Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h
Examining data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c
Examining data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_ds.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_image.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_include.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_leakcheck.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_perlin.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_rect_pack.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_textedit.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c
Examining data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h
Examining data/libstb-0.0~git20190817.1.052dce1/stretchy_buffer.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/c_lexer_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_main.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_render.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/caveview.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext_list.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/main.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/caveview/win32/SDL_windows_main.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/grid_reachability.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_generator.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_map.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/pg_test/pg_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h
Examining data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp
Examining data/libstb-0.0~git20190817.1.052dce1/tests/resample_test_c.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/sdf/sdf_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stb.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stb_cpp.cpp
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stb_static.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stblib_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stblib_test_companion.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stretch_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/stretchy_buffer_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_c_compilation.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_c_lexer.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_cpp_compilation.cpp
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_ds.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_ds_cpp.cpp
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_dxt.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_easyfont.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_image.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_image_write.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_perlin.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_siphash.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_sprintf.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_vorbis.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/test_voxel.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/textedit_sample.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/tilemap_editor_integration_example.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/vorbseek/vorbseek.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/image_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tests/image_write_test.c
Examining data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c
Examining data/libstb-0.0~git20190817.1.052dce1/tools/easy_font_maker.c
Examining data/libstb-0.0~git20190817.1.052dce1/tools/make_readme.c
Examining data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c
Examining data/libstb-0.0~git20190817.1.052dce1/stb.h
Parsing failed to find end of parameter list; semicolon terminated it in (out
}
}
}
#endif
void stb_fwrite32(FILE *f, stb_uint32 x)
{
fwrite(&x, 4, 1, f);
}
#if defined(_WIN32)
#define stb__stat _stat
#else
#define stb__stat stat
#endif
int stb_fex
Examining data/libstb-0.0~git20190817.1.052dce1/stb_c_lexer.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_divide.h
Examining data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h
FINAL RESULTS:
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1199:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1202:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:307:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:310:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:140:39: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( vsprintf )( char * buf, char const * fmt, va_list va );
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:141:39: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( vsnprintf )( char * buf, int count, char const * fmt, va_list va );
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:142:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( sprintf ) ( char * buf, char const * fmt, ... );
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:143:39: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( snprintf )( char * buf, int count, char const * fmt, ... );
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:745:39: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( sprintf )( char * buf, char const * fmt, ... )
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:781:39: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( vsnprintf )( char * buf, int count, char const * fmt, va_list va )
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:803:39: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( snprintf )( char * buf, int count, char const * fmt, ... )
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:808:31: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return RR_SPRINTF_DECORATE( vsnprintf )( buf, count, fmt, va );
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:811:39: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
RRPUBLIC_DEF int RR_SPRINTF_DECORATE( vsprintf )( char * buf, char const * fmt, va_list va )
data/libstb-0.0~git20190817.1.052dce1/stb.h:449:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define stb_p_strcpy_s(a,s,b) strcpy(a,b)
data/libstb-0.0~git20190817.1.052dce1/stb.h:451:27: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
#define stb_p_mktemp(s) (mktemp(s) != NULL)
data/libstb-0.0~git20190817.1.052dce1/stb.h:453:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define stb_p_sprintf sprintf
data/libstb-0.0~git20190817.1.052dce1/stb.h:460:26: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define stb_p_vsnprintf vsnprintf
data/libstb-0.0~git20190817.1.052dce1/stb.h:801:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(s,n,fmt,v);
data/libstb-0.0~git20190817.1.052dce1/stb.h:958:4: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt,v);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1143:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, s, a);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1192:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, s, a);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1206:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(f, s, a);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7143:7: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
swprintf(full_path, L"%s*", stb__from_utf8(path));
data/libstb-0.0~git20190817.1.052dce1/stb.h:7145:7: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
swprintf(full_path, L"%s/*", stb__from_utf8(path));
data/libstb-0.0~git20190817.1.052dce1/stb.h:7148:7: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf((wchar_t *) full_path, (size_t) 1024, L"%s*", (wchar_t *) stb__from_utf8(path));
data/libstb-0.0~git20190817.1.052dce1/stb.h:7150:7: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf((wchar_t *) full_path, (size_t) 1024, L"%s/*", (wchar_t *) stb__from_utf8(path));
data/libstb-0.0~git20190817.1.052dce1/stb.h:13453:30: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
va_list v; va_start(v,z); vsprintf(temp, z, v); va_end(v);
data/libstb-0.0~git20190817.1.052dce1/stb.h:13919:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(stu__comp_err_str, str, v);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:203:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp, inc_list[i].filename);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:215:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, path_to_includes);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:217:10: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp, inc_list[i].filename);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:234:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp, filename != 0 ? filename : "source-file");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:257:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text + length, strs[i]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:272:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(error, filename);
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:176:43: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(vsprintf)(char *buf, char const *fmt, va_list va);
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:177:43: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(vsnprintf)(char *buf, int count, char const *fmt, va_list va);
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:178:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(sprintf)(char *buf, char const *fmt, ...);
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:179:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(snprintf)(char *buf, int count, char const *fmt, ...);
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:1329:43: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(sprintf)(char *buf, char const *fmt, ...)
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:1379:44: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE( vsnprintf )( char * buf, int count, char const * fmt, va_list va )
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:1411:43: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(snprintf)(char *buf, int count, char const *fmt, ...)
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:1417:34: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = STB_SPRINTF_DECORATE(vsnprintf)(buf, count, fmt, va);
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:1423:43: [4] (buffer) vsprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
STBSP__PUBLICDEF int STB_SPRINTF_DECORATE(vsprintf)(char *buf, char const *fmt, va_list va)
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:1964:32: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define stbte__sprintf sprintf
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_main.c:63:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, text, va);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_main.c:316:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, fmt, va);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:535:69: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void *(APIENTRYP PFNGLMAPBUFFERPROC) (GLenum target, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:555:57: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void *APIENTRY glMapBuffer (GLenum target, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:1182:114: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void *(APIENTRYP PFNGLMAPBUFFERRANGEPROC) (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:1267:102: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void *APIENTRY glMapBufferRange (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:2157:134: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLBINDIMAGETEXTUREPROC) (GLuint unit, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLenum format);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:2170:122: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glBindImageTexture (GLuint unit, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLenum format);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:2598:87: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLMAKEIMAGEHANDLERESIDENTARBPROC) (GLuint64 handle, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:2615:75: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glMakeImageHandleResidentARB (GLuint64 handle, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:4177:72: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void *(APIENTRYP PFNGLMAPBUFFERARBPROC) (GLenum target, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:4189:60: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void *APIENTRY glMapBufferARB (GLenum target, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:6068:77: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void *(APIENTRYP PFNGLMAPNAMEDBUFFEREXTPROC) (GLuint buffer, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:6180:122: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void *(APIENTRYP PFNGLMAPNAMEDBUFFERRANGEEXTPROC) (GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:6324:65: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void *APIENTRY glMapNamedBufferEXT (GLuint buffer, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:6436:110: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void *APIENTRY glMapNamedBufferRangeEXT (GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:7140:138: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLBINDIMAGETEXTUREEXTPROC) (GLuint index, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLint format);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:7143:126: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glBindImageTextureEXT (GLuint index, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLint format);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:8102:95: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void *(APIENTRYP PFNGLMAPTEXTURE2DINTELPROC) (GLuint texture, GLint level, GLbitfield access, GLint *stride, GLenum *layout);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:8106:83: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void *APIENTRY glMapTexture2DINTEL (GLuint texture, GLint level, GLbitfield access, GLint *stride, GLenum *layout);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:8286:86: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLMAKEIMAGEHANDLERESIDENTNVPROC) (GLuint64 handle, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:8300:74: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glMakeImageHandleResidentNV (GLuint64 handle, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:9380:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLMAKEBUFFERRESIDENTNVPROC) (GLenum target, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:9383:84: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLMAKENAMEDBUFFERRESIDENTNVPROC) (GLuint buffer, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:9395:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glMakeBufferResidentNV (GLenum target, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:9398:72: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glMakeNamedBufferResidentNV (GLuint buffer, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:9699:90: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLVDPAUSURFACEACCESSNVPROC) (GLvdpauSurfaceNV surface, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/glext.h:9710:78: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glVDPAUSurfaceAccessNV (GLvdpauSurfaceNV surface, GLenum access);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:55:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/fonts/arial.ttf", win);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:156:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, str, v);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:166:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, text, v);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:804:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer+1, lpCmdLine);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:153:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, s, a);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:243:10: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(s,n,fmt,v);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:587:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(d,s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:980:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(q,s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1138:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "%s/%s", dir, buffer);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1140:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, buffer);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1149:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "%s.%s", buffer, ext[0] == '.' ? ext+1 : ext);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1151:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(output, buffer);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2105:24: [4] (tmpfile) mktemp:
Temporary file race condition (CWE-377).
#define stb_mktemp mktemp
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2320:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(abs,rel);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2328:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(abs+n+1, rel);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:252:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "test-output/type-%d-%d-%d-%d-%s", type, colorspace, new_w, new_h, file);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:296:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "test-output/type-%d-%d-%d-%d-%s", type, colorspace, new_w, new_h, file);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:333:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "test-output/channels-%d-%d-%d-%s", channels, new_w, new_h, file);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:360:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "test-output/subpixel-%d-%d-%f-%f-%s", new_w, new_h, s1, t1, file);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:384:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "test-output/subpixel-region-%d-%d-%f-%f-%f-%f-%s", new_w, new_h, s0, t0, s1, t1, file);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:408:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(output, "test-output/subpixel-command-%d-%d-%f-%f-%f-%f-%s", new_w, new_h, x_scale, y_scale, x_offset, y_offset, file);
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:9:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s && %s", batch_file, command);
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:10:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(buffer) == 0;
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:12:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(command) == 0;
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:67:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "c:\\%s.bat", batch);
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:111:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %.*s %s /link %.*s",
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:117:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "%s %.*s %s %.*s",
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:124:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("if EXIST *.obj del /q *.obj");
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:125:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system("if EXIST *.o del /q *.o");
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:664:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s_%d", table_name, num_modes+1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11670:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(p);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11687:7: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection((CRITICAL_SECTION *) p);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:47:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *win = getenv("windir");
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:48:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (win == NULL) win = getenv("SystemRoot");
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:193:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rrdiglookup[201]="00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899";
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:306:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[NUMSZ];
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:307:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lead[8];
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:308:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tail[8];
data/libstb-0.0~git20190817.1.052dce1/deprecated/rrsprintf.h:756:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[ RR_SPRINTF_MIN ];
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:382:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char validate_uint32[sizeof(stbi__uint32)==4 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:574:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:642:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:680:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:800:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, blen);
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:810:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, n);
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:2252:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->zout, a->zbuffer, len);
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:2571:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(final + (j*yspc[p]+yorig[p])*a->s->img_x*out_n + (i*xspc[p]+xorig[p])*out_n,
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:3269:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_data[4];
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:4081:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(g->out, old_out, g->w*g->h*4);
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:4259:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HDR_BUFLEN];
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:4375:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HDR_BUFLEN];
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:4544:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/stb.h:337:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize16[sizeof(int16)==2];
data/libstb-0.0~git20190817.1.052dce1/stb.h:338:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize32[sizeof(int32)==4];
data/libstb-0.0~git20190817.1.052dce1/stb.h:361:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize2_16[sizeof(stb_uint16)==2 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb.h:362:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize2_32[sizeof(stb_uint32)==4 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb.h:376:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize2_64[sizeof(stb_uint64)==8 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb.h:447:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define stb_p_fopen fopen
data/libstb-0.0~git20190817.1.052dce1/stb.h:641:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, sz < old_sz ? sz : old_sz);
data/libstb-0.0~git20190817.1.052dce1/stb.h:820:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:830:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:931:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:1096:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/stb.h:1214:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char d[4]; } stb__4;
data/libstb-0.0~git20190817.1.052dce1/stb.h:1215:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char d[8]; } stb__8;
data/libstb-0.0~git20190817.1.052dce1/stb.h:1220:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:1241:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, p , sz);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1242:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p , q , sz);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1243:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q , buffer, sz);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1249:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, sz);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1447:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char tab[32] = { 0,0,0,0,1,0,-1,0,1,-1,-1,3,-1,0,-1,2,1,
data/libstb-0.0~git20190817.1.052dce1/stb.h:1552:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char log2_4[16] = { -1,0,1,1,2,2,2,2,3,3,3,3,3,3,3,3 };
data/libstb-0.0~git20190817.1.052dce1/stb.h:1586:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char lowbit4[16] = { -1,0,1,0, 2,0,1,0, 3,0,1,0, 2,0,1,0 };
data/libstb-0.0~git20190817.1.052dce1/stb.h:2106:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stb_tokentable[256]; // rely on static initializion to 0
data/libstb-0.0~git20190817.1.052dce1/stb.h:2107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stable[256],etable[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:2312:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, s, t-s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2314:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, replace, len_replace);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2337:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, replace, len_replace);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2360:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, z1-1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2363:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+z1+1, data+curlen-z2+1, z2-1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2365:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, curlen);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2370:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:2463:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/stb.h:2474:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/stb.h:3295:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, stb_arrhead2(p), sizeof(*q) + elem_size * stb_arrhead2(p)->len);
data/libstb-0.0~git20190817.1.052dce1/stb.h:3771:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, v, sizeof(*data) * n);
data/libstb-0.0~git20190817.1.052dce1/stb.h:3813:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char bit[8] = { 1,2,4,8,16,32,64,128 };
data/libstb-0.0~git20190817.1.052dce1/stb.h:3815:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char (*tables)[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:3834:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
tables = (unsigned char (*)[256]) realloc(tables, sizeof(*tables) * k);
data/libstb-0.0~git20190817.1.052dce1/stb.h:4131:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->table, a->table, h->limit * sizeof(h->table[0])); \
data/libstb-0.0~git20190817.1.052dce1/stb.h:5227:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, z->buffer + z->buffer_off, total);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5235:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, z->buffer + z->buffer_off, z->buffer_left);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5389:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&list[count+1], buffer, len+1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5430:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quick_buffer[800];
data/libstb-0.0~git20190817.1.052dce1/stb.h:5491:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[1024],buf2[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:5574:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp_name, src_name, p);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5592:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(stb_p_mktemp(temp_name), O_RDWR);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5594:19: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
int fd = mkstemp(temp_name);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5612:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_full[4096];
data/libstb-0.0~git20190817.1.052dce1/stb.h:5613:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_full[sizeof(name_full) + 12];
data/libstb-0.0~git20190817.1.052dce1/stb.h:5677:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preserved_old_file[4096];
data/libstb-0.0~git20190817.1.052dce1/stb.h:5735:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6117:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], with_slash[4096];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6186:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096],*p=buffer;
data/libstb-0.0~git20190817.1.052dce1/stb.h:6304:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer1[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6350:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6391:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[20], unsigned char *buffer, unsigned int len);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6392:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STB_EXTERN int stb_sha1_file(unsigned char output[20], char *file);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6394:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STB_EXTERN void stb_sha1_readable(char display[27], unsigned char sha[20]);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6394:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STB_EXTERN void stb_sha1_readable(char display[27], unsigned char sha[20]);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6497:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char final_block[128];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6566:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6630:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void stb_sha1_readable(char display[27], unsigned char sha[20])
data/libstb-0.0~git20190817.1.052dce1/stb.h:6630:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void stb_sha1_readable(char display[27], unsigned char sha[20])
data/libstb-0.0~git20190817.1.052dce1/stb.h:6632:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char encoding[65] = "0123456789abcdefghijklmnopqrstuv"
data/libstb-0.0~git20190817.1.052dce1/stb.h:6805:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stb__cfg_dir[512];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6815:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[512];
data/libstb-0.0~git20190817.1.052dce1/stb.h:6822:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(stb__cfg_dir, "~/.stbconfig");
data/libstb-0.0~git20190817.1.052dce1/stb.h:6894:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, z->data[i].value, n);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6918:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z->data[i].value, value, len);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7027:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stb__signature[12] = { 's', 'T', 'b', 'D', 'i', 'R', 't', 'R', 'e', 'E', '0', '2' };
data/libstb-0.0~git20190817.1.052dce1/stb.h:7080:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sig[2048];
data/libstb-0.0~git20190817.1.052dce1/stb.h:7185:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy_path[128], *pad;
data/libstb-0.0~git20190817.1.052dce1/stb.h:7362:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir_lower[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:7363:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_file[1024],*s;
data/libstb-0.0~git20190817.1.052dce1/stb.h:7386:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cache_dir[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:7941:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->p, b, sizeof(*b));
data/libstb-0.0~git20190817.1.052dce1/stb.h:8162:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, a->p, sizeof(*p) * a->count);
data/libstb-0.0~git20190817.1.052dce1/stb.h:8197:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list, a->p, sizeof(*list) * n);
data/libstb-0.0~git20190817.1.052dce1/stb.h:8668:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mylist, list+j, sizeof(list[j]) * (k-j));
data/libstb-0.0~git20190817.1.052dce1/stb.h:9211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:9841:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstate, state, m->num_words_per_dfa*4);
data/libstb-0.0~git20190817.1.052dce1/stb.h:10193:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024], buffer2[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:10213:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **all[3];
data/libstb-0.0~git20190817.1.052dce1/stb.h:10294:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:10391:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stb__dout, data, length);
data/libstb-0.0~git20190817.1.052dce1/stb.h:10500:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stb__dout, data, length);
data/libstb-0.0~git20190817.1.052dce1/stb.h:10587:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stb__out,in,numlit);
data/libstb-0.0~git20190817.1.052dce1/stb.h:10826:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) id, data, 4);
data/libstb-0.0~git20190817.1.052dce1/stb.h:10932:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xtb.buffer + xtb.valid, data, amt);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->indata, len);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11201:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stb_arr_addn(f->buffer, (int) len), data, len);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11207:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->buffer+where, data, len);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11914:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, tq->data + tq->head*tq->item_size, tq->item_size);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11941:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + tq->array_size * tq->item_size, p, tq->tail * tq->item_size);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11980:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tq->data + tq->item_size * pos, input, tq->item_size);
data/libstb-0.0~git20190817.1.052dce1/stb.h:12332:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dc->filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/stb.h:12634:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__class_base[32];
data/libstb-0.0~git20190817.1.052dce1/stb.h:12635:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__class_shift[32];
data/libstb-0.0~git20190817.1.052dce1/stb.h:12636:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__pages_for_class[STB__MAX_SIZE_CLASSES];
data/libstb-0.0~git20190817.1.052dce1/stb.h:12798:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, p, sz < cur_size ? sz : cur_size);
data/libstb-0.0~git20190817.1.052dce1/stb.h:12863:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filebuf[512];
data/libstb-0.0~git20190817.1.052dce1/stb.h:13142:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stu__getfloat_addend[256];
data/libstb-0.0~git20190817.1.052dce1/stb.h:13402:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[256], *q = (char *) stb_temp(temp, len+1), *p = q;
data/libstb-0.0~git20190817.1.052dce1/stb.h:13452:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[4096], *x;
data/libstb-0.0~git20190817.1.052dce1/stb.h:13755:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stu__prec[ST__max_terminals], stu__end[ST__max_terminals];
data/libstb-0.0~git20190817.1.052dce1/stb.h:13904:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stu__comp_err_str[1024];
data/libstb-0.0~git20190817.1.052dce1/stb.h:14204:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->code, stu__pfunc.code, stb_arr_storage(stu__pfunc.code));
data/libstb-0.0~git20190817.1.052dce1/stb_c_lexer.h:902:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("stb_c_lexer.h","rb");
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:200:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char stbcc__verify_max_clumps[STBCC__MAX_CLUMPS_PER_CLUSTER < (1 << (8*sizeof(stbcc__clumpid))) ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:220:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char stbcc__verify_max_exits[STBCC__MAX_EXITS_PER_CLUMP <= 256];
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:267:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char map[STBCC__GRID_COUNT_Y][STBCC__MAP_STRIDE]; // 1K x 1K => 1K x 128 => 128KB
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:414:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char connected[STBCC__MAX_EDGE_CLUMPS_PER_CLUSTER][STBCC__MAX_EDGE_CLUMPS_PER_CLUSTER/8]; // 64 x 8 => 1KB
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:415:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char num_adj[STBCC__MAX_CLUMPS_PER_CLUSTER] = { 0 };
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:713:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char connected[STBCC__MAX_EDGE_CLUMPS_PER_CLUSTER][STBCC__MAX_EDGE_CLUMPS_PER_CLUSTER/8] = { { 0 } };
data/libstb-0.0~git20190817.1.052dce1/stb_connected_components.h:777:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char disconnected[STBCC__MAX_EDGE_CLUMPS_PER_CLUSTER][STBCC__MAX_EDGE_CLUMPS_PER_CLUSTER/8] = { { 0 } };
data/libstb-0.0~git20190817.1.052dce1/stb_ds.h:573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char storage[8];
data/libstb-0.0~git20190817.1.052dce1/stb_ds.h:1496:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/stb_ds.h:1502:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "test_%d", n);
data/libstb-0.0~git20190817.1.052dce1/stb_ds.h:1621:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4] = "jen";
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:96:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__Expand5[32];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:97:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__Expand6[64];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:98:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__OMatch5[256][2];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:99:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__OMatch6[256][2];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:100:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__QuantRBTab[256+16];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:101:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__QuantGTab[256+16];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:513:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dblock[16*4],color[4*4];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:595:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)dest)[0] = mx;
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:596:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)dest)[1] = mn;
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:654:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16][4];
data/libstb-0.0~git20190817.1.052dce1/stb_dxt.h:667:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src, 4*16);
data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h:91:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[99999]; // ~500 chars
data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h:141:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stb_easy_font_hseg[214] = {
data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h:153:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stb_easy_font_vseg[253] = {
data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h:168:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[4];
data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h:197:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int stb_easy_font_print(float x, float y, char *text, unsigned char color[4], void *vertex_buffer, int vbuf_size)
data/libstb-0.0~git20190817.1.052dce1/stb_easy_font.h:197:71: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int stb_easy_font_print(float x, float y, char *text, unsigned char color[4], void *vertex_buffer, int vbuf_size)
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:207:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixels[1];
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:345:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char c_color[STB_HBWANG_MAX_Y+6][STB_HBWANG_MAX_X+6];
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:346:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char v_color[STB_HBWANG_MAX_Y+6][STB_HBWANG_MAX_X+5];
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:347:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char h_color[STB_HBWANG_MAX_Y+5][STB_HBWANG_MAX_X+6];
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:568:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stbhw__draw_pixel(unsigned char *output, int stride, int x, int y, unsigned char c[3])
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:568:89: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stbhw__draw_pixel(unsigned char *output, int stride, int x, int y, unsigned char c[3])
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:570:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output + y*stride + x*3, c, 3);
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:852:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->pixels + j*(3*len*2) + i*3, p->data+(ypos+j)*p->stride+(xpos+i)*3, 3);
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:868:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->pixels + j*(3*len) + i*3, p->data+(ypos+j)*p->stride+(xpos+i)*3, 3);
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:876:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[9];
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:963:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stbhw__set_pixel(unsigned char *data, int stride, int xpos, int ypos, unsigned char color[3])
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:963:92: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stbhw__set_pixel(unsigned char *data, int stride, int xpos, int ypos, unsigned char color[3])
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:965:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + ypos*stride + xpos*3, color, 3);
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:968:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stbhw__stbhw__set_pixel_whiten(unsigned char *data, int stride, int xpos, int ypos, unsigned char color[3])
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:968:106: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stbhw__stbhw__set_pixel_whiten(unsigned char *data, int stride, int xpos, int ypos, unsigned char color[3])
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:970:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c2[3];
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:974:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + ypos*stride + xpos*3, c2, 3);
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:978:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbhw__black[3] = { 0,0,0 };
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:984:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbhw__color[7][8][3] =
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:1055:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stbhw__corner_colors[4][4][3] =
data/libstb-0.0~git20190817.1.052dce1/stb_herringbone_wang_tile.h:1076:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char template_color[3] = { 167,204,204 };
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:581:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char validate_uint32[sizeof(stbi__uint32)==4 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1096:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, row0, bytes_copy);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1097:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row0, row1, bytes_copy);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1098:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row1, temp, bytes_copy);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1182:49: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBI_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1197:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wMode[64];
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1198:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wFilename[1024];
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1216:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, mode);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1516:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, blen);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1526:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, n);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:2972:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag[5] = {'J','F','I','F','\0'};
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:2982:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag[6] = {'A','d','o','b','e','\0'};
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:3087:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rgb[3] = { 'R', 'G', 'B' };
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:4159:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->zout, a->zbuffer, len);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:4483:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case STBI__F_none: memcpy(cur, raw, nk); break;
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:4639:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(final + out_y*a->s->img_x*out_bytes + out_x*out_bytes,
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:5549:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_data[4] = {0};
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6454:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &g->out[pi * 4], &two_back[pi * 4], 4 );
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6461:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &g->out[pi * 4], &g->background[pi * 4], 4 );
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6472:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( g->background, g->out, 4 * g->w * g->h );
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6536:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &g->out[pi * 4], &g->pal[g->bgindex], 4 );
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6623:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out + ((layers - 1) * stride), u, stride );
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6762:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STBI__HDR_BUFLEN];
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:6890:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STBI__HDR_BUFLEN];
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:417:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char stbir__validate_uint32[sizeof(stbir_uint32) == 4 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:1768:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)output_buffer)[pixel_index + alpha_channel] = STBIR__ENCODE_LINEAR8(encode_buffer[pixel_index+alpha_channel]);
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2300:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_output_before_pre[OVERWRITE_ARRAY_SIZE];
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2301:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_tempmem_before_pre[OVERWRITE_ARRAY_SIZE];
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2302:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_output_after_pre[OVERWRITE_ARRAY_SIZE];
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2303:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_tempmem_after_pre[OVERWRITE_ARRAY_SIZE];
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_output_before_pre, &((unsigned char*)output_data)[-OVERWRITE_ARRAY_SIZE], OVERWRITE_ARRAY_SIZE);
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2307:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_output_after_pre, &((unsigned char*)output_data)[begin_forbidden], OVERWRITE_ARRAY_SIZE);
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_tempmem_before_pre, &((unsigned char*)tempmem)[-OVERWRITE_ARRAY_SIZE], OVERWRITE_ARRAY_SIZE);
data/libstb-0.0~git20190817.1.052dce1/stb_image_resize.h:2309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_tempmem_after_pre, &((unsigned char*)tempmem)[tempmem_size_in_bytes], OVERWRITE_ARRAY_SIZE);
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:292:50: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBIW_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:305:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wMode[64];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:306:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wFilename[1024];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:324:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, mode);
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:355:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:361:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:390:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arr[3];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:397:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bg[3] = { 255, 0, 255}, px[3];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:636:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scanlineheader[4] = { 2, 2, 0, 0 };
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:637:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbe[4];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:731:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:738:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x);
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:1049:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line_buffer, z, width*n);
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:1078:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8] = { 137,80,78,71,13,10,26,10 };
data/libstb-0.0~git20190817.1.052dce1/stb_image_write.h:1413:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char YTable[64], UVTable[64];
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:34:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:34:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:34:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:34:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:34:75: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:34:110: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:37:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:37:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:37:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:37:89: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:37:124: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename_for_line_directive, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:41:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:41:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:41:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:41:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:56:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:127:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, s, t-s);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:154:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void stb_include_itoa(char str[9], int n)
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:172:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str + *curlen, addstr, addlen);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:177:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:177:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:177:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:177:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:177:75: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:177:91: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_string(char *str, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:179:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[4096];
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:193:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "#line ");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:228:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(temp, "\n#line ");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:246:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:246:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:246:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:246:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:246:89: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:246:105: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_strings(char **strs, int count, char *inject, char *path_to_includes, char *filename, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:265:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:265:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:265:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:265:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:265:78: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_file(char *filename, char *inject, char *path_to_includes, char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:271:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(error, "Error: couldn't load '");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:282:75: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *stb_include_preloaded(char *str, char *inject, char *includes[][2], char error[256])
data/libstb-0.0~git20190817.1.052dce1/stb_leakcheck.h:84:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, ptr, mi->size);
data/libstb-0.0~git20190817.1.052dce1/stb_perlin.h:95:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__perlin_randtab[512] =
data/libstb-0.0~git20190817.1.052dce1/stb_perlin.h:140:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stb__perlin_randtab_grad_idx[512] =
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:231:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pair[201];
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:499:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[STBSP__NUMSZ];
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:500:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lead[8];
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:501:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tail[8];
data/libstb-0.0~git20190817.1.052dce1/stb_sprintf.h:1342:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[STB_SPRINTF_MIN];
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:728:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbte__state_to_index[2][2][2][2] =
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:952:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *categories[STBTE_MAX_CATEGORIES];
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:971:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char id_in_use[32768>>3];
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:1837:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[2] = { ch, 0 };
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:1850:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = { (char)ch, 0 };
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:1860:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = { (char)ch, 0 };
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:1974:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32];
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:3359:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[16];
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:3408:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *propmodes[3] = {
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:3437:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[3], *str = (char *) tm->layerinfo[i].name;
data/libstb-0.0~git20190817.1.052dce1/stb_tilemap_editor.h:3438:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lockedchar[3] = { 'U', 'P', 'L' };
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:269:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ttf_buffer[1<<20];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:270:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp_bitmap[512*512];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:277:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(ttf_buffer, 1, 1<<20, fopen("c:/windows/fonts/times.ttf", "rb"));
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:318:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ttf_buffer[1<<25];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:324:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:324:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:326:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(ttf_buffer, 1, 1<<25, fopen(argc > 3 ? argv[3] : "c:/windows/fonts/arialbd.ttf", "rb"));
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:358:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[24<<20];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:359:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char screen[20][79];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:368:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(buffer, 1, 1000000, fopen("c:/windows/fonts/arialbd.ttf", "rb"));
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:422:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stbtt__check_size32[sizeof(stbtt_int32)==4 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:423:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stbtt__check_size16[sizeof(stbtt_int16)==2 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:473:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define STBTT_memcpy memcpy
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:2821:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scanline_data[512], *scanline;
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:3834:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:3896:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:989:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char log2_4[16] = { 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4 };
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:1327:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, z->stream, n);
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:2283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, buffer, sizeof(*x) * n2);
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:2307:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, buffer, sizeof(*x) * n2);
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:2328:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, buffer, sizeof(*x) * n);
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:2344:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, buffer, n2 * sizeof(float));
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:2986:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w, u, sizeof(u));
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:3284:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(really_zero_channel, zero_channel, sizeof(really_zero_channel[0]) * f->channels);
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:3728:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->codeword_lengths, lengths, c->entries);
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:4874:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[6];
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:5009:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:5068:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb_vorbis_float_size_test[sizeof(float)==4 && sizeof(int) == 4];
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:5383:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer[i]+n, f->channel_buffers[i]+f->channel_buffer_start, sizeof(float)*k);
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:796:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*block_tex1_face)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:810:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*block_tex2_face)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:825:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*block_color_face)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:835:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*block_texlerp_face)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:866:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*overlay_tex1)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:871:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*overlay_tex2)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:876:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char (*overlay_color)[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:1199:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *output_cur [STBVOX_MAX_MESHES][STBVOX_MAX_MESH_SLOTS];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:1200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *output_end [STBVOX_MAX_MESHES][STBVOX_MAX_MESH_SLOTS];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:1201:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *output_buffer[STBVOX_MAX_MESHES][STBVOX_MAX_MESH_SLOTS];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:1513:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_default_palette_compact[64][3] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2029:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_rotate_face[6][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2161:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face_lerp[6] = { 0,2,0,2,4,4 };
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2162:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_vert3_lerp[5] = { 0,3,6,9,12 };
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2163:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_vert_lerp_for_face_lerp[4] = { 0, 4, 7, 7 };
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2164:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face3_lerp[6] = { 0,3,6,9,12,14 };
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2165:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_vert_lerp_for_simple[4] = { 0,2,5,7 };
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2166:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face3_updown[8] = { 0,2,5,7,0,2,5,7 }; // ignore top bit
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2169:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_vertex_vector[6][4][3] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2180:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_vertex_selector[6][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2307:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_hasface[STBVOX_MAX_GEOM][STBVOX_NUM_ROTATION] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2328:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_facetype[STBVOX_GEOM_count][6] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2353:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_floor_slope_for_rot[4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2361:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_ceil_slope_for_rot[4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2412:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_rotate_vertex[8][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2426:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_optimized_face_up_normal[4][4][4][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2522:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_planar_face_up_normal[4][4][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2549:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face_up_normal_012[4][4][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2574:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face_up_normal_013[4][4][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2599:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face_up_normal_023[4][4][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2624:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_face_up_normal_123[4][4][4] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2832:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char stbvox_reverse_face[STBVF_count] =
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2971:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bt, nbt[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2972:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char geo, ngeo[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:2973:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rot, nrot[6];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:3205:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ht[4];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:3223:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw[4];
data/libstb-0.0~git20190817.1.052dce1/stb_voxel_render.h:3658:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *normal_names[32] =
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_main.c:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[99999];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_main.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[999];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_main.c:313:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:69:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char minecraft_info[256][7] =
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:307:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char minecraft_tex1_for_blocktype[256][6];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:308:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char effective_blocktype[256];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:309:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char minecraft_color_for_blocktype[256][6];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:310:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char minecraft_geom_for_blocktype[256];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:328:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char remap_data[16][16];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:329:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char remap[256];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:330:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rotate_data[4] = { 1,3,2,0 };
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:336:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rot[4096];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:441:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outb, rot, 4096);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:608:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vheight[34][34][18];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:612:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tex2_choice[34][34][18];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:730:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mc_rot[4] = { 1,3,2,0 };
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:757:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tex[16] = { 64, 210, 194, 178, 162, 146, 130, 114, 225, 209, 193, 177, 161, 145, 129, 113 };
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:775:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tex[4] = { 5, 198, 214, 199 };
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_mesher.c:811:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(minecraft_tex1_for_blocktype[i], minecraft_info[i]+1, 6);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.c:21:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.c:50:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.c:53:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "r.%d.%d.mca", reg_x, reg_z);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.c:54:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
last_region = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.c:197:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_buffer[256];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.h:27:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *blockdata[NUM_SEGMENTS];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.h:28:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *data[NUM_SEGMENTS];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.h:29:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *skylight[NUM_SEGMENTS];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_parse.h:30:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *light[NUM_SEGMENTS];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_render.c:367:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tex2_data[64][4];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/cave_render.c:422:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:439:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char modded[256];
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:521:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case GL_RGBA: memcpy(p, q, n*4); break;
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:538:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block+y*16, rgba + w*4*(j+y) + i*4, x*4);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:545:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block+y2*16+1*4, block+y2*16+0*4, 4);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:546:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block+y2*16+2*4, block+y2*16+0*4, 8);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:551:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block+y2*16+2*4, block+y2*16+0*4, 8);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:555:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block+y2*16+3*4, block+y2*16+1*4, 4);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:561:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block+y*16, block+y2*16, 4*4);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:814:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data + j * w * chan, (char *) data+j*w2*chan, w2*chan);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_gl.h:941:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, data, w*h*chan);
data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_generator.c:37:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.short_side_len = atoi(argv[3]);
data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_generator.c:39:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.num_color[i] = atoi(argv[4+i]);
data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_generator.c:45:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.num_vary_x = atoi(argv[4+i]);
data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_generator.c:47:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c.num_vary_y = atoi(argv[5+i]);
data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_map.c:22:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int out_w = atoi(argv[2]);
data/libstb-0.0~git20190817.1.052dce1/tests/herringbone_map.c:23:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int out_h = atoi(argv[3]);
data/libstb-0.0~git20190817.1.052dce1/tests/image_test.c:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dummy[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/image_test.c:60:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dummy, data, len);
data/libstb-0.0~git20190817.1.052dce1/tests/image_test.c:102:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/libstb-0.0~git20190817.1.052dce1/tests/image_test.c:133:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[512];
data/libstb-0.0~git20190817.1.052dce1/tests/image_write_test.c:19:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char img6x5_rgb[6*5*3];
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:33:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp_bitmap[BITMAP_W][BITMAP_H];
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:34:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ttf_buffer[1 << 25];
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:50:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(stb_wingraph_commandline, "rb");
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:53:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(filename, "arial.ttf", win);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/main.c:56:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:153:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:164:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:801:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:72:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize2_16[sizeof(stb_uint16)==2 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:73:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize2_32[sizeof(stb_uint32)==4 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:85:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb__testsize2_64[sizeof(stb_uint64)==8 ? 1 : -1];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:170:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char d[4]; } stb__4;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:171:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { char d[8]; } stb__8;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:176:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:197:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, p , sz);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:198:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p , q , sz);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:199:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q , buffer, sz);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:262:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:286:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define stb__fopen(x,y) fopen(x,y)
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:402:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:778:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stb_tokentable[256]; // rely on static initializion to 0
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:779:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char stable[256],etable[256];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:984:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, s, t-s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:986:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, replace, len_replace);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1009:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, replace, len_replace);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1032:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, z1-1);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1035:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+z1+1, data+curlen-z2+1, z2-1);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1037:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, data, curlen);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1042:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1117:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if (len) { strcpy(buffer, "./"); return buffer; }
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1135:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1146:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1350:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, stb_arrhead2(p), sizeof(*q) + elem_size * stb_arrhead2(p)->len);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1891:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h->table, a->table, h->limit * sizeof(h->table[0])); \
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2252:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&list[count+1], buffer, len+1);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quick_buffer[800];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[1024],buf2[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2401:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char raw_buffer[1024];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2522:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096], with_slash[4096];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2591:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096],*p=buffer;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2688:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STB_EXTERN void stb_sha1( unsigned char output[20], stb_uchar *buffer, unsigned int len);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2689:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
STB_EXTERN int stb_sha1_file(unsigned char output[20], char *file);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2794:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char final_block[128];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2862:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:3215:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:251:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:332:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:383:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:494:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[8 * 8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:501:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_data[16 * 16];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:505:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_left[8 * 16];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:506:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_right[8 * 16];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:536:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[8 * 8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:543:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char large_image[32 * 32];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:557:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_data_1[16 * 16];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:558:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_data_2[16 * 16];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:581:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[8 * 8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:588:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_data_1[32 * 32];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:589:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_data_2[32 * 32];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:612:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image[8 * 8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:619:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[8 * 8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:629:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char image88 [8][8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:630:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char output88[8][8];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:631:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char output44[4][4];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:632:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char output22[2][2];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:633:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char output11[1][1];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:796:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[64][64];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:797:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[16][16];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:816:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[2 * 1];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:817:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[127 * 1];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1060:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1061:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "test-output/barbara-width-%d.jpg", i);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1067:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1068:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "test-output/barbara-width-%d.jpg", i);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1074:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1075:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "test-output/barbara-height-%d.jpg", i);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1081:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1082:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "test-output/barbara-height-%d.jpg", i);
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1088:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outname[200];
data/libstb-0.0~git20190817.1.052dce1/tests/resample_test.cpp:1089:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outname, "test-output/barbara-width-height-%d.jpg", i);
data/libstb-0.0~git20190817.1.052dce1/tests/sdf/sdf_test.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bitmap[BITMAP_H][BITMAP_W][3];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:62:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char size_base[32], size_shift[32];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:360:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char storage1[1 << 23];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:436:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[8];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:581:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer8[4096];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:589:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], *p;
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1002:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args, args_raw, sizeof(args_raw));
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1009:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args, args_raw, sizeof(args_raw));
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1015:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args, args_raw, sizeof(args_raw));
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1021:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args, args_raw, sizeof(args_raw));
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1224:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f= fopen("data/stb.test", "wb");
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1232:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("data/stb.test", "rb");
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1236:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[4];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1266:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("data/stb.test", "rb");
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1286:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "FooBar");
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1441:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("data/stb_h.z", "wb");
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2158:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4000];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2162:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[20], fdig[20];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2168:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[3];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2176:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[3];
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2188:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("data/test.bin", "wb");
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2285:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window = atoi(argv[1]);
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2296:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(argv[1], "wb");
data/libstb-0.0~git20190817.1.052dce1/tests/test_c_compilation.c:39:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[999];
data/libstb-0.0~git20190817.1.052dce1/tests/test_cpp_compilation.cpp:119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str->string[pos], newtext, num);
data/libstb-0.0~git20190817.1.052dce1/tests/test_ds.c:506:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[8][STBDS_FLUSH_CACHE];
data/libstb-0.0~git20190817.1.052dce1/tests/test_siphash.c:10:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mem[64];
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:18:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ttf_buffer[1 << 25];
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:19:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[512*100];
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:24:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(ttf_buffer, 1, 1<<25, fopen("c:/x/lm/LiberationMono-Regular.ttf", "rb"));
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:32:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp_bitmap[BITMAP_H][BITMAP_W];
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:40:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 34807), s = (argc > 2 ? atoi(argv[2]) : 32);
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:40:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 34807), s = (argc > 2 ? atoi(argv[2]) : 32);
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:45:32: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fread(ttf_buffer, 1, 1<<25, fopen(argc > 3 ? argv[3] : "c:/windows/fonts/mingliu.ttc", "rb"));
data/libstb-0.0~git20190817.1.052dce1/tests/test_truetype.c:51:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char atlas[1024*1024];
data/libstb-0.0~git20190817.1.052dce1/tests/textedit_sample.c:44:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&str->string[pos], newtext, num);
data/libstb-0.0~git20190817.1.052dce1/tests/tilemap_editor_integration_example.c:153:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *platform_vars[STBTE_MAX_PROPERTIES] = {
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:7:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:60:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:106:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[4096];
data/libstb-0.0~git20190817.1.052dce1/tools/make_readme.c:12:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen("../README.md", "wb");
data/libstb-0.0~git20190817.1.052dce1/tools/make_readme.c:37:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/libstb-0.0~git20190817.1.052dce1/tools/make_readme.c:40:10: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, "...");
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:159:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempdata, data, safelen * sizeof(data[0]));
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:192:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:203:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%d", maxv);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:280:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[60];
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:288:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "{%d,%d}", d ? data[i] : (trims[i]>>8), trims[i]&255);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:290:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "{%d,%d,%d}", data[i], trims[i]>>8, trims[i]&255);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:311:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "{%d,%d}", d ? data[i] : (trims[i]>>8), trims[i]&255);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:313:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "{%d,%d,%d}", data[i], trims[i]>>8, trims[i]&255);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:663:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:237:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (void *user,char *data,int size); // fill 'data' with 'size' bytes. return number of bytes actually read
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:738:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = (s->io.read)(s->io_user_data,(char*)s->buffer_start,s->buflen);
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:765:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:782:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:795:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/libstb-0.0~git20190817.1.052dce1/deprecated/stb_image.c:802:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = (s->io.read)(s->io_user_data, (char*) buffer + blen, n - blen);
data/libstb-0.0~git20190817.1.052dce1/stb.h:443:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define stb_p_mktemp(s) (_mktemp_s(s, strlen(s)+1) == 0)
data/libstb-0.0~git20190817.1.052dce1/stb.h:450:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define stb_p_strncpy_s(a,s,b,c) strncpy(a,b,c)
data/libstb-0.0~git20190817.1.052dce1/stb.h:752:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = stb__malloc(strlen(s)+1, file, line);
data/libstb-0.0~git20190817.1.052dce1/stb.h:754:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_p_strcpy_s(p, strlen(s)+1, s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1854:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define stb_prefixi(s,t) (0==stb_strnicmp((s),(t),strlen(t)))
data/libstb-0.0~git20190817.1.052dce1/stb.h:1910:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1945:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1946:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t m = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1955:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1956:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t m = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/stb.h:1987:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int) strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2005:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int z = (int) strlen(t);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2057:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2288:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_find = strlen(find);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2289:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_replace = strlen(replace);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) malloc(strlen(src) + count * (len_replace - len_find) + 1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2308:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_p_strcpy_s(q,strlen(src)+count*(len_replace-len_find)+1,s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2309:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p) == strlen(src) + count*(len_replace-len_find));
data/libstb-0.0~git20190817.1.052dce1/stb.h:2309:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p) == strlen(src) + count*(len_replace-len_find));
data/libstb-0.0~git20190817.1.052dce1/stb.h:2322:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_find = strlen(find);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2323:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_replace = strlen(replace);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2341:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s == NULL) s = p + strlen(p);
data/libstb-0.0~git20190817.1.052dce1/stb.h:2371:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptrdiff_t n = strlen(path),n1,n2,r1,r2;
data/libstb-0.0~git20190817.1.052dce1/stb.h:2408:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptrdiff_t len=0,x,y, n = (int) strlen(path), f1,f2;
data/libstb-0.0~git20190817.1.052dce1/stb.h:4365:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_p_strcpy_s(a->arena ? stb_malloc_string(a->arena, strlen(x)+1) \
data/libstb-0.0~git20190817.1.052dce1/stb.h:4366:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: (char *) malloc(strlen(x)+1), strlen(x)+1, x)
data/libstb-0.0~git20190817.1.052dce1/stb.h:4366:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: (char *) malloc(strlen(x)+1), strlen(x)+1, x)
data/libstb-0.0~git20190817.1.052dce1/stb.h:5334:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return stb_filewrite(filename, data, strlen(data));
data/libstb-0.0~git20190817.1.052dce1/stb.h:5419:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = (int) (strlen(p)-1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5436:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(quick_buffer);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5453:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(p);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5470:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(rel) >= abs_size)
data/libstb-0.0~git20190817.1.052dce1/stb.h:5477:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(abs);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5478:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n+(int) strlen(rel)+2 <= abs_size) {
data/libstb-0.0~git20190817.1.052dce1/stb.h:5568:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = strlen(src_name)-1;
data/libstb-0.0~git20190817.1.052dce1/stb.h:5808:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define stb_fgetc(f) ((unsigned char) fgetc(f))
data/libstb-0.0~git20190817.1.052dce1/stb.h:5938:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5957:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str);
data/libstb-0.0~git20190817.1.052dce1/stb.h:5968:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *z = t + strlen(t) - 1;
data/libstb-0.0~git20190817.1.052dce1/stb.h:5982:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *z = t + strlen(t) - 1;
data/libstb-0.0~git20190817.1.052dce1/stb.h:6050:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k += (int) strlen(t);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6051:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6306:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dlen = (int) strlen(src), elen;
data/libstb-0.0~git20190817.1.052dce1/stb.h:6763:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RegSetValueExA((HKEY) zreg, str, 0, STB__REG_SZ, (const unsigned char *) data, (int) strlen(data)+1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:6876:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_int16 n = (stb_int16) strlen(z->data[i].key)+1;
data/libstb-0.0~git20190817.1.052dce1/stb.h:6941:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_cfg_write(z, key, value, (int) strlen(value)+1);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7038:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(info, strlen(info)+1, 1, f);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7090:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!fread(sig, strlen(dir)+1, 1, f)) { fclose(f); return; }
data/libstb-0.0~git20190817.1.052dce1/stb.h:7136:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
has_slash = (path[0] && path[strlen(path)-1] == '/');
data/libstb-0.0~git20190817.1.052dce1/stb.h:7187:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dummy_path) > 96) {
data/libstb-0.0~git20190817.1.052dce1/stb.h:7189:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_p_strcpy_s(dummy_path+96/2+2,128, new_path + strlen(new_path)-96/2+2);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7191:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pad = dummy_path + strlen(dummy_path);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7368:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stb_sha1(sha, (unsigned char *) dir_lower, (unsigned int) strlen(dir_lower));
data/libstb-0.0~git20190817.1.052dce1/stb.h:7370:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = cache_file + strlen(cache_file);
data/libstb-0.0~git20190817.1.052dce1/stb.h:7373:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:11073:47: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static int stb__fgetbyte(stbfile *f) { return fgetc(f->f); }
data/libstb-0.0~git20190817.1.052dce1/stb.h:12817:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/stb.h:13381:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int o = stua_box(STU___string, NULL, strlen(z) + sizeof(*b));
data/libstb-0.0~git20190817.1.052dce1/stb.h:13455:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a = stua_box(STU___error, x, strlen(x));
data/libstb-0.0~git20190817.1.052dce1/stb_ds.h:1404:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str)+1;
data/libstb-0.0~git20190817.1.052dce1/stb_ds.h:1420:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str)+1;
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:363:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (void *user,char *data,int size); // fill 'data' with 'size' bytes. return number of bytes actually read
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1455:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = (s->io.read)(s->io_user_data,(char*)s->buffer_start,s->buflen);
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1482:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1498:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1511:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/libstb-0.0~git20190817.1.052dce1/stb_image.h:1518:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = (s->io.read)(s->io_user_data, (char*) buffer + blen, n - blen);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:182:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t source_len = strlen(str);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:195:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, " ");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:199:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, "\"");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:204:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, "\"");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:206:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, "\n");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:207:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = stb_include_append(text, &textlen, temp, strlen(temp));
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:212:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = stb_include_append(text, &textlen, inject, strlen(inject));
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:216:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, "/");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:223:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = stb_include_append(text, &textlen, inc, strlen(inc));
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:230:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(temp, " ");
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:236:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = stb_include_append(text, &textlen, temp, strlen(temp));
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:253:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(strs[i]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:258:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(strs[i]);
data/libstb-0.0~git20190817.1.052dce1/stb_include.h:273:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(error, "'");
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:468:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define STBTT_strlen(x) strlen(x)
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:4282:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int equal(float *a, float *b)
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:4331:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(q0,q1) || equal(q1,q2)) {
data/libstb-0.0~git20190817.1.052dce1/stb_truetype.h:4331:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal(q0,q1) || equal(q1,q2)) {
data/libstb-0.0~git20190817.1.052dce1/stb_vorbis.c:1306:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(z->f);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:306:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(str1);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:307:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(error, str1, error_buflen);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:309:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(error+n, str2, error_buflen - n);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:310:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n += strlen(str2);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:312:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(error+n, str3, error_buflen - n);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:351:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(error);
data/libstb-0.0~git20190817.1.052dce1/tests/caveview/stb_glprog.h:410:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(error);
data/libstb-0.0~git20190817.1.052dce1/tests/oversample/stb_wingraph.h:805:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, " ");
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:524:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define stb_prefixi(s,t) (0==stb_strnicmp((s),(t),strlen(t)))
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:582:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:617:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:618:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t m = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:627:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:628:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t m = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:659:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int) strlen(s);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:669:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(s,t,n);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:677:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int z = (int) strlen(t);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:680:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(a,t,n);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:729:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(t);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:960:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_find = strlen(find);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:961:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_replace = strlen(replace);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:973:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = (char *) malloc(strlen(src) + count * (len_replace - len_find) + 1);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:981:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p) == strlen(src) + count*(len_replace-len_find));
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:981:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p) == strlen(src) + count*(len_replace-len_find));
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:994:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_find = strlen(find);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:995:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len_replace = strlen(replace);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1013:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s == NULL) s = p + strlen(p);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1043:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(path),n1,n2,r1,r2;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1080:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len=0,x,y, n = (int) strlen(path), f1,f2;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:1118:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, path+x, y-x);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2212:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return stb_filewrite(filename, data, strlen(data));
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2267:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(p)-1;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2284:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(quick_buffer);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2301:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(p);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2318:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(rel) >= abs_size)
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2325:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(abs);
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2326:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (n+(int) strlen(rel)+2 <= abs_size) {
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2441:42: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define stb_fgetc(f) ((unsigned char) fgetc(f))
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2449:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *z = t + strlen(t) - 1;
data/libstb-0.0~git20190817.1.052dce1/tests/prerelease/stb_lib.h:2463:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *z = t + strlen(t) - 1;
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1270:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n1 = strlen(p);
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:1271:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n2 = strlen(str2);
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2165:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(sha1_tests[i].message) == len*2);
data/libstb-0.0~git20190817.1.052dce1/tests/stb.c:2166:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(sha1_tests[i].digest) == 20 * 2);
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:66:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(batch))
data/libstb-0.0~git20190817.1.052dce1/tools/build_matrix.c:69:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buffer, "");
data/libstb-0.0~git20190817.1.052dce1/tools/make_readme.c:34:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s3) < 21) {
data/libstb-0.0~git20190817.1.052dce1/tools/make_readme.c:38:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, s3, 18);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:204:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numlen=strlen(temp);
data/libstb-0.0~git20190817.1.052dce1/tools/unicode.c:291:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
ANALYSIS SUMMARY:
Hits = 787
Lines analyzed = 91530 in approximately 2.49 seconds (36731 lines/second)
Physical Source Lines of Code (SLOC) = 69839
Hits@level = [0] 389 [1] 142 [2] 539 [3] 4 [4] 98 [5] 4
Hits@level+ = [0+] 1176 [1+] 787 [2+] 645 [3+] 106 [4+] 102 [5+] 4
Hits/KSLOC@level+ = [0+] 16.8387 [1+] 11.2688 [2+] 9.23553 [3+] 1.51778 [4+] 1.4605 [5+] 0.0572746
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.