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pref, "header"); data/libgarmin-0~svn320/src/garmin_mdr.c:348:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/libgarmin-0~svn320/src/garmin_mdr.c:350:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref[10]; data/libgarmin-0~svn320/src/garmin_mdr.c:357:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pref, "lbl"); data/libgarmin-0~svn320/src/garmin_mdr.c:377:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[recsize]; data/libgarmin-0~svn320/src/garmin_mdr.c:379:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref[10]; data/libgarmin-0~svn320/src/garmin_mdr.c:405:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[recsize]; data/libgarmin-0~svn320/src/garmin_mdr.c:407:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref[10]; data/libgarmin-0~svn320/src/garmin_mdr.c:420:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pref, "%d", i); data/libgarmin-0~svn320/src/garmin_mps.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[4096]; data/libgarmin-0~svn320/src/garmin_mps.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imgname[128]; data/libgarmin-0~svn320/src/garmin_mps.c:68:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, OPENFLAGS); data/libgarmin-0~svn320/src/garmin_net.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12]; data/libgarmin-0~svn320/src/garmin_net.c:389:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/libgarmin-0~svn320/src/garmin_net.c:433:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(buf + sz, "%d %d ", i, ri->rio[i]); data/libgarmin-0~svn320/src/garmin_net.c:607:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/libgarmin-0~svn320/src/garmin_net.c:775:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/libgarmin-0~svn320/src/garmin_nod.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/src/garmin_nod.c:75:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(buf+sz, "%02X ",a[i]); data/libgarmin-0~svn320/src/garmin_nod.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libgarmin-0~svn320/src/garmin_nod.c:88:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "nodes/path.txt"); data/libgarmin-0~svn320/src/garmin_nod.c:90:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(buf, "w+"); data/libgarmin-0~svn320/src/garmin_nod.c:92:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(buf, "a+"); data/libgarmin-0~svn320/src/garmin_nod.c:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libgarmin-0~svn320/src/garmin_nod.c:103:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "nodes/%d-%d.txt", node->offset,node->nodeid); data/libgarmin-0~svn320/src/garmin_nod.c:104:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(buf, "w"); data/libgarmin-0~svn320/src/garmin_nod.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libgarmin-0~svn320/src/garmin_nod.c:117:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "nodes/%d-%d.txt", node->offset,node->nodeid); data/libgarmin-0~svn320/src/garmin_nod.c:118:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(buf, "a+"); data/libgarmin-0~svn320/src/garmin_nod.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libgarmin-0~svn320/src/garmin_nod.c:133:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "nodes/%d-%d.txt", node->offset, node->nodeid); data/libgarmin-0~svn320/src/garmin_nod.c:134:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(buf, "a+"); data/libgarmin-0~svn320/src/garmin_nod.c:355:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/libgarmin-0~svn320/src/garmin_nod.c:363:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "nod1 %ld", offset); data/libgarmin-0~svn320/src/garmin_nod.c:699:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tfmap = fopen(filename, "w"); data/libgarmin-0~svn320/src/garmin_nod.h:90:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitmap[0]; data/libgarmin-0~svn320/src/garmin_obj.c:695:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/libgarmin-0~svn320/src/garmin_obj.c:1119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libgarmin-0~svn320/src/garmin_obj.c:1180:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r = atoi(cp); data/libgarmin-0~svn320/src/garmin_obj.c:1319:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[len*3+1]; data/libgarmin-0~svn320/src/garmin_obj.c:1322:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sz += sprintf(buf+sz, "%02X ", src[i]); data/libgarmin-0~svn320/src/garmin_obj.c:1331:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libgarmin-0~svn320/src/garmin_obj.c:1332:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[100]; data/libgarmin-0~svn320/src/garmin_obj.c:1357:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(extra, " d:%u sc:%u eb:%u dt:%d", data/libgarmin-0~svn320/src/garmin_obj.c:1503:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libgarmin-0~svn320/src/garmin_order.h:4:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char order[256]; data/libgarmin-0~svn320/src/garmin_rgn.c:271:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rec[recsize]; data/libgarmin-0~svn320/src/garmin_rgn.c:584:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[tre->tre1_size]; data/libgarmin-0~svn320/src/garmin_rgn.c:618:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ml->ml, cp, s); data/libgarmin-0~svn320/src/garmin_rgn.c:655:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sub->id = atoi(sub->mapid); data/libgarmin-0~svn320/src/garmin_rgn.c:897:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id = atoi(sub->mapid); data/libgarmin-0~svn320/src/garmin_rgn.c:902:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id = atoi(sub->mapid); data/libgarmin-0~svn320/src/garmin_rgn.c:913:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). minid = atoi(sub->mapid); data/libgarmin-0~svn320/src/garmin_rgn.c:1019:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/libgarmin-0~svn320/src/garmin_rgn.c:1263:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/libgarmin-0~svn320/src/garmin_tdb.c:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[4096]; data/libgarmin-0~svn320/src/garmin_tdb.c:62:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char imgname[128]; data/libgarmin-0~svn320/src/garmin_tdb.c:63:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, (OPENFLAGS&~O_NOATIME)); data/libgarmin-0~svn320/src/garmin_tdb.c:135:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(imgname, "%08u", *(u_int32_t *)cp); data/libgarmin-0~svn320/src/garmin_tdb.c:199:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(imgname, "%08u", *(u_int32_t *)cp); data/libgarmin-0~svn320/src/geoutils.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libgarmin-0~svn320/src/libgarmin_priv.h:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char codepage[512]; data/libgarmin-0~svn320/utils/garroute.c:149:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(file, "w"); data/libgarmin-0~svn320/utils/garroute.c:181:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug = atoi(argv[2]); data/libgarmin-0~svn320/utils/garroute.c:189:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ofrom = atoi(argv[4]); data/libgarmin-0~svn320/utils/garroute.c:191:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). oto = atoi(argv[5]); data/libgarmin-0~svn320/utils/garroute.c:219:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libgarmin-0~svn320/utils/garroute.c:220:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"/tmp/%d-graph.txt", ofrom); data/libgarmin-0~svn320/utils/gartest.c:61:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). debug = atoi(argv[i+1]); data/libgarmin-0~svn320/utils/garxor.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/utils/garxor.c:19:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(in, O_RDONLY); data/libgarmin-0~svn320/utils/garxor.c:24:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd1 = open(out, O_RDWR|O_CREAT|O_TRUNC, 0660); data/libgarmin-0~svn320/utils/garxor.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in[4096]; data/libgarmin-0~svn320/utils/garxor.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[4096]; data/libgarmin-0~svn320/utils/garxor.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ren[4096]; data/libgarmin-0~svn320/utils/garxor.c:130:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libgarmin-0~svn320/utils/garxtract.c:48:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(argv[2], O_WRONLY|O_CREAT|O_TRUNC, 0660); data/libgarmin-0~svn320/src/garmin.c:122:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(g->fd, buf, count); data/libgarmin-0~svn320/src/garmin.c:138:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(g->fd, buf, count); data/libgarmin-0~svn320/src/garmin.c:374:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(g->fd, &g->xor, sizeof(g->xor)) != sizeof(g->xor)) { data/libgarmin-0~svn320/src/garmin.c:420:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, &hdr, sizeof(struct hdr_img_t)); data/libgarmin-0~svn320/src/garmin_lbl.c:844:11: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sz += sprintf(out+sz, " "); data/libgarmin-0~svn320/src/garmin_mps.c:74:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(fd, &block, sizeof(struct tdb_block)) == data/libgarmin-0~svn320/src/garmin_mps.c:81:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, buf, block.size); data/libgarmin-0~svn320/src/garmin_mps.c:90:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp+=strlen(cp) + 1; data/libgarmin-0~svn320/src/garmin_mps.c:99:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp) + 1; data/libgarmin-0~svn320/src/garmin_mps.c:101:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp) + 1; data/libgarmin-0~svn320/src/garmin_mps.c:103:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp) + 1; data/libgarmin-0~svn320/src/garmin_mps.c:115:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp+=strlen(cp)+1; data/libgarmin-0~svn320/src/garmin_obj.c:540:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return !strncasecmp(str, needle, strlen(needle)); data/libgarmin-0~svn320/src/garmin_obj.c:1153:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "/"); data/libgarmin-0~svn320/src/garmin_obj.c:1508:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "/"); data/libgarmin-0~svn320/src/garmin_tdb.c:69:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read(fd, &block, sizeof(struct tdb_block)) == data/libgarmin-0~svn320/src/garmin_tdb.c:76:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, buf, block.size); data/libgarmin-0~svn320/src/garmin_tdb.c:87:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp+=16+strlen(cp+16) + 1; data/libgarmin-0~svn320/src/garmin_tdb.c:110:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp+=4+strlen(cp+4) + 1; data/libgarmin-0~svn320/src/garmin_tdb.c:119:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp+=1+ strlen(cp+1) + 1; data/libgarmin-0~svn320/src/garmin_tdb.c:127:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp+=2+strlen(cp+2) + 1; data/libgarmin-0~svn320/src/garmin_tdb.c:168:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp) + 1; data/libgarmin-0~svn320/src/garmin_tdb.c:176:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(imgname, file, sizeof(imgname)-1); data/libgarmin-0~svn320/src/garmin_tdb.c:228:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp += strlen(cp) + 1; data/libgarmin-0~svn320/utils/garxor.c:29:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rc = read(fd, buf, sizeof(buf))) > 0) { ANALYSIS SUMMARY: Hits = 184 Lines analyzed = 11510 in approximately 0.34 seconds (34163 lines/second) Physical Source Lines of Code (SLOC) = 10111 Hits@level = [0] 66 [1] 25 [2] 125 [3] 0 [4] 34 [5] 0 Hits@level+ = [0+] 250 [1+] 184 [2+] 159 [3+] 34 [4+] 34 [5+] 0 Hits/KSLOC@level+ = [0+] 24.7255 [1+] 18.198 [2+] 15.7254 [3+] 3.36267 [4+] 3.36267 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.