Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lynx-2.9.0dev.6/lib/dirent.c
Examining data/lynx-2.9.0dev.6/lib/dirent.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HText.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAProt.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTBTree.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTBTree.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAUtil.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/UCDefs.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAssoc.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/UCMap.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/LYLeaks.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLDTD.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAnchor.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTList.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAssoc.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAnchor.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTChunk.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFWriter.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWSRC.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTCJK.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAUtil.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/src1_HTMLDTD.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_wait.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/LYexit.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTioctl.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLDTD.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStream.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAProt.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUU.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWSRC.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAtom.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/UCAux.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/hdr_HTMLDTD.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUU.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAtom.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTInit.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/src0_HTMLDTD.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTChunk.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.h
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c
Examining data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTList.h
Examining data/lynx-2.9.0dev.6/LYMessages_en.h
Examining data/lynx-2.9.0dev.6/BUILD/VS2012X32/lynx/lynx_cfg.h
Examining data/lynx-2.9.0dev.6/BUILD/VS2008X/lynx/lynx_cfg.h
Examining data/lynx-2.9.0dev.6/BUILD/VS2012X64/lynx/lynx_cfg.h
Examining data/lynx-2.9.0dev.6/BUILD/VS2003/lynx/lynx_cfg.h
Examining data/lynx-2.9.0dev.6/BUILD/VS2005X/lynx/lynx_cfg.h
Examining data/lynx-2.9.0dev.6/BUILD/VS2010X32/lynx/lynx_cfg.h
Examining data/lynx-2.9.0dev.6/src/LYCookie.h
Examining data/lynx-2.9.0dev.6/src/LYShowInfo.h
Examining data/lynx-2.9.0dev.6/src/mktime.c
Examining data/lynx-2.9.0dev.6/src/LYOptions.h
Examining data/lynx-2.9.0dev.6/src/LYEdit.c
Examining data/lynx-2.9.0dev.6/src/Xsystem.c
Examining data/lynx-2.9.0dev.6/src/LYMainLoop.c
Examining data/lynx-2.9.0dev.6/src/UCdomap.c
Examining data/lynx-2.9.0dev.6/src/LYBookmark.h
Examining data/lynx-2.9.0dev.6/src/LYHistory.h
Examining data/lynx-2.9.0dev.6/src/UCdomap.h
Examining data/lynx-2.9.0dev.6/src/LYCharVals.h
Examining data/lynx-2.9.0dev.6/src/LYEditmap.c
Examining data/lynx-2.9.0dev.6/src/LYSearch.c
Examining data/lynx-2.9.0dev.6/src/LYCookie.c
Examining data/lynx-2.9.0dev.6/src/structdump.h
Examining data/lynx-2.9.0dev.6/src/LYUpload.c
Examining data/lynx-2.9.0dev.6/src/LYStrings.h
Examining data/lynx-2.9.0dev.6/src/LYPrettySrc.c
Examining data/lynx-2.9.0dev.6/src/LYHistory.c
Examining data/lynx-2.9.0dev.6/src/LYUtils.c
Examining data/lynx-2.9.0dev.6/src/chrtrans/entities.h
Examining data/lynx-2.9.0dev.6/src/chrtrans/jcuken_kb.h
Examining data/lynx-2.9.0dev.6/src/chrtrans/yawerty_kb.h
Examining data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c
Examining data/lynx-2.9.0dev.6/src/chrtrans/caselower.h
Examining data/lynx-2.9.0dev.6/src/chrtrans/rot13_kb.h
Examining data/lynx-2.9.0dev.6/src/chrtrans/UCkd.h
Examining data/lynx-2.9.0dev.6/src/LYCharUtils.c
Examining data/lynx-2.9.0dev.6/src/LYGetFile.c
Examining data/lynx-2.9.0dev.6/src/LYGCurses.h
Examining data/lynx-2.9.0dev.6/src/LYExtern.h
Examining data/lynx-2.9.0dev.6/src/DefaultStyle.c
Examining data/lynx-2.9.0dev.6/src/LYmktime.c
Examining data/lynx-2.9.0dev.6/src/LYList.c
Examining data/lynx-2.9.0dev.6/src/LYJump.c
Examining data/lynx-2.9.0dev.6/src/LYShowInfo.c
Examining data/lynx-2.9.0dev.6/src/TRSTable.h
Examining data/lynx-2.9.0dev.6/src/LYDownload.h
Examining data/lynx-2.9.0dev.6/src/LYCharSets.c
Examining data/lynx-2.9.0dev.6/src/LYrcFile.c
Examining data/lynx-2.9.0dev.6/src/HTAlert.c
Examining data/lynx-2.9.0dev.6/src/LYSearch.h
Examining data/lynx-2.9.0dev.6/src/LYGlobalDefs.h
Examining data/lynx-2.9.0dev.6/src/HTFWriter.c
Examining data/lynx-2.9.0dev.6/src/LYTraversal.c
Examining data/lynx-2.9.0dev.6/src/LYPrint.h
Examining data/lynx-2.9.0dev.6/src/LYPrettySrc.h
Examining data/lynx-2.9.0dev.6/src/GridText.c
Examining data/lynx-2.9.0dev.6/src/LYCgi.h
Examining data/lynx-2.9.0dev.6/src/HTForms.h
Examining data/lynx-2.9.0dev.6/src/HTInit.c
Examining data/lynx-2.9.0dev.6/src/LYVMSdef.h
Examining data/lynx-2.9.0dev.6/src/LYLeaks.c
Examining data/lynx-2.9.0dev.6/src/LYMain.c
Examining data/lynx-2.9.0dev.6/src/wcwidth.h
Examining data/lynx-2.9.0dev.6/src/TRSTable.c
Examining data/lynx-2.9.0dev.6/src/LYSession.h
Examining data/lynx-2.9.0dev.6/src/LYLocal.c
Examining data/lynx-2.9.0dev.6/src/GridText.h
Examining data/lynx-2.9.0dev.6/src/LYMail.c
Examining data/lynx-2.9.0dev.6/src/LYMainLoop.h
Examining data/lynx-2.9.0dev.6/src/LYCgi.c
Examining data/lynx-2.9.0dev.6/src/LYSignal.h
Examining data/lynx-2.9.0dev.6/src/LYKeymap.c
Examining data/lynx-2.9.0dev.6/src/wcwidth.c
Examining data/lynx-2.9.0dev.6/src/LYHash.c
Examining data/lynx-2.9.0dev.6/src/LYReadCFG.h
Examining data/lynx-2.9.0dev.6/src/HTML.h
Examining data/lynx-2.9.0dev.6/src/LYNews.c
Examining data/lynx-2.9.0dev.6/src/UCAuto.c
Examining data/lynx-2.9.0dev.6/src/LYClean.c
Examining data/lynx-2.9.0dev.6/src/LYStyle.h
Examining data/lynx-2.9.0dev.6/src/LYMail.h
Examining data/lynx-2.9.0dev.6/src/LYOptions.c
Examining data/lynx-2.9.0dev.6/src/HTML.c
Examining data/lynx-2.9.0dev.6/src/LYDownload.c
Examining data/lynx-2.9.0dev.6/src/LYUpload.h
Examining data/lynx-2.9.0dev.6/src/AttrList.h
Examining data/lynx-2.9.0dev.6/src/LYCurses.c
Examining data/lynx-2.9.0dev.6/src/LYGetFile.h
Examining data/lynx-2.9.0dev.6/src/LYReadCFG.c
Examining data/lynx-2.9.0dev.6/src/parsdate.c
Examining data/lynx-2.9.0dev.6/src/LYNews.h
Examining data/lynx-2.9.0dev.6/src/LYJustify.h
Examining data/lynx-2.9.0dev.6/src/LYMap.c
Examining data/lynx-2.9.0dev.6/src/HTAlert.h
Examining data/lynx-2.9.0dev.6/src/LYexit.c
Examining data/lynx-2.9.0dev.6/src/LYCharSets.h
Examining data/lynx-2.9.0dev.6/src/LYHash.h
Examining data/lynx-2.9.0dev.6/src/LYEdit.h
Examining data/lynx-2.9.0dev.6/src/LYLocal.h
Examining data/lynx-2.9.0dev.6/src/HTFont.h
Examining data/lynx-2.9.0dev.6/src/LYBookmark.c
Examining data/lynx-2.9.0dev.6/src/LYClean.h
Examining data/lynx-2.9.0dev.6/src/tidy_tls.c
Examining data/lynx-2.9.0dev.6/src/LYebcdic.c
Examining data/lynx-2.9.0dev.6/src/LYExtern.c
Examining data/lynx-2.9.0dev.6/src/LYSession.c
Examining data/lynx-2.9.0dev.6/src/UCAuto.h
Examining data/lynx-2.9.0dev.6/src/LYUtils.h
Examining data/lynx-2.9.0dev.6/src/HTNestedList.h
Examining data/lynx-2.9.0dev.6/src/LYForms.c
Examining data/lynx-2.9.0dev.6/src/UCAux.c
Examining data/lynx-2.9.0dev.6/src/LYKeymap.h
Examining data/lynx-2.9.0dev.6/src/LYrcFile.h
Examining data/lynx-2.9.0dev.6/src/LYStrings.c
Examining data/lynx-2.9.0dev.6/src/parsdate.h
Examining data/lynx-2.9.0dev.6/src/LYStructs.h
Examining data/lynx-2.9.0dev.6/src/LYCurses.h
Examining data/lynx-2.9.0dev.6/src/LYTraversal.h
Examining data/lynx-2.9.0dev.6/src/strstr.c
Examining data/lynx-2.9.0dev.6/src/LYPrint.c
Examining data/lynx-2.9.0dev.6/src/LYMap.h
Examining data/lynx-2.9.0dev.6/src/HTSaveToFile.h
Examining data/lynx-2.9.0dev.6/src/LYCharUtils.h
Examining data/lynx-2.9.0dev.6/src/LYList.h
Examining data/lynx-2.9.0dev.6/src/LYStyle.c
Examining data/lynx-2.9.0dev.6/src/LYJump.h
Examining data/lynx-2.9.0dev.6/userdefs.h

FINAL RESULTS:

data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:340:16:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		(len = (int) readlink(file, tmp, sizeof(tmp) - 1)) >= 0) {
data/lynx-2.9.0dev.6/src/HTFWriter.c:581:13:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    (void) chmod(me->remove_command, 0600);	/* Ignore errors */
data/lynx-2.9.0dev.6/src/LYBookmark.c:506:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	(void) chmod(newfile, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYBookmark.c:619:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    chmod(filename_buffer, stat_buf.st_mode & 07777);
data/lynx-2.9.0dev.6/src/LYBookmark.c:655:4:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
			chmod(filename_buffer, stat_buf.st_mode & 07777);
data/lynx-2.9.0dev.6/src/LYDownload.c:276:2:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	chmod(buffer->str, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYLocal.c:1584:10:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    if (chmod(destpath, new_mode) < 0) {
data/lynx-2.9.0dev.6/src/LYShowInfo.c:237:25:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
		if ((buf_size = (int) readlink(temp, buf, limit)) != -1) {
data/lynx-2.9.0dev.6/src/LYUpload.c:150:2:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	chmod(filename, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYUtils.c:5751:26:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
	while ((used = (size_t) readlink(name, buffer, (size - 1))) == size - 1) {
data/lynx-2.9.0dev.6/src/LYUtils.c:5899:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	    && chmod(name, HIDE_CHMOD) == 0)
data/lynx-2.9.0dev.6/src/LYUtils.c:5915:6:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	if (chmod(name, HIDE_CHMOD) == 0 || errno == ENOENT)
data/lynx-2.9.0dev.6/src/LYUtils.c:5930:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    (void) chmod(name, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYUtils.c:5943:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    (void) chmod(name, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYUtils.c:5961:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    (void) chmod(name, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYUtils.c:5995:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
	(void) chmod(name, mode);
data/lynx-2.9.0dev.6/src/Xsystem.c:585:12:  [5] (buffer) gets:
  Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
    while (gets(line_buff)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:155:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(HTAAForwardAuth, scheme_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:158:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(HTAAForwardAuth, scheme_specifics);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:757:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(cleartext, realm->username);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:764:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(cleartext, realm->password);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:768:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(cleartext, i_net_addr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:770:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(cleartext, timestamp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:773:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(cleartext, secret_key);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1083:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(HTAA_composeAuthResult, HTAAScheme_name(scheme));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1085:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(HTAA_composeAuthResult, auth_string);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:514:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(gateway_parameter, "%s_proxy", acc_method);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAtom.c:68:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(a->name, string);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:312:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(filename, fn);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:323:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(nodename, nn);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2593:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(target, month);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2594:5:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    StrNCat(target, &entry->date[4], 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2608:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(target, temp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2687:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(fmt, "%%%.*s" PRI_off_t,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2692:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(fmt, "%" PRI_off_t, CAST_off_t (value));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3066:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(NumBytes, TRANSFERRED_X_BYTES, BytesReceived);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3155:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(name_buff, "%-*s", FNAME_WIDTH, entry_info->filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3665:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(filename, ++cp1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3707:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(filename, cp1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3945:11:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
		    if (sscanf(response_text, "%d %" SCN_off_t, &code, &size)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:211:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(fmt, "%%%.*s" PRI_off_t,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:216:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(fmt, "%" PRI_off_t, CAST_off_t (entry));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:461:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, "%c%s", type,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:464:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(tmp, "%c%s%s%s", type,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2048:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(data->file_name, dirbuf->d_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2315:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    && access(filename, 0) == 0) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:312:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(buffer, TRANSFERRED_X_BYTES, bytes);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:813:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf, fld->defreturn ? " checked" : "");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:815:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(buf, fld->indexed ? "*" : "");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:899:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buf, ctx->host);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1069:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			    strcpy(last->description, (char *) &p[i]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1096:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(newf->name, name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1105:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(newf->attributes, (char *) &p[i]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:91:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define SnipIn(d,fmt,len,s)      sprintf(d, fmt,      (int)sizeof(d)-len, s)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:92:34:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define SnipIn2(d,fmt,tag,len,s) sprintf(d, fmt, tag, (int)sizeof(d)-len, s)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:195:10:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	    if (sscanf(buffer, "%s%s%s", the_host, the_pass, the_user) == 3
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:789:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(q, NewsHREF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:791:2:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
	StrNCat(q, addr, (size_t) (p - addr));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:951:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(buf, crlf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:964:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(line, crlf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:970:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buf, line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:984:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(buf, crlf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2353:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(command, "%s//%.250s/", STR_SNEWS_URL, NewsHost);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2513:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(command, "ARTICLE %s%.*s%s",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2704:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(SSLprogress,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2973:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(command, "%s %d%c%c",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:3102:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(SSLprogress, "Secure %d-bit %s (%s) NNTP connection",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:33:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    char *access;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:46:52:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	CTRACE((tfp, "   access   '%s'\n", NONNULL(parts->access)));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:164:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (parts->access && parts->anchor &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:165:47:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    /* optimize */ StrChr("lnsdLNSD", *parts->access) != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:166:42:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if ((!parts->host && strcasecomp(parts->access, "lynxcgi")) ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:167:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !strcasecomp(parts->access, "nntp") ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:168:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !strcasecomp(parts->access, "snews") ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:169:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !strcasecomp(parts->access, "news") ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:170:26:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !strcasecomp(parts->access, "data")) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:281:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(params, src - 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:304:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(host, output);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:305:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(host, params);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:410:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if ((given.access && given.host && given.absolute) || !*relatedName) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:429:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (given.access && given.host && !given.relative && !given.absolute) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:430:20:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (!strcmp(given.access, "http") ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:431:20:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !strcmp(given.access, "https") ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:432:20:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    !strcmp(given.access, "ftp")) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:440:24:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    acc_method = given.access ? given.access : related.access;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:440:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    acc_method = given.access ? given.access : related.access;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:440:56:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    acc_method = given.access ? given.access : related.access;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:443:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, acc_method);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:464:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if ((given.access && related.access) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:464:34:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if ((given.access && related.access) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:466:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    strcmp(given.access, related.access))) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:466:35:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	    strcmp(given.access, related.access))) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:483:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, given.host ? given.host : related.host);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:622:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, given.absolute);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:629:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, related.absolute);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:634:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(strchr_or_end(tail, ';'), given.relative);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:638:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(strchr_or_end(tail, '?'), given.relative);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:647:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		    strcat(p, given.relative);	/* Add given one */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:657:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, given.relative);	/* what we've got */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:661:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, related.relative);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:704:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tail, given.anchor);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:798:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(name, aName);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:1006:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(result, last_slash + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:330:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(*dest + length, src);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:335:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(*dest, src);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:649:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(result + dst_len, temp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:856:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(tmp_ptr, fmt_ptr, ival);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:859:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(tmp_ptr, fmt_ptr, fval);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:862:3:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
		sprintf(tmp_ptr, fmt_ptr, pval);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:869:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(dst_ptr + dst_len, tmp_ptr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.h:36:9:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
#define StrNCat(a,b,c) strncat((a),(b),(size_t)(c))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.h:37:9:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define StrNCpy(a,b,c) strncpy((a),(b),(size_t)(c))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:151:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(STYLE_DUMP_FONT,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:158:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(STYLE_DUMP_IDENT,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:163:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(STYLE_DUMP_ALIGN,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:170:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    printf(STYLE_DUMP_TAB,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:601:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(p_next_char, phost->h_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:618:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(p_next_char, phost->h_aliases[n]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1349:5:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    StrNCpy(soc_in->sdn_nam.n_name, host, soc_in->sdn_nam.n_len + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h:251:9:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define popen _popen
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h:488:37:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#if defined(GCC_PRINTF) && !defined(printf) && !defined(HAVE_LIBUTF8_H)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h:489:55:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define GCC_PRINTFLIKE(fmt,var) __attribute__((format(printf,fmt,var)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h:696:61:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define CTRACE(p)         ((void)((TRACE) && ( LY_SHOWWHERE fprintf p )))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h:697:61:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define CTRACE2(m,p)      ((void)((m)     && ( LY_SHOWWHERE fprintf p )))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:442:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dir.dirname, DirEntry);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:459:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(End, openbr + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:539:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(entry.d_name, slash);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:643:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(time1, (char *) &entry1->date[7]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:645:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(date1, (char *) &entry1->date[8]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:656:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(date1, month);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:657:6:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
	    StrNCat(date1, (char *) &entry1->date[4], 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:662:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(date1, time1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:665:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(time2, (char *) &entry2->date[7]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:667:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(date2, (char *) &entry2->date[8]);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:678:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(date2, month);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:679:6:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
	    StrNCat(date2, (char *) &entry2->date[4], 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:684:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(date2, time2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:878:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ThisYear, (char *) ctime(&NowTime) + 20);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2117:4:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			StrNCpy(chunk_att, BYTE, ATTRIBUTE_SIZE) :
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2118:4:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			StrNCpy(chunk_att, LINE, ATTRIBUTE_SIZE);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2126:3:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		StrNCpy(chunk_att, PARAGRAPH, ATTRIBUTE_SIZE);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2456:5:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    StrNCpy(header, lengthBuf, 10);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2461:5:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    StrNCpy(serverBuf, server, serverLen);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2462:5:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    StrNCpy((char *) (header + 12), serverBuf, serverLen);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:789:7:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    StrNCpy(scratch, ES_DELIMITER_1, 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2134:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, PANIC_HEADER);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2136:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, format, ap);	/* print the contents */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2228:5:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    StrNCpy(copy, s, len + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2244:10:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
	return (StrNCat(dst, src, maxToAdd));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2251:11:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
	result = StrNCat(dst, src, maxToAdd);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:241:5:  [4] (buffer) StrNCat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    StrNCat(result, file, end - file);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:464:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(line, gettext(" contains the following %d item%s relevant to \""),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:533:6:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    StrNCpy(class_string, s, TEMPSTRINGSIZE);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2333:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(string->data, me->current_tag->name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4757:22:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
#define Strcpy(a,b)	(strcpy((char*)a,(const char*)b),&a[strlen((const char*)a)])
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4960:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy((char *) sjis, (const char *) arg);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:30:23:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define NOTE(message) fprintf(output, message "\n");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:188:5:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
    vsprintf(buffer, fmt, ap);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:505:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer, "\"%s\"", data->name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:568:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buffer, "static const attr %s_attr[] = {", NameOfAttrs(dtd, which));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:862:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(output, "\t\t" FMT_NUM_ATTRS, number_of_attributes);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:864:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(output, "\t\t\t" FMT_ONE_ATTR, n,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:897:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(output, " " #name); \
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:933:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(output, " " #name); \
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1061:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(prefix, "\t\t%s:", name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1121:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(prefix, "\t\t%s:", name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1162:9:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (fscanf(input, FMT_NUM_ATTRS, length) == 1
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1167:13:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
	    code = fscanf(input, FMT_ONE_ATTR,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1197:12:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    code = fscanf(input, "%d:%s\n", &ncmp, name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1205:6:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
	if (fscanf(input, "%s\n", name) == 1) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1228:7:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
			&& sscanf(next, "%s\n", name)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1249:6:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
		&& sscanf(next, "\t\tcontents: %s\n", name)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1290:9:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
    if (fscanf(input, "%d:%s\n", &ntst, name) == 2
data/lynx-2.9.0dev.6/lib/dirent.c:156:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(path + len, pattern);
data/lynx-2.9.0dev.6/lib/dirent.c:178:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(dp->_d_entry, s);
data/lynx-2.9.0dev.6/src/GridText.c:832:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(have[need].hl_text, text);
data/lynx-2.9.0dev.6/src/GridText.c:3009:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(linedata, p);
data/lynx-2.9.0dev.6/src/GridText.c:12617:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(lx, p);	/* <- 1st part of a possible lx'ing tag */
data/lynx-2.9.0dev.6/src/GridText.c:12618:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
		strcat(lx, ht->next->data);	/* tack on NEXT line          */
data/lynx-2.9.0dev.6/src/GridText.c:12658:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(lx, r);
data/lynx-2.9.0dev.6/src/GridText.c:12669:8:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			s = StrNCpy(s, lx, pre_n) + pre_n;
data/lynx-2.9.0dev.6/src/GridText.c:12671:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(ht->next->data, lx);
data/lynx-2.9.0dev.6/src/GridText.c:12705:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ht->data, buf);
data/lynx-2.9.0dev.6/src/GridText.c:12800:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(l->data, htline->data);
data/lynx-2.9.0dev.6/src/GridText.c:13711:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(l->data, htline->data);
data/lynx-2.9.0dev.6/src/GridText.c:14731:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(arg, STR_LYNXCACHE "/%d", &x) == 1 && x > 0) {
data/lynx-2.9.0dev.6/src/HTAlert.c:58:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, ALERT_FORMAT, Msg);
data/lynx-2.9.0dev.6/src/HTAlert.c:80:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(((TRACE) ? stdout : stderr), ALERT_FORMAT, NonNull(Msg));
data/lynx-2.9.0dev.6/src/HTAlert.c:182:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(s, "%" PRI_off_t, CAST_off_t (n / kb_units));
data/lynx-2.9.0dev.6/src/HTAlert.c:186:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(s, "%" PRI_off_t, CAST_off_t (n));
data/lynx-2.9.0dev.6/src/HTAlert.c:191:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(s, "%" PRI_off_t, CAST_off_t (n));
data/lynx-2.9.0dev.6/src/HTAlert.c:195:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(s + strlen(s), " %s", u);
data/lynx-2.9.0dev.6/src/HTAlert.c:213:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(s, format, t / (3600 * 24), 'd');
data/lynx-2.9.0dev.6/src/HTAlert.c:218:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(s, format, t / 3600, 'h');
data/lynx-2.9.0dev.6/src/HTAlert.c:223:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(s, format, t / 60, 'm');
data/lynx-2.9.0dev.6/src/HTAlert.c:230:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(s, format, t, 's');
data/lynx-2.9.0dev.6/src/HTAlert.c:611:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, msg, address);
data/lynx-2.9.0dev.6/src/HTAlert.c:617:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, msg, temp);
data/lynx-2.9.0dev.6/src/HTAlert.c:624:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, msg, title);
data/lynx-2.9.0dev.6/src/HTAlert.c:630:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, msg, temp);
data/lynx-2.9.0dev.6/src/HTAlert.c:638:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, msg, temp);
data/lynx-2.9.0dev.6/src/HTFWriter.c:201:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(expanded, copied);
data/lynx-2.9.0dev.6/src/HTFWriter.c:1261:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(temp, middle);
data/lynx-2.9.0dev.6/src/HTFWriter.c:1268:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(temp, compress_suffix);
data/lynx-2.9.0dev.6/src/HTInit.c:394:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(rawentry, LineBuf);
data/lynx-2.9.0dev.6/src/HTInit.c:396:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(rawentry, LineBuf);
data/lynx-2.9.0dev.6/src/HTML.c:772:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(Style_className_end, prefix);
data/lynx-2.9.0dev.6/src/HTML.c:2615:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(number_string, LYUppercaseA_OL_String(seqnum));
data/lynx-2.9.0dev.6/src/HTML.c:2617:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(number_string, LYLowercaseA_OL_String(seqnum));
data/lynx-2.9.0dev.6/src/HTML.c:2619:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(number_string, LYUppercaseI_OL_String(seqnum));
data/lynx-2.9.0dev.6/src/HTML.c:2621:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(number_string, LYLowercaseI_OL_String(seqnum));
data/lynx-2.9.0dev.6/src/LYCgi.c:262:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(pgm, pgm_buff);
data/lynx-2.9.0dev.6/src/LYCharUtils.c:2916:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(p, pound);
data/lynx-2.9.0dev.6/src/LYCharUtils.c:3408:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(tmp_buffer, src);
data/lynx-2.9.0dev.6/src/LYCookie.c:2638:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(value, co->value);
data/lynx-2.9.0dev.6/src/LYCurses.c:1833:2:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	printf(CONFIRM_PROCEED, "n/y");
data/lynx-2.9.0dev.6/src/LYCurses.c:2399:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#ifdef system
data/lynx-2.9.0dev.6/src/LYCurses.c:2400:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#undef system
data/lynx-2.9.0dev.6/src/LYCurses.c:2465:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, RETURN_TO_CLEANUP);
data/lynx-2.9.0dev.6/src/LYCurses.h:208:10:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  undef printf			/* but we don't want that... */
data/lynx-2.9.0dev.6/src/LYEditmap.c:1691:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(comment, "\t/* %s */", what);
data/lynx-2.9.0dev.6/src/LYEditmap.c:1698:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(comment, "\t/* %s%s */", what,
data/lynx-2.9.0dev.6/src/LYExtern.c:408:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	    status = system(cmdbuf);
data/lynx-2.9.0dev.6/src/LYExtern.c:413:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf(buff,
data/lynx-2.9.0dev.6/src/LYGetFile.c:911:4:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			fprintf(stderr,
data/lynx-2.9.0dev.6/src/LYHash.c:91:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer, string);
data/lynx-2.9.0dev.6/src/LYHash.c:106:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buffer, p);
data/lynx-2.9.0dev.6/src/LYHash.c:107:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer, q);
data/lynx-2.9.0dev.6/src/LYHash.c:108:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(buffer, r);
data/lynx-2.9.0dev.6/src/LYKeymap.c:1478:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(comment, "\t/* %s */", what);
data/lynx-2.9.0dev.6/src/LYKeymap.c:1487:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(comment, "\t/* %s%s */", what,
data/lynx-2.9.0dev.6/src/LYLeaks.c:783:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(*dest, src);
data/lynx-2.9.0dev.6/src/LYLeaks.c:813:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(*dest + length, src);
data/lynx-2.9.0dev.6/src/LYLeaks.c:820:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(*dest, src);
data/lynx-2.9.0dev.6/src/LYLocal.c:315:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(temp, name);
data/lynx-2.9.0dev.6/src/LYLocal.c:373:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(dst, src);
data/lynx-2.9.0dev.6/src/LYLocal.c:462:2:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execvp(path, argv);	/* this uses our $PATH */
data/lynx-2.9.0dev.6/src/LYLocal.c:464:2:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	execv(path, argv);
data/lynx-2.9.0dev.6/src/LYLocal.c:1188:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(testpath, cp);
data/lynx-2.9.0dev.6/src/LYLocal.c:1295:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(testpath, tp);
data/lynx-2.9.0dev.6/src/LYLocal.c:1499:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(tmpdst, destpath);
data/lynx-2.9.0dev.6/src/LYMail.c:324:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(working, "%s \"", option);
data/lynx-2.9.0dev.6/src/LYMail.c:506:7:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	fp = popen(buffer, "w");
data/lynx-2.9.0dev.6/src/LYMain.c:1288:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(lynx_temp_space, 0) != 0)
data/lynx-2.9.0dev.6/src/LYMain.c:1451:17:  [4] (misc) cuserid:
  Exactly what cuserid() does is poorly defined (e.g., some systems use the
  effective uid, like Linux, while others like System V use the real uid).
  Thus, you can't trust what it does. It's certainly not portable (The
  cuserid function was included in the 1988 version of POSIX, but removed
  from the 1990 version). Also, if passed a non-null parameter, there's a
  risk of a buffer overflow if the passed-in buffer is not at least L_cuserid
  characters long (CWE-120). Use getpwuid(geteuid()) and extract the desired
  information instead.
	STREQ((char *) cuserid((char *) NULL), ANONYMOUS_USER)
data/lynx-2.9.0dev.6/src/LYMain.c:1453:18:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
	STREQ(((char *) getlogin() == NULL ? " " : getlogin()), ANONYMOUS_USER)
data/lynx-2.9.0dev.6/src/LYMain.c:1453:45:  [4] (misc) getlogin:
  It's often easy to fool getlogin. Sometimes it does not work at all,
  because some program messed up the utmp file. Often, it gives only the
  first 8 characters of the login name. The user currently logged in on the
  controlling tty of our program need not be the user who started it. Avoid
  getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
  and extract the desired information instead.
	STREQ(((char *) getlogin() == NULL ? " " : getlogin()), ANONYMOUS_USER)
data/lynx-2.9.0dev.6/src/LYMain.c:4153:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp, *(q->set_value) ? "on" : "off");
data/lynx-2.9.0dev.6/src/LYMain.c:4156:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(temp, *(q->set_value) ? "off" : "on");
data/lynx-2.9.0dev.6/src/LYMain.c:4162:6:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	    sprintf(temp, SECS_FMT, (double) Secs2SECS(*(q->int_value)));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:97:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buff + 1, p);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:99:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(buff, p);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:111:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(to, from);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:116:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(to, from);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6730:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(temp_buff, p);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6743:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		    strcpy(temp_buff, curdoc.address);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7986:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, WWW_INDEX_MORE_MESSAGE, key_for_func(LYK_INDEX_SEARCH));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7991:2:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
	sprintf(buf, WWW_INDEX_MESSAGE, key_for_func(LYK_INDEX_SEARCH));
data/lynx-2.9.0dev.6/src/LYNews.c:281:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fname, LynxSigFile);
data/lynx-2.9.0dev.6/src/LYNews.c:454:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(my_tempfile, CJKfile);
data/lynx-2.9.0dev.6/src/LYOptions.c:2508:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(fp,\
data/lynx-2.9.0dev.6/src/LYOptions.c:2513:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(fp,\
data/lynx-2.9.0dev.6/src/LYPrint.c:96:23:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    Define_VMSLogical(strcpy(temp, names[name]), envbuffer);
data/lynx-2.9.0dev.6/src/LYPrint.c:370:27:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
	} else if ((outfile_fp = popen(buffer->str + 1, "w")) == NULL) {
data/lynx-2.9.0dev.6/src/LYPrint.c:596:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(hfd, "Content-Type: " STR_HTML);
data/lynx-2.9.0dev.6/src/LYPrint.c:675:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(MAILING_FILE);
data/lynx-2.9.0dev.6/src/LYPrint.c:737:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(outfile_fp, "Content-Type: " STR_HTML);
data/lynx-2.9.0dev.6/src/LYPrint.c:926:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(PRINTING_FILE);
data/lynx-2.9.0dev.6/src/LYStrings.c:1450:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		fprintf(stderr, FAILED_READING_KEYMAP, linenum, file);
data/lynx-2.9.0dev.6/src/LYStrings.c:2457:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		    sprintf(mouse_info, "Mouse = 0x%x, [%s]", c, p);
data/lynx-2.9.0dev.6/src/LYStrings.c:2848:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s_str, buff);
data/lynx-2.9.0dev.6/src/LYStrings.c:3217:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
				strcpy(Buffer + off, tail);
data/lynx-2.9.0dev.6/src/LYStrings.c:3238:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(Buffer + off, tail);
data/lynx-2.9.0dev.6/src/LYStrings.c:3262:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(Buffer + EditAt, (const char *) s, len);
data/lynx-2.9.0dev.6/src/LYStrings.c:5483:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(extra + 1, src);
data/lynx-2.9.0dev.6/src/LYUtils.c:1445:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(temp, text_buff);
data/lynx-2.9.0dev.6/src/LYUtils.c:1449:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy((char *) temp, text_buff);
data/lynx-2.9.0dev.6/src/LYUtils.c:3583:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(leaf, PID_FMT PID_FMT, counter, GETPID());
data/lynx-2.9.0dev.6/src/LYUtils.c:3594:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(leaf, suffix);
data/lynx-2.9.0dev.6/src/LYUtils.c:3596:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(leaf, "L" PID_FMT "-%uTMP%s", GETPID(), counter, suffix);
data/lynx-2.9.0dev.6/src/LYUtils.c:3602:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(result, "%s%s", prefix, leaf);
data/lynx-2.9.0dev.6/src/LYUtils.c:4805:4:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
			sprintf(buff,
data/lynx-2.9.0dev.6/src/LYUtils.c:5401:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(fbuffer, cp);
data/lynx-2.9.0dev.6/src/LYUtils.c:5405:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(fbuffer, cp);
data/lynx-2.9.0dev.6/src/LYUtils.c:5599:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(fbuffer, "%s%.*s", home, len, file);
data/lynx-2.9.0dev.6/src/LYUtils.c:5605:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fbuffer, "%s%.*s", home, len, file);
data/lynx-2.9.0dev.6/src/LYUtils.c:5611:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(fbuffer, "%s/%.*s", home, len,
data/lynx-2.9.0dev.6/src/LYUtils.c:6022:25:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
#define mkdtemp(path) ((mktemp(path) != 0) && (mkdir(path, 0700) == 0))
data/lynx-2.9.0dev.6/src/LYUtils.c:6858:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(fp0, MY_DOCTYPE);
data/lynx-2.9.0dev.6/src/LYUtils.c:6958:2:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	strcat(path, FILE_SEPARATOR);
data/lynx-2.9.0dev.6/src/LYUtils.c:7211:6:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	    strcpy(new_cmd, cmd);
data/lynx-2.9.0dev.6/src/LYUtils.c:7262:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    code = system(command);
data/lynx-2.9.0dev.6/src/LYUtils.c:7362:6:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
	if (access(shell, 0) != 0)
data/lynx-2.9.0dev.6/src/LYUtils.c:7585:20:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    paste_handle = popen(cmd, TXT_R);
data/lynx-2.9.0dev.6/src/LYUtils.c:7635:10:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    fh = popen(cmd, TXT_W);
data/lynx-2.9.0dev.6/src/LYUtils.c:7709:5:  [4] (buffer) lstrcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
    lstrcpy((LPTSTR) pLogData, szBuffer);
data/lynx-2.9.0dev.6/src/LYUtils.c:7823:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy((char *) tmp_buff, msg_buff);
data/lynx-2.9.0dev.6/src/LYmktime.c:32:11:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    val = StrNCpy(dst, src, n);
data/lynx-2.9.0dev.6/src/UCAuto.c:696:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(msgbuf, gettext("Can't change to '%s': err=%#x=%d"), name, rc, rc);
data/lynx-2.9.0dev.6/src/UCAuto.c:746:2:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	sprintf(fnamebuf, "%s/%dx%d/%s.fnt",
data/lynx-2.9.0dev.6/src/UCAuto.c:750:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(msgbuf, gettext("Can't open font file '%s'"), fnamebuf);
data/lynx-2.9.0dev.6/src/UCAuto.c:759:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(msgbuf, gettext("Mismatch of size of font file '%s'"), fnamebuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:794:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(outbuf, h, (buflen - 1));
data/lynx-2.9.0dev.6/src/UCdomap.c:2137:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(myMimeName, "auto%s-cp%lu", (other ? "2" : ""), cp);
data/lynx-2.9.0dev.6/src/UCdomap.c:2139:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(lyName, "AutoDetect%s (cp%lu)",
data/lynx-2.9.0dev.6/src/Xsystem.c:34:14:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
extern char *mktemp(char *);
data/lynx-2.9.0dev.6/src/Xsystem.c:404:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tplate, tp);
data/lynx-2.9.0dev.6/src/Xsystem.c:405:19:  [4] (tmpfile) mktemp:
  Temporary file race condition (CWE-377).
    return strdup(mktemp(tplate));
data/lynx-2.9.0dev.6/src/Xsystem.c:493:6:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
	    sprintf(cmdline, "CMDLINE=%s %s", p->cmd, p->arg);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:345:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(outname, tblname);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:760:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(this_MIMEcharset, argv[3], UC_MAXLEN_MIMECSNAME);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:762:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(this_MIMEcharset, tblname, UC_MAXLEN_MIMECSNAME);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:771:2:  [4] (buffer) StrNCpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	StrNCpy(this_LYNXcharset, argv[4], UC_MAXLEN_LYNXCSNAME);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:795:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(chdr, first_ifdefs[n], id_append);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:903:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(chdr, last_ifdefs[n], id_append);
data/lynx-2.9.0dev.6/src/tidy_tls.c:640:6:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
	    strcat(target, tag);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:240:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *no_proxy = getenv("no_proxy");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:456:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(&critSec_READ);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c:257:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((cp = getenv("WINTCP_COMMAND_STYLE")) != NULL &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c:348:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MULTINET_SOCKET_LIBRARY") != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c:372:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if ((cp = getenv("WINTCP_COMMAND_STYLE")) != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c:411:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if (getenv("UCX$DEVICE") != NULL
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c:412:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	       || getenv("TCPIP$DEVICE") != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTelnet.c:433:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    } else if (getenv("CMUTEK_ROOT") != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUtils.h:146:20:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define lynx_srand srand
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1363:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, GETOPT)) != -1) {
data/lynx-2.9.0dev.6/src/LYMain.c:1099:5:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
    InitializeCriticalSection(&critSec_READ);
data/lynx-2.9.0dev.6/src/LYUtils.c:291:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *result = getenv(name);
data/lynx-2.9.0dev.6/src/LYUtils.c:5078:14:  [3] (buffer) getwd:
  This does not protect against buffer overflows by itself, so use with
  caution (CWE-120, CWE-20). Use getcwd instead.
    result = getwd(pathname);
data/lynx-2.9.0dev.6/src/LYUtils.c:7322:9:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
	code = CreateProcess(0, shell, 0, 0,
data/lynx-2.9.0dev.6/src/LYUtils.c:7322:9:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
	code = CreateProcess(0, shell, 0, 0,
data/lynx-2.9.0dev.6/src/parsdate.c:1118:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if ((yys = getenv("YYDEBUG")) != 0)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:153:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(HTAAForwardAuth, "Authorization: ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1002:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(HTAA_composeAuthResult, "Proxy-Authorization: ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1080:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(HTAA_composeAuthResult, "Authorization: ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAProt.c:94:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    uid = atoi(current_prot->uid_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAProt.c:131:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    gid = atoi(current_prot->gid_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAProt.c:357:37:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if (prot_filename && NULL != (fp = fopen(prot_filename, TXT_R))) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:349:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    templ_port = atoi(colon + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:512:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(gateway_parameter, "ftp_proxy");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:1406:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fp = fopen(REMOTE_POINTER, "r");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:1430:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen(my_home_document, "r");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:1435:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen(my_home_document, "r");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAnchor.c:757:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = fopen(me->FileCache, "r")) != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.c:147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp_buff[LY_MAXPATH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.c:149:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(temp_buff, "%.3s\\%.*s", windows_drive,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.c:169:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char sbuf[LY_MAXPATH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:175:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ThisYear[8];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:176:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char LastYear[8];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:184:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char response_text[LINE_LENGTH + 1];	/* Last response from ftp host */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:246:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char data_buffer[DATA_BUFFER_SIZE];	/* Input data buffer */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:327:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(nodename, "::");		/* Try decnet anyway */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:610:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(response_text, "000 *** TCP read error on response\n");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:637:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:639:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(command, "%.*s%c%c", (int) sizeof(command) - 4, verb, CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1345:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char hostbuf[MAXHOSTNAMELEN];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1346:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char portbuf[MAXHOSTNAMELEN];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1392:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *months[12] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1410:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char day[8], month[8], date[12];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1428:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(date, "9999%02d%.2s", i % 100, day);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1429:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    TheDate = atoi(date);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1431:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(LastYear, "%d", (atoi(ThisYear) - 1) % 10000);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1431:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    sprintf(LastYear, "%d", (atoi(ThisYear) - 1) % 10000);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ct[26];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1796:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cp, *cpd, *cps, date[16];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1869:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(date, "%.3s ", cpd + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1873:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date + 4, "%.2s ", cpd - 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1875:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date + 4, "%c%.1s ", HT_NON_BREAK_SPACE, cpd - 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1880:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date + 7, "%.5s", cpd + 10);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1882:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date + 7, " %.4s", cpd + 5);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1934:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cps, *cpd, date[16];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1978:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(date, "%.6s  %.4s", cpd, (cpd + 7));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1981:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(date, "%.6s %.5s", cpd, (cpd + 12));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2003:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cps, *cpd, date[16];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2052:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	i = atoi(cp) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2054:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(date, "%.3s %.2s", months[i], (cp + 3));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2060:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    if (atoi(cp) < 70) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2061:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(&date[6], "  20%.2s", cp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2063:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(&date[6], "  19%.2s", cp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2068:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    i = atoi(cpd);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2071:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(&date[6], " %02d:%.2s", i, (cpd + 3));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2111:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *cps, *cpd, date[16];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2168:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    RecordLength = atoi(cp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2179:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    Records = atoi(cp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2208:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    i = atoi(cpd) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2209:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(date, "%.3s %.2s", months[i], (cpd + 3));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2215:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if (atoi(cpd) < 70) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2216:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(&date[6], "  20%.2s", cpd);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2218:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(&date[6], "  19%.2s", cpd);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2223:7:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		i = atoi(cps);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2224:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(&date[6], " %02d:%.2s", i, (cps + 3));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2567:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void formatDate(char target[16], EntryInfo *entry)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2569:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[8], month[4];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2576:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(target, "9999");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2583:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(temp, "00:00");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2592:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(month, "%02d", i % 100);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2603:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (target[0] == '9' && atoi(target) > TheDate + 1) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[16], date2[16];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2667:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2670:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%.*ss", (int) sizeof(fmt) - 3, start);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2684:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2703:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2706:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%.*sld",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2710:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%lu", value);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string_buffer[64];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2979:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char NumBytes[64];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3063:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(NumBytes, gettext("Transferred %d bytes (%5d)"),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3115:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *p, name_buff[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3177:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(string_buffer, "%6ld bytes",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3180:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(string_buffer, "%6ld Kb",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3184:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(string_buffer, "  %lu bytes",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3187:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(string_buffer, "  %luKb",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3301:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char dst[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3340:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(dst, "%d.%d.%d.%d", h0, h1, h2, h3);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file_name[1];		/* on the end of the struct, since its length varies */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:194:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%.*ss", (int) sizeof(fmt) - 3, start);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:227:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:230:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%%%.*sd", (int) sizeof(fmt) - 3, start);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:233:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fmt, "%d", entry);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:251:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[LY_MAXPATH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:387:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%.12s", datestr + 4);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:392:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(tmp, "%.7s %.4s ", datestr + 4,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1506:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(localname, BIN_W);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1847:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(readme_file_name, "r");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[3];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2367:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[3];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2399:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[6];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2462:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(localname, FOPEN_MODE(bin));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2473:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(ultrixname, FOPEN_MODE(bin));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:3148:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *program_paths[pp_Last];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c:84:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_A_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c:92:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    ((const char **) value)[HTML_A_HREF] = href;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[BIG], *l, *cmd = NULL;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c:253:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char empty[1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.c:238:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char input_buffer[INPUT_BUFFER_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.c:1136:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char result[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.c:1138:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(result, "zlib error %d", status);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.c:1166:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char dummy_head[1 + 1] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFormat.c:1176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char output_buffer[INPUT_BUFFER_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:120:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name_buf[16];		/* Avoid malloc if we can */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char desc_buf[32];		/* Avoid malloc if we can */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char attr_buf[80];		/* Avoid malloc if we can */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:170:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:196:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_A_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:203:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    ((const char **) value)[HTML_A_HREF] = addr;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:205:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    ((const char **) value)[HTML_A_TITLE] = text;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:226:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[BIG];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:234:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[128];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:515:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[BIG];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:809:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "%d", fld->id);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:811:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "%.2046s", fld->description);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:817:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, " size=%d maxlength=%d",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:821:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, " maxlength=%d", fld->max_size);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:901:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%d", ctx->port);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1042:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			    code = atoi(indx);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1109:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			newf->id = atoi(indx);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[BIG];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1324:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		ndx = atoi(ndx_str);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1500:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1661:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
					strcpy(buf,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1689:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf,
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1692:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(buf, "</BODY>\n</HTML>\n");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1713:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(buf, "<H2>\n<EM>CSO/PH command:</EM> ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1716:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(buf, "</H2>\n");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1890:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(command, "query ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[41];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.c:479:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char required[4];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.c:480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actual[4];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.c:658:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fp = fopen(filename, TXT_R))) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char HTlex_buffer[40];		/* Read lexical string          */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.c:112:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char msg[sizeof(HTlex_buffer) + 30];		/* @@@@@@@@ */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.c:132:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(msg, "alphanumeric string '%.*s'",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.c:136:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(msg, "template string '%.*s'",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[VALUE_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:2306:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buf, *bp, nw[4], *p;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLDTD.c:268:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_A_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLDTD.c:292:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_A_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLDTD.c:318:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_ISINDEX_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.c:46:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char class_string[TEMPSTRINGSIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.c:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFFER_SIZE + 1];	/* 1for NL */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *line_break[MAX_CLEANNESS + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.c:213:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char delims[5];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMLGen.c:216:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(delims, ",;:.");	/* @@ english bias */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:110:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char response_text[LINE_LENGTH + 1];	/* Last response */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[LY_MAXPATH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:185:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:189:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(fname, "r")) != 0) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:191:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char the_host[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:192:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char the_pass[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:193:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char the_user[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:268:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fp = fopen(NEWS_SERVER_FILE, TXT_R);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:271:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char server_name[MAXHOSTNAMELEN + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:321:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char ascii[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:402:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:447:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer, "AUTHINFO USER %.*s%c%c",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:529:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "AUTHINFO PASS %.*s%c%c",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:725:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_A_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:740:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_LINK_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:756:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_OL_ATTRIBUTES];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:757:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SeqNum[20];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:762:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(SeqNum, "%d", seqnum);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char href[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:901:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:902:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char crlf[3];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:912:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = fopen(NonNull(postfile), TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:921:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(crlf, "%c%c", CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:950:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(buf, "From: anonymous@nowhere.you.know");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1048:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1566:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1747:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1755:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1840:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer, "XHDR Message-ID %d-%d%c%c", first, last, CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1921:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, "HEAD %d%c%c",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1925:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, "HEAD %d%c%cHEAD %d%c%c",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1932:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buffer, "HEAD %d%c%c", art + 1, CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1936:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "HEAD %d%c%c", art, CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2053:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, " [%.*s]", (int) (sizeof(buffer) - 4), date);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2079:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buffer, "Status (ARTICLE %d):", art);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[262];		/* The whole command */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char proxycmd[260];		/* The proxy command */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char groupName[GROUP_NAME_LENGTH];	/* Just the group name */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2175:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SSLprogress[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2421:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(proxycmd, "GET %.*s%c%c%c%c",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2457:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(command, "POST");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2546:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(command, "HEAD ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2582:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char url[260];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2824:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buffer[20];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2826:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buffer, "mode reader%c%c", CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2895:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(command, "LIST NEWSGROUPS%c%c", CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2923:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(command, "LIST NEWSGROUPS%c%c", CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:3078:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SSLprogress[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:1005:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(result, "../");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:1028:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char isAcceptable[96] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:1255:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char crfc[96] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.c:63:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char replace_buf[64];	/* buffer for replacement strings */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.c:124:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.c:134:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.c:289:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(me->U.utf_buf, "\357\277\275");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTPlain.c:473:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(replace_buf, "U%.2lX", (unsigned long) TOASCII(code));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:688:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(filename, TXT_R);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:689:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LINE_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:752:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(&fmt_ptr[--f], "%d", ival);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.h:40:24:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define MemCpy(a,b,c)  memcpy((a),(b),(size_t)(c))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myTag[STYLE_NAME_LENGTH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:65:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fontName[STYLE_NAME_LENGTH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTStyle.c:338:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char styleName[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:286:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char hostbuf[MAXHOSTNAMELEN];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:297:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char string[20];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:299:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(string, "%d.%d.%d.%d",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:541:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rest[REHOSTENT_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1455:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char hostbuf[1024], portbuf[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1629:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pbuf[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1644:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(pbuf, "%d", defport);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1703:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAXHOSTNAMELEN + 1];	/* The name of this host */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1963:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char hostbuf[1024], portbuf[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:2270:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char pbuf[4 + 1 + 255 + 2];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:2293:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&pbuf[i = 5], socks5_host, socks5_host_len);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:2299:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&pbuf[i], (unsigned char *) &x, sizeof x);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:118:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(temp + limit, "...");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:303:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rand_file[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:422:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:424:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buff, "Thread read: %d, error (%ld), fd = %d, len = %d",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:485:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buff, "Read Waiting (%2d.%01d) for %d Bytes",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:729:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssl_dn[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:787:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char empty[1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:795:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char crlf[3];		/* A CR LF equivalent string */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:810:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:829:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ssl_dn[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:874:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(temp, ":%d", HTTPS_PORT);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:883:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(temp, ":%d", SNEWS_PORT);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:892:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(crlf, "%c%c", CR, LF);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1164:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    static char buf[2048];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1373:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(temp, ";q=%4.3f;mxb=%" PRI_off_t "",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1376:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(temp, ";q=%4.3f", pres->quality);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1379:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(temp, ";mxb=%" PRI_off_t "", CAST_off_t (pres->maxbytes));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1979:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char server_version[VERSION_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1994:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    error_file = fopen(http_error_file, TXT_W);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:2000:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    error_file = fopen(http_error_file, TXT_A);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUU.c:40:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char six2pr[64] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTUU.c:49:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char pr2six[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:240:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char wwwname[LY_MAXPATH];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:353:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char End[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:382:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dirname[255 + 1];	/* keeps the directory name, including *.* */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char d_name[255 + 1];	/* name (up to MAXNAMLEN + 1) */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:424:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Actual[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:425:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char VMSentry[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:426:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char UnixEntry[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:435:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(UnixEntry, "%.*s", sizeof(UnixEntry) - 2, dirname);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:454:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(dir.dirname, "%.*s[000000]", sizeof(dir.dirname) - 9, DirEntry);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:457:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char End[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:495:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dir.dirname, "*.*;*");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:497:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(dir.dirname, "*.*");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:512:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char VMSentry[256];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:579:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char *months[12] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char date1[16], date2[16], time1[8], time2[8], month[4];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:642:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(date1, "9999");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:646:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(time1, "00:00");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:655:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(month, "%02d", i);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:664:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(date2, "9999");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:668:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		strcpy(time2, "00:00");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:677:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(month, "%02d", i);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:736:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ThisYear[8];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:738:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string_buffer[64];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:831:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(header, "r")) != NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:994:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if ((atoi((t + 19))) < atoi(ThisYear))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:994:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		if ((atoi((t + 19))) < atoi(ThisYear))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:1057:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(string_buffer, "  %d bytes",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:1060:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(string_buffer, "  %dKb",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2104:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char chunk_att[ATTRIBUTE_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2114:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char start[20], end[20];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2119:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(start, "%ld", doc->ChunkStart.Pos);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2121:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(end, "%ld", doc->ChunkEnd.Pos);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2447:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lengthBuf[11];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char serverBuf[11];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2455:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(lengthBuf, "%010ld", dataLen);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.h:388:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg_len[10];		/* length in bytes of following message */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.h:392:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char server[10];		/* name or address of server */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:74:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *database_names[2] =
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:128:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *database_names[2];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:129:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *element_names[3];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:244:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char length_array[11];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:247:20:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	response_length = atol(length_array);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[40];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1463:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(s, "%ld", num);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1912:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char attributes[ATTRIBUTE_LIST_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2074:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[100];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2076:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, "readquery: bytes: %ld", info->size);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:208:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char DIAG[DIAGNOSTIC_CODE_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:442:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Use[ATTRIBUTE_SIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:443:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Relation[ATTRIBUTE_SIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:444:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Position[ATTRIBUTE_SIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:445:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Structure[ATTRIBUTE_SIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:446:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Truncation[ATTRIBUTE_SIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:447:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Completeness[ATTRIBUTE_SIZE + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.h:452:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char Operator[OPERATOR_SIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:101:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char line[2048];		/* For building strings to display */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:240:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(result, "file://");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:259:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char hex[17] = "0123456789ABCDEF";
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:263:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[BIG];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:545:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(line, "%5ld  %5ld  ",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:618:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keywords[MAX_KEYWORDS_LENGTH + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:674:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    document_length = atol(doclength);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:714:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
					  atoi(service),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:792:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(filename, "r");	/* Have we found this already? */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWSRC.c:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *par_value[PAR_COUNT];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWSRC.c:108:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char param[BIG + 1];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWSRC.c:275:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(cache_file_name, TXT_W)) != 0) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *value[MAX_ATTRIBUTES];	/* NULL, or strings alloc'd with StrAllocCopy_extra() */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:658:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char replace_buf[64];	/* buffer for replacement strings */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:1652:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(me->U.utf_buf, "\357\277\275");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2473:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char temp[8];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2479:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(temp, "<WBR>%c", c);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2481:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(temp, "<WBR>");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2605:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char temp[8];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2615:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(temp, "<WBR>%c", c);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:2617:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(temp, "<WBR>");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4679:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char HI_data[2];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4680:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char LO_data[2];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4695:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char SJCODE[2];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/UCAux.h:52:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char utf_buf[8];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:502:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:564:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:663:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    const char *from_attr[10];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:768:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1037:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1054:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[80];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1193:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1024];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1373:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    input = fopen(optarg, "r");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1378:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    output = fopen(optarg, "w");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:30:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char common_name[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:31:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char country[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char email[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char locality_name[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char organization[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char organizational_unit_name[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/WWW/Library/Implementation/tidy_tls.h:36:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char state_or_province_name[TIDY_TLS_BUFSIZE];
data/lynx-2.9.0dev.6/lib/dirent.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[OFS_MAXPATHNAME];
data/lynx-2.9.0dev.6/src/AttrList.h:50:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char class_string[TEMPSTRINGSIZE + 1];
data/lynx-2.9.0dev.6/src/GridText.c:342:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[1];		/* Space for terminator at least! */
data/lynx-2.9.0dev.6/src/GridText.c:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[MAX_LINE + 2];
data/lynx-2.9.0dev.6/src/GridText.c:598:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char underscore_string[MAX_LINE + 1];
data/lynx-2.9.0dev.6/src/GridText.c:599:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char star_string[MAX_LINE + 1];
data/lynx-2.9.0dev.6/src/GridText.c:804:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(a->lites.hl_base.hl_text, text, (size_t) len);
data/lynx-2.9.0dev.6/src/GridText.c:1354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[7];
data/lynx-2.9.0dev.6/src/GridText.c:1678:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char percent[40];
data/lynx-2.9.0dev.6/src/GridText.c:1719:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(percent, gettext(" (l%d of %d)"),
data/lynx-2.9.0dev.6/src/GridText.c:1728:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(percent, gettext(" (p%d of %d)"),
data/lynx-2.9.0dev.6/src/GridText.c:1806:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(title + LYstrFittable(title, i), "...");
data/lynx-2.9.0dev.6/src/GridText.c:1987:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[7];
data/lynx-2.9.0dev.6/src/GridText.c:2697:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mod_line, line, LINE_SIZE(0));
data/lynx-2.9.0dev.6/src/GridText.c:3187:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp, previous, LINE_SIZE(previous->size));
data/lynx-2.9.0dev.6/src/GridText.c:3192:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp->styles, previous->styles, sizeof(HTStyleChange) * previous->numstyles);
data/lynx-2.9.0dev.6/src/GridText.c:4464:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hi, lo, tmp[2];
data/lynx-2.9.0dev.6/src/GridText.c:5187:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char marker[32];
data/lynx-2.9.0dev.6/src/GridText.c:5211:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(marker, "[%d]", a->show_number);
data/lynx-2.9.0dev.6/src/GridText.c:7030:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(dot, ".tar");
data/lynx-2.9.0dev.6/src/GridText.c:8914:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(HTMainAnchor->source_cache_file, "r");
data/lynx-2.9.0dev.6/src/GridText.c:10095:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char marker[16];
data/lynx-2.9.0dev.6/src/GridText.c:10216:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    f->size_l = atoi(HTCurSelectGroupSize);
data/lynx-2.9.0dev.6/src/GridText.c:10240:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	f->maxlength = (unsigned) atoi(I->maxlength);
data/lynx-2.9.0dev.6/src/GridText.c:10453:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(marker, "[%d]", a->show_number);
data/lynx-2.9.0dev.6/src/GridText.c:10598:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char marker[20];
data/lynx-2.9.0dev.6/src/GridText.c:10600:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(marker, "[%d]", text->last_anchor->show_number);
data/lynx-2.9.0dev.6/src/GridText.c:10712:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bfr[BUFSIZ + 1];
data/lynx-2.9.0dev.6/src/GridText.c:10717:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = fopen(val_used, BIN_R)) == 0) {
data/lynx-2.9.0dev.6/src/GridText.c:10789:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char temp[2];
data/lynx-2.9.0dev.6/src/GridText.c:12461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MAX_LINE];
data/lynx-2.9.0dev.6/src/GridText.c:12462:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lxbuf[MAX_LINE * 2];
data/lynx-2.9.0dev.6/src/GridText.c:12557:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		val = atoi(p);
data/lynx-2.9.0dev.6/src/GridText.c:12562:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(s, "%d", val);
data/lynx-2.9.0dev.6/src/GridText.c:12646:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    val = atoi(lx);
data/lynx-2.9.0dev.6/src/GridText.c:12653:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(lx, "%d", val);
data/lynx-2.9.0dev.6/src/GridText.c:12694:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp, ht, LINE_SIZE(0));
data/lynx-2.9.0dev.6/src/GridText.c:12699:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(temp->styles, ht->styles, sizeof(HTStyleChange) * ht->numstyles);
data/lynx-2.9.0dev.6/src/GridText.c:13038:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(ed_temp, "r")) != 0) {
data/lynx-2.9.0dev.6/src/GridText.c:13300:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ed_offset[DigitsOf(int) + 3];
data/lynx-2.9.0dev.6/src/GridText.c:13357:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(ed_offset, "%d", ((entry_line - start_line) + 1));
data/lynx-2.9.0dev.6/src/GridText.c:13611:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fp = fopen(fn, "r");
data/lynx-2.9.0dev.6/src/GridText.c:13877:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[7];
data/lynx-2.9.0dev.6/src/GridText.c:14068:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[7];
data/lynx-2.9.0dev.6/src/HTAlert.c:184:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "%.2g", ((double) n) / (double) kb_units);
data/lynx-2.9.0dev.6/src/HTAlert.c:210:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(s, "forever");
data/lynx-2.9.0dev.6/src/HTAlert.c:228:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(s, "% 2ld sec", t);
data/lynx-2.9.0dev.6/src/HTAlert.c:245:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bytesp[80], totalp[80], transferp[80];
data/lynx-2.9.0dev.6/src/HTAlert.c:370:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char tbuf[TIME_HMS_LENGTH];
data/lynx-2.9.0dev.6/src/HTAlert.c:583:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[240];
data/lynx-2.9.0dev.6/src/HTAlert.c:1196:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char temp[80];
data/lynx-2.9.0dev.6/src/HTAlert.c:1198:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(temp, "System errno is %d.\r\n", code);
data/lynx-2.9.0dev.6/src/HTFWriter.c:98:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/lynx-2.9.0dev.6/src/HTFWriter.c:100:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buf, "%.60s: %.60s: %.60s",
data/lynx-2.9.0dev.6/src/HTFWriter.c:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char copied[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTFWriter.c:154:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[BUFSIZ];
data/lynx-2.9.0dev.6/src/HTFWriter.c:190:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char expanded[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTFWriter.c:583:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[560];
data/lynx-2.9.0dev.6/src/HTFWriter.c:585:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "%.60s '%.400s': %.60s",
data/lynx-2.9.0dev.6/src/HTFWriter.c:679:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnam[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTFWriter.c:845:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnam[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTFWriter.c:1089:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fnam[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTFWriter.c:1090:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[LY_MAXPATH];	/* actually stores just a suffix */
data/lynx-2.9.0dev.6/src/HTInit.c:480:18:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		mc->maxbytes = atol(eq);
data/lynx-2.9.0dev.6/src/HTInit.c:781:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char TmpFileName[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTInit.c:958:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(file, TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/src/HTInit.c:1447:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[MAX_STRING_LEN];
data/lynx-2.9.0dev.6/src/HTInit.c:1448:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char word[MAX_STRING_LEN];
data/lynx-2.9.0dev.6/src/HTInit.c:1455:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((f = fopen(fn, TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/src/HTML.c:774:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(Style_className_end + offset, actual, length);
data/lynx-2.9.0dev.6/src/HTML.c:790:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *new_value[HTML_AREA_ATTRIBUTES];
data/lynx-2.9.0dev.6/src/HTML.c:1932:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		Percent = atoi(percent);
data/lynx-2.9.0dev.6/src/HTML.c:2045:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    (int) (((1.0 * atoi(value[HTML_TAB_INDENT])) / enval) + (0.5));
data/lynx-2.9.0dev.6/src/HTML.c:2391:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		seqnum = atoi(value[HTML_OL_SEQNUM]);
data/lynx-2.9.0dev.6/src/HTML.c:2394:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		seqnum = atoi(value[HTML_OL_START]);
data/lynx-2.9.0dev.6/src/HTML.c:2564:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char number_string[20];
data/lynx-2.9.0dev.6/src/HTML.c:2589:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		    seqnum = atoi(value[HTML_LI_VALUE]);
data/lynx-2.9.0dev.6/src/HTML.c:2623:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(number_string, "%2d.", seqnum);
data/lynx-2.9.0dev.6/src/HTML.c:4679:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		I.size = atoi(value[HTML_INPUT_SIZE]);
data/lynx-2.9.0dev.6/src/HTML.c:4897:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    me->textarea_cols = atoi(value[HTML_TEXTAREA_COLS]);
data/lynx-2.9.0dev.6/src/HTML.c:4916:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    me->textarea_rows = atoi(value[HTML_TEXTAREA_ROWS]);
data/lynx-2.9.0dev.6/src/HTML.c:5157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char marker[8];
data/lynx-2.9.0dev.6/src/HTML.c:5161:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(marker, "(%d)", opnum);
data/lynx-2.9.0dev.6/src/HTML.c:5370:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		span = atoi(value[HTML_COL_SPAN]);
data/lynx-2.9.0dev.6/src/HTML.c:5410:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		colspan = atoi(value[HTML_TD_COLSPAN]);
data/lynx-2.9.0dev.6/src/HTML.c:5414:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		rowspan = atoi(value[HTML_TD_ROWSPAN]);
data/lynx-2.9.0dev.6/src/HTML.c:5516:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char empty[1];
data/lynx-2.9.0dev.6/src/HTML.c:7845:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/HTML.h:118:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char OL_Type[12];	/* types for ordered lists */
data/lynx-2.9.0dev.6/src/LYBookmark.c:26:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *MBM_A_subbookmark[MBM_V_MAXFILES + 1];
data/lynx-2.9.0dev.6/src/LYBookmark.c:27:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *MBM_A_subdescript[MBM_V_MAXFILES + 1];
data/lynx-2.9.0dev.6/src/LYBookmark.c:34:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char MBMcodes[MBM_V_MAXFILES + 2] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
data/lynx-2.9.0dev.6/src/LYBookmark.c:76:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char filename_buffer[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYBookmark.c:116:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename_buffer, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYBookmark.c:151:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char newfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYBookmark.c:163:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename_buffer, TXT_R)) == NULL)
data/lynx-2.9.0dev.6/src/LYBookmark.c:209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename_buffer[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYBookmark.c:346:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename_buffer, (first_time ? TXT_W : TXT_A))) == NULL) {
data/lynx-2.9.0dev.6/src/LYBookmark.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename_buffer[NAM$C_MAXRSS + 12];
data/lynx-2.9.0dev.6/src/LYBookmark.c:465:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newfile[NAM$C_MAXRSS + 12];
data/lynx-2.9.0dev.6/src/LYBookmark.c:469:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename_buffer[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYBookmark.c:470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYBookmark.c:478:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char homepath[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYBookmark.c:489:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename_buffer, TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/src/LYBookmark.c:1064:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[2];
data/lynx-2.9.0dev.6/src/LYBookmark.c:1072:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char replace_buf[32];
data/lynx-2.9.0dev.6/src/LYBookmark.c:1081:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(replace_buf, "%ld", unicode);
data/lynx-2.9.0dev.6/src/LYCgi.c:106:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    env = (char **) realloc(env,
data/lynx-2.9.0dev.6/src/LYCgi.c:110:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    env = (char **) malloc(sizeof(env[0]) * (envc_size + 2));
data/lynx-2.9.0dev.6/src/LYCgi.c:363:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYCharSets.c:40:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *display_charset_choices[MAXCHARSETS + 1];
data/lynx-2.9.0dev.6/src/LYCharSets.c:41:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *assumed_charset_choices[MAXCHARSETS + 1];
data/lynx-2.9.0dev.6/src/LYCharSets.c:355:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *LYchar_set_names[MAXCHARSETS + 1] =
data/lynx-2.9.0dev.6/src/LYCharUtils.c:501:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char curdir[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:619:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char OLstring[8];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:622:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " A.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:626:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(OLstring, " %c.", (seqnum + 64));
data/lynx-2.9.0dev.6/src/LYCharUtils.c:630:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(OLstring, "%c%c.", ((seqnum - 1) / 26 + 64),
data/lynx-2.9.0dev.6/src/LYCharUtils.c:635:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(OLstring, "%c%c%c.", ((seqnum - 27) / 676 + 64),
data/lynx-2.9.0dev.6/src/LYCharUtils.c:640:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(OLstring, "ZZZ.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:650:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char OLstring[8];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:653:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " a.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:657:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(OLstring, " %c.", (seqnum + 96));
data/lynx-2.9.0dev.6/src/LYCharUtils.c:661:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(OLstring, "%c%c.", ((seqnum - 1) / 26 + 96),
data/lynx-2.9.0dev.6/src/LYCharUtils.c:666:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(OLstring, "%c%c%c.", ((seqnum - 27) / 676 + 96),
data/lynx-2.9.0dev.6/src/LYCharUtils.c:671:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(OLstring, "zzz.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:682:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char OLstring[20];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:686:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, "MMM.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:692:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " I.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:695:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " V.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:698:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " X.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:701:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " L.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:704:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " C.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:707:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " D.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:710:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " M.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:723:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "CM");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:733:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "CD");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:743:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "XC");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:753:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "XL");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:764:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "I.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:767:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "II.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:770:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "III.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:773:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "IV.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:776:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "V.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:779:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "VI.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:782:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "VII.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:785:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "VIII.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:788:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "IX.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:791:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "X.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:808:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char OLstring[20];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:812:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, "mmm.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:818:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " i.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:821:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " v.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:824:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " x.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:827:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " l.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:830:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " c.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:833:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " d.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:836:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(OLstring, " m.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:849:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "cm");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:859:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "cd");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:869:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "xc");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:879:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "xl");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:890:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "i.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:893:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "ii.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:896:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "iii.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:899:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "iv.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:902:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "v.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:905:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "vi.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:908:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "vii.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:911:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "viii.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:914:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "ix.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:917:2:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	strcat(OLstring, "x.");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1074:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char replace_buf[64];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1118:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sjis_str[3];
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1742:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(replace_buf, "U%.2" PRI_UCode_t "", code);
data/lynx-2.9.0dev.6/src/LYCharUtils.c:3010:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *value[HTML_BASE_ATTRIBUTES];
data/lynx-2.9.0dev.6/src/LYCookie.c:326:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(number) == port) {
data/lynx-2.9.0dev.6/src/LYCookie.c:815:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char crlftab[8];
data/lynx-2.9.0dev.6/src/LYCookie.c:817:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(crlftab, "%c%c%c", CR, LF, '\t');
data/lynx-2.9.0dev.6/src/LYCookie.c:1902:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	port = atoi(ptr);
data/lynx-2.9.0dev.6/src/LYCookie.c:2028:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char domain[256], path[LY_MAXPATH], name[256], value[4100];
data/lynx-2.9.0dev.6/src/LYCookie.c:2029:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char what[8], secure[8], expires_a[16];
data/lynx-2.9.0dev.6/src/LYCookie.c:2048:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    cookie_handle = fopen(cookie_file, TXT_R);
data/lynx-2.9.0dev.6/src/LYCookie.c:2110:12:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	expires = atol(expires_a);
data/lynx-2.9.0dev.6/src/LYCurses.c:963:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char dummyWindowTitle[256];
data/lynx-2.9.0dev.6/src/LYCurses.c:967:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char this_title[256];
data/lynx-2.9.0dev.6/src/LYCurses.c:980:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char org_title[256];
data/lynx-2.9.0dev.6/src/LYCurses.c:988:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(dummyWindowTitle, "Lynx for Win32 (pid=%ld)", pid);
data/lynx-2.9.0dev.6/src/LYCurses.c:1294:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE *fp = fopen("/dev/tty", "w");
data/lynx-2.9.0dev.6/src/LYCurses.c:1323:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(lines_putenv + 6, "%d", LYlines & 0xfff);
data/lynx-2.9.0dev.6/src/LYCurses.c:1324:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(cols_putenv + 8, "%d", LYcols & 0xfff);
data/lynx-2.9.0dev.6/src/LYCurses.c:1839:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(term, "vt100");
data/lynx-2.9.0dev.6/src/LYCurses.c:2407:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char buffer[20];	/* Input buffer                 */
data/lynx-2.9.0dev.6/src/LYCurses.c:2417:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char VersionVMS[20];	/* Version of VMS               */
data/lynx-2.9.0dev.6/src/LYCurses.c:2558:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(VersionVMS, "V0.0-0");
data/lynx-2.9.0dev.6/src/LYCurses.c:3224:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char result[3];
data/lynx-2.9.0dev.6/src/LYDownload.c:26:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char LYValidDownloadFile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYDownload.c:122:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    method_number = atoi(method);
data/lynx-2.9.0dev.6/src/LYDownload.c:483:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYEdit.c:77:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char position[80];
data/lynx-2.9.0dev.6/src/LYEdit.c:140:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(filename, TXT_A)) == NULL) {
data/lynx-2.9.0dev.6/src/LYEdit.c:164:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(position, "%d", lineno);
data/lynx-2.9.0dev.6/src/LYEdit.c:277:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char exitcode[80];
data/lynx-2.9.0dev.6/src/LYEdit.c:279:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(exitcode, "%d", WEXITSTATUS(rv));
data/lynx-2.9.0dev.6/src/LYEditmap.c:1227:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *LYEditorNames[TABLESIZE(LYLineEditors) + 1];
data/lynx-2.9.0dev.6/src/LYEditmap.c:1625:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comment[80];
data/lynx-2.9.0dev.6/src/LYEditmap.c:1673:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char temp[80];
data/lynx-2.9.0dev.6/src/LYEditmap.c:1687:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(temp, "^%c", j + 'A');
data/lynx-2.9.0dev.6/src/LYEditmap.c:1693:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(comment, "\t/* %c */", j);
data/lynx-2.9.0dev.6/src/LYExtern.c:121:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(result + n, "%%%02X", (unsigned char) parameter[i]);
data/lynx-2.9.0dev.6/src/LYExtern.c:167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pram_string[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYExtern.c:185:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char host[sizeof(pram_string)];
data/lynx-2.9.0dev.6/src/LYExtern.c:195:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char e_buff[LY_MAXPATH], *p;
data/lynx-2.9.0dev.6/src/LYExtern.c:201:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(e_buff, "%.3s/", windows_drive);
data/lynx-2.9.0dev.6/src/LYExtern.c:362:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYExtern.c:376:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buff, "Lynx: command line too long (%d > 255)", len);
data/lynx-2.9.0dev.6/src/LYGetFile.c:1152:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    *num = atoi(p);
data/lynx-2.9.0dev.6/src/LYGlobalDefs.h:161:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char star_string[MAX_LINE + 1];	/* from GridText.c */
data/lynx-2.9.0dev.6/src/LYGlobalDefs.h:450:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *authentication_info[2];	/* Id:Password for protected documents */
data/lynx-2.9.0dev.6/src/LYGlobalDefs.h:451:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *proxyauth_info[2];	/* Id:Password for protected proxy server */
data/lynx-2.9.0dev.6/src/LYGlobalDefs.h:566:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *MBM_A_subbookmark[MBM_V_MAXFILES + 1];
data/lynx-2.9.0dev.6/src/LYGlobalDefs.h:567:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *MBM_A_subdescript[MBM_V_MAXFILES + 1];
data/lynx-2.9.0dev.6/src/LYGlobalDefs.h:684:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char windows_drive[4];
data/lynx-2.9.0dev.6/src/LYHistory.c:656:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYHistory.c:737:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if ((number = atoi(newdoc->address + 9)) > nhist + nhist_extra || number < 0)
data/lynx-2.9.0dev.6/src/LYHistory.c:814:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYJump.c:400:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(jtp->file, "r", "mbc=32")) == NULL) {
data/lynx-2.9.0dev.6/src/LYJump.c:405:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    } else if ((fd = open(jtp->file, O_RDONLY, "mbc=32")) < 0)
data/lynx-2.9.0dev.6/src/LYJump.c:407:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(jtp->file, O_RDONLY)) < 0)
data/lynx-2.9.0dev.6/src/LYKeymap.c:759:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[30];
data/lynx-2.9.0dev.6/src/LYKeymap.c:775:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "%c", c);
data/lynx-2.9.0dev.6/src/LYKeymap.c:780:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "%c", c);
data/lynx-2.9.0dev.6/src/LYKeymap.c:782:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "^%c", FROMASCII(TOASCII(c) | 0100));
data/lynx-2.9.0dev.6/src/LYKeymap.c:784:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "key-0x%x", c);
data/lynx-2.9.0dev.6/src/LYKeymap.c:786:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf, "0x%x", c);
data/lynx-2.9.0dev.6/src/LYKeymap.c:844:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[30];
data/lynx-2.9.0dev.6/src/LYKeymap.c:1420:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comment[80];
data/lynx-2.9.0dev.6/src/LYKeymap.c:1460:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char temp[80];
data/lynx-2.9.0dev.6/src/LYKeymap.c:1474:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(temp, "^%c", used + 'A');
data/lynx-2.9.0dev.6/src/LYKeymap.c:1480:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(comment, "\t/* %c */", used);
data/lynx-2.9.0dev.6/src/LYKeymap.c:1482:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(comment, "\t/* DEL */");
data/lynx-2.9.0dev.6/src/LYLeaks.c:755:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(target, source, length);
data/lynx-2.9.0dev.6/src/LYList.c:48:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYLocal.c:319:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
		    strcpy(temp + len, "\\.");
data/lynx-2.9.0dev.6/src/LYLocal.c:382:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *result[MAX_ARGC];
data/lynx-2.9.0dev.6/src/LYLocal.c:608:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(path, BIN_W)) != 0) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1181:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testpath[DIRED_MAXBUF];
data/lynx-2.9.0dev.6/src/LYLocal.c:1274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char testpath[DIRED_MAXBUF];
data/lynx-2.9.0dev.6/src/LYLocal.c:1350:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYLocal.c:1352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpdst[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYLocal.c:1569:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char amode[10];
data/lynx-2.9.0dev.6/src/LYLocal.c:1573:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(amode, "%.4o", (unsigned) new_mode);
data/lynx-2.9.0dev.6/src/LYLocal.c:1675:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char line1[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYLocal.c:2047:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYLocal.c:2059:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/lynx-2.9.0dev.6/src/LYLocal.c:2309:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char savepath[DIRED_MAXBUF];		/* This will be the link that
data/lynx-2.9.0dev.6/src/LYMail.c:255:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LINESIZE];
data/lynx-2.9.0dev.6/src/LYMail.c:341:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(working, "\\%03o", ch);
data/lynx-2.9.0dev.6/src/LYMail.c:402:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bl_cmd_file[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:406:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dosname[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:593:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char self[MAX_SUBJECT + 10];
data/lynx-2.9.0dev.6/src/LYMail.c:594:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subject[MAX_SUBJECT + 10];
data/lynx-2.9.0dev.6/src/LYMail.c:596:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/lynx-2.9.0dev.6/src/LYMail.c:603:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hdrfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:606:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_tmpfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:696:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(subject, "mailto:%.63s", address);
data/lynx-2.9.0dev.6/src/LYMail.c:712:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(self, "%.*s", MAX_SUBJECT,
data/lynx-2.9.0dev.6/src/LYMail.c:922:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subject[128];
data/lynx-2.9.0dev.6/src/LYMail.c:923:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_tmpfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:927:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hdrfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:1024:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(subject, "Lynx Error in %.56s", filename);
data/lynx-2.9.0dev.6/src/LYMail.c:1060:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	(fp = fopen(LynxSigFile, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYMail.c:1139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char user_input[LINESIZE];
data/lynx-2.9.0dev.6/src/LYMail.c:1153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_tmpfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:1154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char default_subject[MAX_SUBJECT + 10];
data/lynx-2.9.0dev.6/src/LYMail.c:1159:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hdrfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:1164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpfile2[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMail.c:1166:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4096];		/* 512 */
data/lynx-2.9.0dev.6/src/LYMail.c:1602:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	(fp = fopen(LynxSigFile, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYMail.c:1616:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fd = fopen(my_tmpfile, TXT_A)) != NULL) {
data/lynx-2.9.0dev.6/src/LYMail.c:1697:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = fopen(my_tmpfile, TXT_R);
data/lynx-2.9.0dev.6/src/LYMain.c:82:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char init_ctrl_break[1];
data/lynx-2.9.0dev.6/src/LYMain.c:340:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char windows_drive[4];		/* 1998/01/13 (Tue) 21:13:24 */
data/lynx-2.9.0dev.6/src/LYMain.c:442:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *authentication_info[2] =
data/lynx-2.9.0dev.6/src/LYMain.c:472:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *proxyauth_info[2] =
data/lynx-2.9.0dev.6/src/LYMain.c:577:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char LYLeaksPath[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMain.c:961:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SSLLibraryVersion[256];
data/lynx-2.9.0dev.6/src/LYMain.c:1037:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMain.c:1399:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char *noargv[2];
data/lynx-2.9.0dev.6/src/LYMain.c:1667:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *my_args[2];
data/lynx-2.9.0dev.6/src/LYMain.c:1714:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMain.c:2403:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	rcfp = fopen(tempfile, "r");
data/lynx-2.9.0dev.6/src/LYMain.c:2592:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	HTCacheSize = atoi(next_arg);
data/lynx-2.9.0dev.6/src/LYMain.c:2842:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	HTNewsChunkSize = atoi(next_arg);
data/lynx-2.9.0dev.6/src/LYMain.c:2857:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	HTNewsMaxChunk = atoi(next_arg);
data/lynx-2.9.0dev.6/src/LYMain.c:3297:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int w = atoi(next_arg);
data/lynx-2.9.0dev.6/src/LYMain.c:3315:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    scrsize_x = atoi(next_arg);
data/lynx-2.9.0dev.6/src/LYMain.c:3316:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    scrsize_y = atoi(cp);
data/lynx-2.9.0dev.6/src/LYMain.c:4147:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[LINESIZE], *value = temp;
data/lynx-2.9.0dev.6/src/LYMain.c:4159:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(temp, "%d", *(q->int_value));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:65:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buff[8];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:2228:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int number = atoi(links[curdoc.link].lname + LEN_LYNXHIST);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:3572:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char prompt[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:3577:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(prompt, gettext("Query parameter %d: "), param++);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:5299:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf2[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:5325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:5495:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sjis_buff[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:5496:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp_buff[sizeof(sjis_buff) * 4];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:5517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cfile[128];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6791:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(cfile, "lnk%05d.dat", crawl_count);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6793:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(cfile, "lnk%08d.dat", crawl_count);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7114:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(cfile, "%d", c);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7984:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7989:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[128];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8119:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8125:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format, "%.*s ",
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8131:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format + prefix, "%.*s ",
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8141:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(format + prefix, "%%.%ds", MAX_STATUS - prefix);
data/lynx-2.9.0dev.6/src/LYNews.c:41:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!filename || (fp = fopen(filename, "r")) == NULL) {
data/lynx-2.9.0dev.6/src/LYNews.c:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char user_input[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYNews.c:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char CJKinput[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYNews.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_tempfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYNews.c:97:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char CJKfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYNews.c:196:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(user_input, "From: %.*s", (int) sizeof(user_input) - 8,
data/lynx-2.9.0dev.6/src/LYNews.c:213:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(user_input, "Subject: ");
data/lynx-2.9.0dev.6/src/LYNews.c:238:6:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
	    strcat(user_input, "Re: ");
data/lynx-2.9.0dev.6/src/LYNews.c:264:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    else if ((fp = fopen("/etc/organization", TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYNews.c:279:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char *p, fname[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYNews.c:284:6:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	    strcpy(p + 1, "LYNX_ETC.TXT");
data/lynx-2.9.0dev.6/src/LYNews.c:285:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fp = fopen(fname, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYNews.c:410:43:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((non_empty(LynxSigFile)) && (fp = fopen(LynxSigFile, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYNews.c:442:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fd = fopen(my_tempfile, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYOptions.c:239:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char actual[80];
data/lynx-2.9.0dev.6/src/LYOptions.c:352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *choices[MAXCHOICES];
data/lynx-2.9.0dev.6/src/LYOptions.c:2959:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int newval = atoi(data[i].value);
data/lynx-2.9.0dev.6/src/LYOptions.c:2971:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int newval = atoi(data[i].value);
data/lynx-2.9.0dev.6/src/LYOptions.c:3242:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    int newval = atoi(data[i].value);
data/lynx-2.9.0dev.6/src/LYOptions.c:3574:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(secure_value, "%ld", key);
data/lynx-2.9.0dev.6/src/LYOptions.c:3691:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYOptions.c:3872:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char temp[DigitsOf(i) + 3];
data/lynx-2.9.0dev.6/src/LYOptions.c:3874:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(temp, "%d", i);
data/lynx-2.9.0dev.6/src/LYOptions.c:3884:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[DigitsOf(i) + 3];
data/lynx-2.9.0dev.6/src/LYOptions.c:3886:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(temp, "%d", i);
data/lynx-2.9.0dev.6/src/LYOptions.c:3916:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[DigitsOf(i) + 3];
data/lynx-2.9.0dev.6/src/LYOptions.c:3921:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(temp, "%d", i);
data/lynx-2.9.0dev.6/src/LYPrettySrc.c:36:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *HTL_tagspecs_defaults[HTL_num_lexemes] =
data/lynx-2.9.0dev.6/src/LYPrettySrc.c:69:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char *HTL_tagspecs[HTL_num_lexemes];
data/lynx-2.9.0dev.6/src/LYPrettySrc.c:395:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1000];
data/lynx-2.9.0dev.6/src/LYPrettySrc.h:70:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    extern char *HTL_tagspecs[HTL_num_lexemes];
data/lynx-2.9.0dev.6/src/LYPrint.c:79:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *names[MAX_PUTENV] =
data/lynx-2.9.0dev.6/src/LYPrint.c:86:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char *pointers[MAX_PUTENV];
data/lynx-2.9.0dev.6/src/LYPrint.c:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[80];
data/lynx-2.9.0dev.6/src/LYPrint.c:486:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hdrfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYPrint.c:491:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_temp[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYPrint.c:816:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char my_temp[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYPrint.c:1124:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	lines_in_file = atoi(cp);
data/lynx-2.9.0dev.6/src/LYPrint.c:1145:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    printer_number = atoi(cp);
data/lynx-2.9.0dev.6/src/LYPrint.c:1150:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	    pagelen = atoi(cp);
data/lynx-2.9.0dev.6/src/LYPrint.c:1263:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char my_temp[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYReadCFG.c:139:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[20];
data/lynx-2.9.0dev.6/src/LYReadCFG.c:161:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	*target = atoi(source);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:304:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int value = atoi(number);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:341:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Color_Strings[16] =
data/lynx-2.9.0dev.6/src/LYReadCFG.c:469:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    color = atoi(buffer);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:698:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    HTCacheSize = atoi(value);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:859:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYReadCFG.c:876:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    HTNewsChunkSize = atoi(value);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:888:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    HTNewsMaxChunk = atoi(value);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:949:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    status_buf_size = atoi(value);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1368:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    session_limit = (short) atoi(value);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1384:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	scrsize_x = atoi(value);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1385:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	scrsize_y = atoi(cp);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1911:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    result = fopen(my_file, TXT_R);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:2384:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYReadCFG.c:2600:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYSession.c:86:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(my_filename, TXT_R)) != NULL) {
data/lynx-2.9.0dev.6/src/LYSession.c:128:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			doc.line = atoi(rsline);
data/lynx-2.9.0dev.6/src/LYSession.c:129:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			doc.link = atoi(linktext);
data/lynx-2.9.0dev.6/src/LYSession.c:154:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			    vl->level = atoi(rslevel);
data/lynx-2.9.0dev.6/src/LYSession.c:193:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(my_filename, TXT_W)) != NULL) {
data/lynx-2.9.0dev.6/src/LYShowInfo.c:61:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char temp[LYNX_DATE_LEN + 1];
data/lynx-2.9.0dev.6/src/LYShowInfo.c:141:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYShowInfo.c:216:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char modes[80];
data/lynx-2.9.0dev.6/src/LYShowInfo.c:233:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYShowInfo.c:242:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(buf, "%.*s", (int) limit,
data/lynx-2.9.0dev.6/src/LYShowInfo.c:279:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(modes, ", read");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:281:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(modes, ", write");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:284:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(modes, ", search");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:286:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(modes, ", execute");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:288:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(modes, ", setuid");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:297:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(modes, ", read");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:299:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(modes, ", write");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:302:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(modes, ", search");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:304:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(modes, ", execute");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:306:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(modes, ", setgid");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:315:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(modes, ", read");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:317:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		strcat(modes, ", write");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:320:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(modes, ", search");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:322:7:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
		    strcat(modes, ", execute");
data/lynx-2.9.0dev.6/src/LYShowInfo.c:325:4:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
			strcat(modes, ", sticky");
data/lynx-2.9.0dev.6/src/LYStrings.c:595:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void) memcpy(target, source, (size_t) n);
data/lynx-2.9.0dev.6/src/LYStrings.c:1001:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYStrings.c:1072:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[80];
data/lynx-2.9.0dev.6/src/LYStrings.c:1140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYStrings.c:1200:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char buf[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYStrings.c:1233:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char buf[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYStrings.c:1337:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYStrings.c:1426:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYStrings.c:1432:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(file, "r")) == 0)
data/lynx-2.9.0dev.6/src/LYStrings.c:1537:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char keybuf[2];
data/lynx-2.9.0dev.6/src/LYStrings.c:1610:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *choices[TOTAL_MENUENTRIES + 1];
data/lynx-2.9.0dev.6/src/LYStrings.c:2400:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char mouse_info[128];
data/lynx-2.9.0dev.6/src/LYStrings.c:2831:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[MAX_LINE], *s, *d;
data/lynx-2.9.0dev.6/src/LYStrings.c:2832:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char s_str[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYStrings.c:3204:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char utfbuf[8];
data/lynx-2.9.0dev.6/src/LYStrings.c:3231:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(Buffer + off, utfbuf, (size_t) l);
data/lynx-2.9.0dev.6/src/LYStrings.c:3641:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	result = atoi(p);
data/lynx-2.9.0dev.6/src/LYStrings.c:4094:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(target, "%*d: %.*s",
data/lynx-2.9.0dev.6/src/LYStrings.c:4125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Cnum[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYStrings.c:4215:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char Cnum[64];
data/lynx-2.9.0dev.6/src/LYStrings.c:4229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYStrings.c:4264:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(Cnum, "%d: ", num_choices);
data/lynx-2.9.0dev.6/src/LYStrings.c:5416:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char helpbuf[LY_MAXPATH] = "\0";
data/lynx-2.9.0dev.6/src/LYStrings.c:6082:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYStrings.c:6139:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	cmd_script = fopen(lynx_cmd_script, TXT_R);
data/lynx-2.9.0dev.6/src/LYStyle.c:111:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char our_pairs[2]
data/lynx-2.9.0dev.6/src/LYStyle.c:690:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[64];
data/lynx-2.9.0dev.6/src/LYStyle.c:692:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(tmp, ";%.*s", (int) sizeof(tmp) - 3, tagname);
data/lynx-2.9.0dev.6/src/LYTraversal.c:44:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((ifp = fopen(TRAVERSE_FILE, TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/src/LYTraversal.c:153:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((ifp = fopen(TRAVERSE_REJECT_FILE, TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/src/LYUpload.c:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUpload.c:68:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    method_number = atoi(method);
data/lynx-2.9.0dev.6/src/LYUpload.c:174:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char tempfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:262:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:300:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer[256];
data/lynx-2.9.0dev.6/src/LYUtils.c:505:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYUtils.c:506:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[7];
data/lynx-2.9.0dev.6/src/LYUtils.c:1125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYUtils.c:1130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[7];
data/lynx-2.9.0dev.6/src/LYUtils.c:1391:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYUtils.c:1397:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text_buff[MAX_LINE];
data/lynx-2.9.0dev.6/src/LYUtils.c:1666:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    new_fd = open(term_name, O_RDONLY);
data/lynx-2.9.0dev.6/src/LYUtils.c:1671:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    new_fd = open(term_name, O_RDONLY);
data/lynx-2.9.0dev.6/src/LYUtils.c:1677:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    new_fd = open(term_name, O_RDONLY);
data/lynx-2.9.0dev.6/src/LYUtils.c:1682:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    new_fd = open(term_name = TTY_DEVICE, O_RDONLY);
data/lynx-2.9.0dev.6/src/LYUtils.c:2798:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (LYCloseOutput(fopen(filename, "w"))) {
data/lynx-2.9.0dev.6/src/LYUtils.c:2817:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(filename, "r")) != 0) {
data/lynx-2.9.0dev.6/src/LYUtils.c:2951:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (mytty && (fp = fopen(UTMP_FILE, "r")) != NULL) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3050:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(where, &oact, sizeof(oact));
data/lynx-2.9.0dev.6/src/LYUtils.c:3261:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(fname, "temp%.*s", LY_MAXPATH - 10, temp);
data/lynx-2.9.0dev.6/src/LYUtils.c:3523:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char used_tempname[SIZE_TEMPNAME];
data/lynx-2.9.0dev.6/src/LYUtils.c:3527:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char leaf[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:3605:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(result, "%.*s", LY_MAXPATH - 1, leaf);
data/lynx-2.9.0dev.6/src/LYUtils.c:3933:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char user[13], dir[252];
data/lynx-2.9.0dev.6/src/LYUtils.c:4490:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char url_file[LY_MAXPATH], file_name[LY_MAXPATH], dir_name[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:4570:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		    sprintf(url_file, "/%.*s", sizeof(url_file) - 2, old_string);
data/lynx-2.9.0dev.6/src/LYUtils.c:4598:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(url_file, "/%.*s", sizeof(url_file) - 2, old_string);
data/lynx-2.9.0dev.6/src/LYUtils.c:4615:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char fullpath[MAX_PATH + 1];
data/lynx-2.9.0dev.6/src/LYUtils.c:4636:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char curdir[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:4661:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char curdir[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:4799:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    char buff[LY_MAXPATH + 128];
data/lynx-2.9.0dev.6/src/LYUtils.c:5398:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(fbuffer, "./");
data/lynx-2.9.0dev.6/src/LYUtils.c:5447:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char temp[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:5592:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(fbuffer, "%.*s",
data/lynx-2.9.0dev.6/src/LYUtils.c:5632:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char temp[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:5713:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	(void) memcpy((char *) new_environ, (char *) environ, size * sizeof(char *));
data/lynx-2.9.0dev.6/src/LYUtils.c:5878:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int fd = open(name, O_CREAT | O_EXCL | O_WRONLY, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYUtils.c:5885:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		fd = open(name, O_CREAT | O_EXCL | O_WRONLY, HIDE_CHMOD);
data/lynx-2.9.0dev.6/src/LYUtils.c:5900:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen(name, mode);
data/lynx-2.9.0dev.6/src/LYUtils.c:5916:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    fp = fopen(name, mode);
data/lynx-2.9.0dev.6/src/LYUtils.c:5922:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define OpenHiddenFile(name, mode) fopen(name, mode)
data/lynx-2.9.0dev.6/src/LYUtils.c:5928:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *fp = fopen(name, BIN_W, "mbc=32");
data/lynx-2.9.0dev.6/src/LYUtils.c:5942:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(name, TXT_W, "shr=get");
data/lynx-2.9.0dev.6/src/LYUtils.c:5960:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(name, TXT_A, "shr=get");
data/lynx-2.9.0dev.6/src/LYUtils.c:6429:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char result[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:6710:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		static char buf[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:6801:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char temp[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:7070:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char buff[BUFSIZ];
data/lynx-2.9.0dev.6/src/LYUtils.c:7074:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fin = fopen(src, BIN_R)) != 0) {
data/lynx-2.9.0dev.6/src/LYUtils.c:7075:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((fout = fopen(dst, BIN_W)) != 0) {
data/lynx-2.9.0dev.6/src/LYUtils.c:7190:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cmd[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:7191:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char win32_name[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:7192:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_cmd[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYUtils.c:7193:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char new_command[LY_MAXPATH * 2 + 10];
data/lynx-2.9.0dev.6/src/LYUtils.c:7219:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(new_command, "%.*s \"%.*s\"",
data/lynx-2.9.0dev.6/src/LYUtils.c:7233:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(new_command, "%.*s %.*s", LY_MAXPATH, new_cmd, LY_MAXPATH, win32_name);
data/lynx-2.9.0dev.6/src/LYUtils.c:7494:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pByte, s, sz);
data/lynx-2.9.0dev.6/src/LYUtils.c:7787:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char msg_buff[256];
data/lynx-2.9.0dev.6/src/LYUtils.c:7790:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    __declspec(thread) static char msg_buff[256];
data/lynx-2.9.0dev.6/src/LYUtils.c:7794:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char *p, *q, tmp_buff[256];
data/lynx-2.9.0dev.6/src/LYUtils.c:8037:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	return fopen(fname, mode);
data/lynx-2.9.0dev.6/src/LYebcdic.c:8:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const       char un_IBM1047[ 256 ] = /* ETOA OEMVS311 */
data/lynx-2.9.0dev.6/src/LYebcdic.c:27:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char IBM1047[ 256 ] = /* ATOE OEMVS311 */
data/lynx-2.9.0dev.6/src/LYmktime.c:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[8];
data/lynx-2.9.0dev.6/src/LYmktime.c:122:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    day = atoi(temp);
data/lynx-2.9.0dev.6/src/LYmktime.c:144:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	month = atoi(temp);
data/lynx-2.9.0dev.6/src/LYmktime.c:239:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if (atoi(start) >= 70)
data/lynx-2.9.0dev.6/src/LYmktime.c:248:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    year = atoi(temp);
data/lynx-2.9.0dev.6/src/LYmktime.c:266:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	hour = atoi(temp);
data/lynx-2.9.0dev.6/src/LYmktime.c:281:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	minutes = atoi(temp);
data/lynx-2.9.0dev.6/src/LYmktime.c:296:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	seconds = atoi(temp);
data/lynx-2.9.0dev.6/src/LYrcFile.c:701:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char MBM_line[256];
data/lynx-2.9.0dev.6/src/LYrcFile.c:780:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(MBM_line, "multi_bookmark%c", UCH(LYindex2MBM(n)));
data/lynx-2.9.0dev.6/src/LYrcFile.c:818:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rcfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/LYrcFile.c:825:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((fp = fopen(rcfile, TXT_R)) == NULL) {
data/lynx-2.9.0dev.6/src/LYrcFile.c:946:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rcfile[LY_MAXPATH];
data/lynx-2.9.0dev.6/src/TRSTable.c:990:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		    memcpy(row->cells, me->rowspans2eog.cells,
data/lynx-2.9.0dev.6/src/TRSTable.c:1087:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			    memcpy(row->cells, me->rowspans2eog.cells,
data/lynx-2.9.0dev.6/src/TRSTable.c:1362:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lastrow->cells, prev_row->cells,
data/lynx-2.9.0dev.6/src/UCAuto.c:197:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/dev/tty", O_WRONLY);
data/lynx-2.9.0dev.6/src/UCAuto.c:592:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[160];
data/lynx-2.9.0dev.6/src/UCAuto.c:606:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(buf,
data/lynx-2.9.0dev.6/src/UCAuto.c:641:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf,
data/lynx-2.9.0dev.6/src/UCAuto.c:733:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(msgbuf,
data/lynx-2.9.0dev.6/src/UCAuto.c:748:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	file = fopen(fnamebuf, BIN_R);
data/lynx-2.9.0dev.6/src/UCAuto.c:769:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(msgbuf, gettext("Can't set font: err=%#x=%d"), rc, rc);
data/lynx-2.9.0dev.6/src/UCdomap.c:95:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *UC_GNsetMIMEnames[4] =
data/lynx-2.9.0dev.6/src/UCdomap.c:276:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char inv_norm_transl[MAX_GLYPH];
data/lynx-2.9.0dev.6/src/UCdomap.c:277:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char *inverse_translations[4] =
data/lynx-2.9.0dev.6/src/UCdomap.c:413:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ***uni_pagedir_str[32] =
data/lynx-2.9.0dev.6/src/UCdomap.c:438:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char ***unidefault_pagedir_str[32] =
data/lynx-2.9.0dev.6/src/UCdomap.c:509:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    p2 = (const char **) p1[n];
data/lynx-2.9.0dev.6/src/UCdomap.c:946:6:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	    char str[3], *pin, *pout;
data/lynx-2.9.0dev.6/src/UCdomap.c:1139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char outbuf[3], *pin, *pout;
data/lynx-2.9.0dev.6/src/UCdomap.c:1166:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[10];
data/lynx-2.9.0dev.6/src/UCdomap.c:1206:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char obuffer[3], *pin, *pout;
data/lynx-2.9.0dev.6/src/UCdomap.c:1821:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		    static char dummy[2];	/* one char dummy string */
data/lynx-2.9.0dev.6/src/UCdomap.c:2131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lyName[80];
data/lynx-2.9.0dev.6/src/UCdomap.c:2132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char myMimeName[80];
data/lynx-2.9.0dev.6/src/UCdomap.c:2346:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buf[16];
data/lynx-2.9.0dev.6/src/UCdomap.c:2365:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(buf, "ISO-8859-\0\0", 12);
data/lynx-2.9.0dev.6/src/Xsystem.c:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char SW[3];
data/lynx-2.9.0dev.6/src/Xsystem.c:297:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdb[STR_MAX];
data/lynx-2.9.0dev.6/src/Xsystem.c:301:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(cmdb, "%.*s.com", (int) sizeof(cmdb) - 5, cnm);
data/lynx-2.9.0dev.6/src/Xsystem.c:302:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((rc = open(cmdb, O_RDONLY)) >= 0) {
data/lynx-2.9.0dev.6/src/Xsystem.c:307:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(cmdb, "%.*s.exe", (int) sizeof(cmdb) - 5, cnm);
data/lynx-2.9.0dev.6/src/Xsystem.c:308:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((rc = open(cmdb, O_RDONLY)) >= 0) {
data/lynx-2.9.0dev.6/src/Xsystem.c:313:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(cmdb, "%.*s.bat", (int) sizeof(cmdb) - 5, cnm);
data/lynx-2.9.0dev.6/src/Xsystem.c:314:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((rc = open(cmdb, O_RDONLY)) >= 0) {
data/lynx-2.9.0dev.6/src/Xsystem.c:325:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdb[STR_MAX];
data/lynx-2.9.0dev.6/src/Xsystem.c:348:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((rc = open(cmdb, O_RDONLY)) >= 0) {
data/lynx-2.9.0dev.6/src/Xsystem.c:378:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	    if ((rc = open(p->cmd, O_RDONLY)) >= 0) {
data/lynx-2.9.0dev.6/src/Xsystem.c:392:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tplate[STR_MAX];
data/lynx-2.9.0dev.6/src/Xsystem.c:413:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(fn, md, 0666)) != -1) {
data/lynx-2.9.0dev.6/src/Xsystem.c:583:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line_buff[STR_MAX];
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:261:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char this_MIMEcharset[UC_MAXLEN_MIMECSNAME + 1];
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:262:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char this_LYNXcharset[UC_MAXLEN_LYNXCSNAME + 1];
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:263:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char id_append[UC_MAXLEN_ID_APPEND + 1] = "_";
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:310:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[65536];
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:327:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	ctbl = fopen(tblname = argv[1], "r");
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:349:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(p, ".h");
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:356:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	chdr = fopen(hdrname, "w");
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:604:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
			sprintf(p1, "\\%.3o", UCH(ch));
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:773:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(this_LYNXcharset, this_MIMEcharset, UC_MAXLEN_LYNXCSNAME);
data/lynx-2.9.0dev.6/src/parsdate.c:844:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[20];
data/lynx-2.9.0dev.6/src/parsdate.c:894:6:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	i = atoi(buff);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:146:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  + (scheme_name ? strlen(scheme_name) : 0)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:147:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  + (scheme_specifics ? strlen(scheme_specifics) : 0));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:156:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(HTAAForwardAuth, " ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:739:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (strlen(NonNull(realm->username)) +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:740:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	   strlen(NonNull(realm->password)) + 3);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:748:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len += strlen(NonNull(secret_key)) + 30;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:761:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(cleartext, ":");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:767:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(cleartext, ":");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:769:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(cleartext, ":");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:771:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(cleartext, ":");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:781:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	HTUU_encode((unsigned char *) ciphertext, strlen(ciphertext),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:791:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	HTUU_encode((unsigned char *) cleartext, strlen(cleartext),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:998:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(auth_string) + strlen(HTAAScheme_name(scheme)) + 26;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:998:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(auth_string) + strlen(HTAAScheme_name(scheme)) + 26;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1076:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(auth_string) + strlen(HTAAScheme_name(scheme)) + 20;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1076:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(auth_string) + strlen(HTAAScheme_name(scheme)) + 20;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAABrow.c:1084:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(HTAA_composeAuthResult, " ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAUtil.c:237:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	m = (int) (strlen(q) - strlen(p));	/* Amount to match to wildcard */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAUtil.c:237:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	m = (int) (strlen(q) - strlen(p));	/* Amount to match to wildcard */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAUtil.c:287:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	m = (int) (strlen(q) - strlen(p));	/* Amount to match to wildcard */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAAUtil.c:287:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	m = (int) (strlen(q) - strlen(p));	/* Amount to match to wildcard */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:324:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    h_len = (int) strlen(Host);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:1284:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *escaped = typecallocn(char, (strlen(keywords) * 3) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAccess.c:1310:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (e = s + strlen(s); e > s && WHITE(*(e - 1)); e--)	/* Scan */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAssoc.c:78:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strncasecomp(assoc->name, name, (int) strlen(name)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAtom.c:37:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define HASH_FUNCTION(cp_hash) ((strlen(cp_hash) * UCH(*cp_hash)) % HASH_SIZE)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTAtom.c:64:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    a->name = (char *) malloc(strlen(string) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.c:24:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = (int) strlen(source);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTDOS.c:73:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    wwwname_len = (int) strlen(wwwname);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:302:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *filename = (char *) malloc(strlen(fn) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:303:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *nodename = (char *) malloc(strlen(nn) + 2 + 1);	/* Copies to hack */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:313:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(nodename, "");	/* On same node?  Yes if node names match */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:488:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	status = (int) NETWRITE(control->socket, cmd, (unsigned) strlen(cmd));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:711:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (response_text[strlen(response_text) - 1] == ']') {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:929:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(response_text) > 4) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1606:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = (int) strlen(line) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1708:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1728:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (entry_info->filename[strlen(entry_info->filename) - 1] == '/')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1767:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1770:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(*pspilledname);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1802:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strlen(line) || (cp = StrChr(line, ';')) == NULL) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1814:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = (int) strlen(entry_info->filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1825:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    i = (int) strlen(entry_info->filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1863:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(cpd) > 9 && isdigit(UCH(*(cpd - 1))) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1879:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen(cpd) > 15 && *(cpd + 12) == ':') {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1935:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *end = line + strlen(line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:1972:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cpd) > 17) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2004:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *end = line + strlen(line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2044:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (cps > end || cpd == cps || strlen(cpd) < 7) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2048:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(cp) == 8 &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2112:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char *end = line + strlen(line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2271:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(entry);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2324:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(entry);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2404:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(entry_info->filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2488:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(entry);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2524:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(entry_info->filename) > 3) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2636:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen(entry1->date) == 12 &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2637:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strlen(entry2->date) == 12) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:2743:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    end = str + strlen(str);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3153:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		name_len = strlen(entry_info->filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3550:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (fn[strlen(fn) - 1] != '/') {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3565:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(filename) > 3) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3748:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(filename) > 1 && filename[strlen(filename) - 1] == '/')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3748:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(filename) > 1 && filename[strlen(filename) - 1] == '/')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3749:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    filename[strlen(filename) - 1] = '\0';
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3794:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (strlen(filename) == 1 && *filename == '/')) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFTP.c:3852:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((strlen(filename) == 1 && *filename == '/') ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:300:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    end = str + strlen(str);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:835:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (suff->suffix && (strlen(suff->suffix) <= 4)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:926:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lf = (int) strlen(filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:932:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = (int) strlen(suff->suffix);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:947:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		ls2 = (int) strlen(suff->suffix);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1237:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int lf = (int) strlen(filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1248:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ls = (int) strlen(suff->suffix);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1281:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1532:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (((len = (int) strlen(escaped)) > 2) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1618:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    BOOL local_link = (strlen(logical) > 18
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1742:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (parent != 0 && strlen(parent) == 3) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:1851:15:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while ((ch = fgetc(fp)) != EOF) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2025:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	data = (DIRED *) malloc(sizeof(DIRED) + strlen(dirbuf->d_name) + 4);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2299:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2881:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((strlen(localname) > strlen(MULTI_SUFFIX)) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2881:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((strlen(localname) > strlen(MULTI_SUFFIX)) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2882:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (0 == strcmp(localname + strlen(localname) - strlen(MULTI_SUFFIX),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2882:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (0 == strcmp(localname + strlen(localname) - strlen(MULTI_SUFFIX),
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2900:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		baselen = strlen(base) - strlen(MULTI_SUFFIX);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2900:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		baselen = strlen(base) - strlen(MULTI_SUFFIX);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:2919:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(dirbuf->d_name) > baselen &&		/* Match? */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFile.c:3017:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(localname) == 2 && LYIsDosDrive(localname))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c:116:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = (int) strlen(command);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTFinger.c:167:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = ((int) strlen(cmd) - 1); i >= 0; i--) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:355:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int i = (int) strlen(name) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:826:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *length = (int) strlen(buf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:912:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:919:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *length = (int) strlen(buf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1061:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    alen = strlen((char *) &p[i]) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1090:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			alen = strlen(name) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1099:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			alen = strlen((char *) &p[i]) + 2;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1106:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy((char *) &newf->attributes[alen - 2], " ");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1200:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1220:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    size_t slen = strlen(ctx.seek);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1227:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					j = (int) strlen(ctemplate[--i]) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1243:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, temp, (int) strlen(temp));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1254:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1263:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1328:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1333:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1337:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1343:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1353:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			i = (int) strlen(fname) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1378:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1381:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1422:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1426:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1466:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1470:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1477:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1666:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
								   strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1691:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1693:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1714:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1717:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    (*Target->isa->put_block) (Target, buf, (int) strlen(buf));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1801:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((len = strlen(arg)) > 5) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1850:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(char *) malloc(strlen(selector) + 1 + strlen(query) + 2 + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1850:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(char *) malloc(strlen(selector) + 1 + strlen(query) + 2 + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1856:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(command, "\t");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1867:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    de_escape(&command[strlen(command)], query);	/* bug fix LJM 940415 */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1883:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    command = (char *) malloc(strlen("query") + 1 +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1884:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				      strlen(query) + 2 + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1900:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    de_escape(&command[strlen(command)], query);	/* bug fix LJM 940415 */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1903:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    command = (char *) malloc(strlen(selector) + 2 + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1913:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *p = command + strlen(command);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGopher.c:1964:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    status = (int) NETWRITE(s, command, (int) strlen(command));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTGroup.c:76:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((ch = getc(fp)) != EOF && ch != '\n')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTLex.c:61:15:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	switch (ch = getc(fp)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:183:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = strlen(cp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:213:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(url);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:2308:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((buf = typeMallocn(char, strlen(s) * 3 + 1)) == 0)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:2350:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((buf = typeMallocn(char, strlen(s) + 1)) == 0)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:2394:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((buf = typeMallocn(char, strlen(source) + 1)) == 0)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTMIME.c:2469:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((buf = typeMallocn(char, strlen(s) * 2 + 1)) == 0)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:196:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		&& strlen(the_host) != 0
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:197:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		&& strlen(the_pass) != 0
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:198:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		&& strlen(the_user) != 0) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:314:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int length = (int) strlen(command);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:787:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(NewsHREF) + (size_t) (p - addr) + 1 < sizeof(href)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:934:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(buf, ".");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:937:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	llen = (int) strlen(line);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:983:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(buf, ".");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1151:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (msgid[0] == '<' && msgid[strlen(msgid) - 1] == '>') {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1152:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			msgid[strlen(msgid) - 1] = '\0';	/* Chop > */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1580:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (arg && strlen(arg) > 1) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1584:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (arg[strlen(arg) - 1] == '*') {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1587:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    pattern[strlen(pattern) - 1] = '\0';
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1590:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(pattern);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:1994:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				addr[strlen(addr) - 1] = '\0';	/* Chop > */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2006:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				p2 = author + strlen(author) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2425:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (int) (strlen(proxycmd) - 4), proxycmd));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2426:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(command, "/");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2459:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(p1) > 249) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2473:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(p1) >= sizeof(groupName)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2494:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(p1) >= sizeof(groupName)) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2507:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(p1) + add_open + add_close >= 252) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2521:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    char *p = command + strlen(command);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTNews.c:2714:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    status = (int) NEWS_NETWRITE(s, proxycmd, (int) strlen(proxycmd));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:200:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = string + strlen(string);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:265:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t length = strlen(host);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:378:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len1 = strlen(aName) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:379:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len2 = strlen(relatedName) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:444:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    tail += strlen(tail);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:524:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    int len3 = (int) strlen(tail);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:644:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			p = (tail + strlen(tail) - 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:651:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		    strcpy(base, "/");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:701:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    tail += strlen(tail);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:738:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		q = p + strlen(p) + 2;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:787:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t need = ((unsigned) ((p - aName) + (int) strlen(p) + 1));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:791:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p += strlen(p);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:844:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    limit = strlen(filename);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTParse.c:998:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = typecallocn(char, 3 * levels + strlen(last_slash) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:237:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    m = (int) strlen(q) - (int) strlen(p + 1);	/* Amount to match to wildcard */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:237:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    m = (int) strlen(q) - (int) strlen(p + 1);	/* Amount to match to wildcard */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:659:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (cond && !strncasecomp(cond, "redirected", (int) strlen(cond))) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:661:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    } else if (cond && strlen(cond) >= 8 &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTRules.c:662:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		       !strncasecomp(cond, "userspecified", (int) strlen(cond))) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:304:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t size = strlen(src) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:325:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t length = strlen(*dest);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:327:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *dest = (char *) realloc(*dest, length + strlen(src) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:332:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *dest = (char *) malloc(strlen(src) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:356:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t srcsize = strlen(src) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:644:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t src_len = strlen(temp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:654:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    mark_malloced(temp, strlen(temp));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:686:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    need = strlen(fmt) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:704:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	have = strlen(dst_ptr) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:753:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    f = strlen(fmt_ptr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:799:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    prec = (int) strlen(pval);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:865:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    need = dst_len + strlen(tmp_ptr) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:870:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    dst_len += strlen(tmp_ptr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:910:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    inuse = strlen(*pstr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:960:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    last = strlen(parameter);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:1118:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     ? strlen(*result)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:1188:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     ? strlen(*result)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:1313:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HTSABCopy(dest, src, (int) strlen(src));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:1365:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HTSABCat(dest, src, (int) strlen(src));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.c:1410:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    HTSABCat(pstr, temp, (int) strlen(temp));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.h:36:24:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
#define StrNCat(a,b,c) strncat((a),(b),(size_t)(c))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTString.h:37:24:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
#define StrNCpy(a,b,c) strncpy((a),(b),(size_t)(c))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:458:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	unsigned got = (unsigned) read(fd, buffer, length);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:563:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	name_len = strlen(phost->h_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:575:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    need += strlen(phost->h_aliases[num_aliases]) + 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:620:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p_next_char += strlen(phost->h_aliases[n]) + 1;;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1348:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    soc_in->sdn_nam.n_len = min(DN_MAXNAML, strlen(host));	/* <=6 in phase 4 */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1874:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(socks5_host) > 255) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTCP.c:1879:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	socks5_host_len = (unsigned) strlen(socks5_host);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:106:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return ((int) strlen(actual) > LYcols - 7) ? TRUE : FALSE;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:111:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int limit = ((int) strlen(source)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:112:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		 - ((int) strlen(actual) - (LYcols - 10)));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:755:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	p = host + strlen(host) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:963:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     ssl_host, strlen(ssl_host));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1388:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len += (int) strlen(linebuf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1394:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = (int) strlen(linebuf);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1447:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (linebuf[strlen(linebuf) - 1] == ',')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1448:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		linebuf[strlen(linebuf) - 1] = '\0';
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1526:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int nn = (pound ? (int) (pound - cp) : (int) strlen(cp));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:1983:11:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	fields = sscanf(line_buffer, "%20s %d",
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:2072:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    while (line_buffer[strlen(line_buffer) - 1] == ' ')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:2073:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		line_buffer[strlen(line_buffer) - 1] = '\0';
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTTP.c:2710:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (redirecting_url[strlen(redirecting_url) - 1]
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:192:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	UserNameDesc.dsc$w_length = strlen(UserName);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:196:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	FileNameDesc.dsc$w_length = strlen(VmsName);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:340:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    Len = strlen(Name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:436:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (UnixEntry[strlen(UnixEntry) - 1] != '/')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:437:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(UnixEntry, "/");
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:440:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(DirEntry) > sizeof(dir.dirname) - 1)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:443:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    index = strlen(DirEntry) - 1;
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:452:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(dir.dirname) > sizeof(dir.dirname) - 10)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:473:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dirname_desc.dsc$w_length = strlen(Actual);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:492:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(dir.dirname) > sizeof(dir.dirname) - 10)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:499:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dir.dirname_desc.dsc$w_length = strlen(dir.dirname);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:540:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	entry.d_namlen = strlen(entry.d_name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:632:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(entry1->date) != 12 ||
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:633:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		strlen(entry2->date) != 12) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:786:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pathname[strlen(pathname) - 1] = '\0';
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:789:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	pathname[strlen(pathname)] = '/';
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:796:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pathend = strlen(pathname);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:828:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (header[strlen(header) - 1] != '/')
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:834:12:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		char c = fgetc(fp);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:972:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			      strlen(entry_info->filename));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMSUtils.c:978:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (((len = strlen(entry_info->filename)) > 2) &&
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:750:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    long typeSize = strlen(ptr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:1065:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    long typeSize = strlen(ptr);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisProt.c:2450:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    long serverLen = strlen(server);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:373:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    long length = strlen(headline) + 1;		/* include the trailing null */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:378:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = 0; i < strlen(headline); i++) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:385:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = strlen(headline) - 1; i > 0; i--) {
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:768:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t newScratchSize = (size_t) (strlen(scratch) +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:769:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						  strlen(ptr) + 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:773:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s_strncat(scratch, ptr, strlen(ptr) + 1, newScratchSize);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:788:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    scratch = (char *) s_malloc((size_t) strlen(ptr) + 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:790:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    s_strncat(scratch, ptr, strlen(ptr) + 1, strlen(ptr) + 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:790:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    s_strncat(scratch, ptr, strlen(ptr) + 1, strlen(ptr) + 2);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:792:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    size_t newScratchSize = (size_t) (strlen(ptr) +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:793:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						      strlen(query->ElementSetNames[i
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:801:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    s_strncat(scratch, ptr, strlen(ptr) + 1, newScratchSize);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:805:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t newScratchSize = (size_t) (strlen(scratch) +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:806:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						  strlen(ptr) +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:807:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						  strlen(esPtr) +
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:812:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s_strncat(scratch, ptr, strlen(ptr) + 1, newScratchSize);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:814:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		s_strncat(scratch, esPtr, strlen(esPtr) + 1, newScratchSize);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1062:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	length += strlen(diag->ADDINFO);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1380:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    a->size = strlen(s);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1417:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data->size = strlen(s);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:1452:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size += strlen(s);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2225:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(s);		/* length of string - terminator */
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2240:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t dstSize = strlen(dst);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTVMS_WaisUI.c:2241:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t srcSize = strlen(src);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWAIS.c:802:18:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    while ((c = getc(fp)) != EOF)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/HTWSRC.c:316:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	l = (int) strlen(shortname);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4392:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    SGML_write(me, str, (int) strlen(str));
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4757:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define Strcpy(a,b)	(strcpy((char*)a,(const char*)b),&a[strlen((const char*)a)])
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4950:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    euc = typeMallocn(unsigned char, strlen((const char *) arg) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/SGML.c:4973:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    euc = typeMallocn(unsigned char, strlen((const char *)arg) + 1);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/dtd_util.c:1202:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	tag->name_len = strlen(tag->name);
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:50:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define SOCKET_READ(s,b,l)	read(s,b,(size_t)(l))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:87:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define D_NAMLEN(dirent) strlen((dirent)->d_name)
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:359:62:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define SOCKET_READ(s,b,l)  ((s)>10 ? netread((s),(b),(l)) : read((s),(b),(l)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:372:77:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define SOCKET_READ(s,b,l) (cmu_get_sdc((s)) != 0 ? cmu_read((s),(b),(l)) : read((s),(b),(l)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:373:77:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define NETREAD(s,b,l)     (cmu_get_sdc((s)) != 0 ? HTDoRead((s),(b),(l)) : read((s),(b),(l)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:396:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				read((s),(b),(l)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:411:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                                read((s),(b),(l)))
data/lynx-2.9.0dev.6/WWW/Library/Implementation/www_tcp.h:413:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                                read((s),(b),(l)))
data/lynx-2.9.0dev.6/lib/dirent.c:166:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	      ((dp->_d_entry = malloc(strlen(s) + 1)) == NULL)) {
data/lynx-2.9.0dev.6/lib/dirent.c:210:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(int) strlen(dp.d_name);
data/lynx-2.9.0dev.6/src/GridText.c:831:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    POOLallocstring(have[need].hl_text, strlen(text) + 1);
data/lynx-2.9.0dev.6/src/GridText.c:906:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    LYSetHiText(a, s, (unsigned) strlen(s));
data/lynx-2.9.0dev.6/src/GridText.c:1751:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (tmp = typecallocn(unsigned char, (strlen(title) * 2 + 256)))) {
data/lynx-2.9.0dev.6/src/GridText.c:1800:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = limit - LYbarWidth - (int) strlen(percent) - LYstrCells(title);
data/lynx-2.9.0dev.6/src/GridText.c:1802:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = limit - LYbarWidth - (int) strlen(percent) - 3;
data/lynx-2.9.0dev.6/src/GridText.c:1812:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = (limit - 1) - (int) (strlen(percent) + strlen(title));
data/lynx-2.9.0dev.6/src/GridText.c:1812:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = (limit - 1) - (int) (strlen(percent) + strlen(title));
data/lynx-2.9.0dev.6/src/GridText.c:1822:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	last = (int) strlen(percent) + CHAR_WIDTH;
data/lynx-2.9.0dev.6/src/GridText.c:2191:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		size_t len = strlen(target);
data/lynx-2.9.0dev.6/src/GridText.c:2986:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	plen = (unsigned) strlen(p);
data/lynx-2.9.0dev.6/src/GridText.c:6016:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((unsigned) anchor_ptr->line_pos >= strlen(line_ptr->data)) {
data/lynx-2.9.0dev.6/src/GridText.c:6054:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hilite_len = (int) strlen(hilite_str);
data/lynx-2.9.0dev.6/src/GridText.c:6087:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		actual_len -= (int) strlen(hi_string);
data/lynx-2.9.0dev.6/src/GridText.c:6944:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    result += 1 + (int) strlen(line->data);
data/lynx-2.9.0dev.6/src/GridText.c:7097:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (*fname)[strlen(*fname) - strlen(suffix)] = '-';
data/lynx-2.9.0dev.6/src/GridText.c:7097:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (*fname)[strlen(*fname) - strlen(suffix)] = '-';
data/lynx-2.9.0dev.6/src/GridText.c:7957:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int result = (int) strlen(string);
data/lynx-2.9.0dev.6/src/GridText.c:8092:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    p->length = (int) strlen(p->value);
data/lynx-2.9.0dev.6/src/GridText.c:9838:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	cp = &value[strlen(value) - 1];
data/lynx-2.9.0dev.6/src/GridText.c:9957:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((tmp = typecallocn(unsigned char, strlen(cp) * 2 + 1)) != 0) {
data/lynx-2.9.0dev.6/src/GridText.c:10004:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int newlen = (int) strlen(new_ptr->name);
data/lynx-2.9.0dev.6/src/GridText.c:10006:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				? strlen(HTCurSelectedOptionValue)
data/lynx-2.9.0dev.6/src/GridText.c:10019:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int curlen = (int) strlen(new_ptr->name);
data/lynx-2.9.0dev.6/src/GridText.c:10021:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			  ? (int) strlen(HTCurSelectedOptionValue)
data/lynx-2.9.0dev.6/src/GridText.c:10050:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		(int) strlen(HTCurSelectedOptionValue);
data/lynx-2.9.0dev.6/src/GridText.c:10176:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((tmp = typecallocn(unsigned char, strlen(IValue) * 2 + 1)) != 0) {
data/lynx-2.9.0dev.6/src/GridText.c:10366:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    f->size = (int) strlen(f->value);
data/lynx-2.9.0dev.6/src/GridText.c:10373:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    f->size = (int) strlen(f->value);
data/lynx-2.9.0dev.6/src/GridText.c:10381:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    f->size = (int) strlen(f->value);
data/lynx-2.9.0dev.6/src/GridText.c:10454:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	adjust_marker = (int) strlen(marker);
data/lynx-2.9.0dev.6/src/GridText.c:10499:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		MaximumSize -= (int) strlen(marker);
data/lynx-2.9.0dev.6/src/GridText.c:10781:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t have = strlen(*Boundary);
data/lynx-2.9.0dev.6/src/GridText.c:10931:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	escaped2 = convert_to_base64(value, strlen(value));
data/lynx-2.9.0dev.6/src/GridText.c:12563:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    new_n = (int) strlen(s);
data/lynx-2.9.0dev.6/src/GridText.c:12613:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    pre_n = (int) strlen(p);	/* count of 1st part chars in this line */
data/lynx-2.9.0dev.6/src/GridText.c:12614:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    post_n = (int) strlen(ht->next->data);
data/lynx-2.9.0dev.6/src/GridText.c:12654:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			new_n = (int) strlen(lx);
data/lynx-2.9.0dev.6/src/GridText.c:12683:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    n = (int) strlen(ht->data);
data/lynx-2.9.0dev.6/src/GridText.c:12686:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(buf) > ht->size) {
data/lynx-2.9.0dev.6/src/GridText.c:12690:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	allocHTLine(temp, strlen(buf));
data/lynx-2.9.0dev.6/src/GridText.c:12707:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return ((int) strlen(buf) - n + fixup);
data/lynx-2.9.0dev.6/src/GridText.c:13125:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(lp);
data/lynx-2.9.0dev.6/src/GridText.c:13204:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(line, lp, (size_t) len);
data/lynx-2.9.0dev.6/src/GridText.c:13761:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(lp);
data/lynx-2.9.0dev.6/src/GridText.c:14183:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(hightext);
data/lynx-2.9.0dev.6/src/GridText.c:14638:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    redraw_part_of_line(todr1, text, (int) strlen(text), HTMainText);
data/lynx-2.9.0dev.6/src/GridText.c:14764:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUTS(buf)    (*target->isa->put_block)(target, buf, (int) strlen(buf))
data/lynx-2.9.0dev.6/src/HTAlert.c:195:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	sprintf(s + strlen(s), " %s", u);
data/lynx-2.9.0dev.6/src/HTAlert.c:214:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(s);
data/lynx-2.9.0dev.6/src/HTAlert.c:219:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(s);
data/lynx-2.9.0dev.6/src/HTAlert.c:224:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    s += strlen(s);
data/lynx-2.9.0dev.6/src/HTAlert.c:609:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((len1 = strlen(msg)) +
data/lynx-2.9.0dev.6/src/HTAlert.c:610:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(address) <= maxlen) {
data/lynx-2.9.0dev.6/src/HTAlert.c:614:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len1 + strlen(temp = HTParse(address, "",
data/lynx-2.9.0dev.6/src/HTAlert.c:623:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (title && (len1 + strlen(title) <= maxlen)) {
data/lynx-2.9.0dev.6/src/HTAlert.c:627:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len1 + strlen(temp = HTParse(address, "",
data/lynx-2.9.0dev.6/src/HTAlert.c:637:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len1 + strlen(temp) <= maxlen) {
data/lynx-2.9.0dev.6/src/HTAlert.c:894:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      -(int) strlen(server));
data/lynx-2.9.0dev.6/src/HTAlert.c:897:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	namelen = (int) strlen(name);
data/lynx-2.9.0dev.6/src/HTAlert.c:898:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	valuelen = (int) strlen(value);
data/lynx-2.9.0dev.6/src/HTFWriter.c:291:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if ((len = (int) strlen(path)) > 3 &&
data/lynx-2.9.0dev.6/src/HTFWriter.c:365:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    if (strlen(new_path + off) > 4)
data/lynx-2.9.0dev.6/src/HTFWriter.c:1257:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(temp, "-");	/* NAME-htm,  NAME-txt, etc. - hack for DOS */
data/lynx-2.9.0dev.6/src/HTFWriter.c:1259:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(temp, ".");	/* NAME.html, NAME-txt etc. */
data/lynx-2.9.0dev.6/src/HTFWriter.c:1263:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(temp, "-");	/* NAME.html-gz, NAME.txt-gz, NAME.txt-Z etc. */
data/lynx-2.9.0dev.6/src/HTFWriter.c:1265:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(temp, ".");	/* NAME-htm.gz (DOS), NAME.html.gz (UNIX)etc. */
data/lynx-2.9.0dev.6/src/HTFWriter.c:1425:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fab.fab$b_fns = (unsigned char) strlen(filename);
data/lynx-2.9.0dev.6/src/HTInit.c:274:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s2 = typeMallocn(char, strlen(s) * 2 + 1);	/* absolute max, if all % signs */
data/lynx-2.9.0dev.6/src/HTInit.c:383:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(LineBuf);
data/lynx-2.9.0dev.6/src/HTInit.c:384:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	need = len + strlen(rawentry) + 1;
data/lynx-2.9.0dev.6/src/HTInit.c:598:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t length = strlen(name);
data/lynx-2.9.0dev.6/src/HTInit.c:694:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t TmpFileLen = strlen(TmpFileName);
data/lynx-2.9.0dev.6/src/HTInit.c:1404:6:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	r = fgetc(f);
data/lynx-2.9.0dev.6/src/HTInit.c:1408:10:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	    r = fgetc(f);
data/lynx-2.9.0dev.6/src/HTML.c:756:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t offset = strlen(prefix);
data/lynx-2.9.0dev.6/src/HTML.c:1010:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		addClassName(".", class_name, strlen(class_name));
data/lynx-2.9.0dev.6/src/HTML.c:1023:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    addClassName(".", class_name, strlen(class_name));
data/lynx-2.9.0dev.6/src/HTML.c:1050:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    addClassName(".type.", type, strlen(type));
data/lynx-2.9.0dev.6/src/HTML.c:1926:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		value[HTML_HR_WIDTH][strlen(value[HTML_HR_WIDTH]) - 1] == '%') {
data/lynx-2.9.0dev.6/src/HTML.c:1931:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		percent[strlen(percent) - 1] = '\0';
data/lynx-2.9.0dev.6/src/HTML.c:5163:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    for (i = (int) strlen(marker); i < 5; ++i) {
data/lynx-2.9.0dev.6/src/HTML.c:6737:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cp = (data + strlen(data)) - 1;
data/lynx-2.9.0dev.6/src/HTML.c:6906:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    strlen(ptr) > 6) {
data/lynx-2.9.0dev.6/src/LYBookmark.c:285:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		BStrAlloc(tmp_data, MAX_LINE + 2 * (int) strlen(title));
data/lynx-2.9.0dev.6/src/LYBookmark.c:289:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		BStrAlloc(tmp_data, MAX_LINE + (int) strlen(title));
data/lynx-2.9.0dev.6/src/LYCgi.c:68:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUTS(buf)    (*target->isa->put_block)(target, buf, strlen(buf))
data/lynx-2.9.0dev.6/src/LYCgi.c:208:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (isEmpty(arg) || strlen(arg) <= 8) {
data/lynx-2.9.0dev.6/src/LYCgi.c:256:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    StrAllocCopy(path_info, pgm + strlen(pgm_buff));
data/lynx-2.9.0dev.6/src/LYCgi.c:487:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		while ((chars = read(fd2[0], buf, sizeof(buf))) != 0) {
data/lynx-2.9.0dev.6/src/LYCharUtils.c:97:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				   (strlen(*in_out)
data/lynx-2.9.0dev.6/src/LYCharUtils.c:231:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t length = strlen(source);
data/lynx-2.9.0dev.6/src/LYCharUtils.c:308:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = (int) strlen(str) - 1;
data/lynx-2.9.0dev.6/src/LYCharUtils.c:481:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (strlen(*href) == 19)
data/lynx-2.9.0dev.6/src/LYCharUtils.c:718:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "M");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:728:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "D");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:738:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "C");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:748:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "L");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:758:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "X");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:794:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, ".");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:844:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "m");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:854:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "d");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:864:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "c");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:874:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "l");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:884:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, "x");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:920:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(OLstring, ".");
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1199:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(p) + 16;
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1474:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen(pp);
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1931:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(name);
data/lynx-2.9.0dev.6/src/LYCharUtils.c:1941:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(string) < len)
data/lynx-2.9.0dev.6/src/LYCharUtils.c:2816:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		me->sp[0].tag_number == HTML_PRE && strlen(ptr) > 6) {
data/lynx-2.9.0dev.6/src/LYCharUtils.c:3318:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((len = strlen(p)) >= 8 && !strcmp(&p[len - 3], " --")) {
data/lynx-2.9.0dev.6/src/LYCharUtils.c:3364:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((len = strlen(p)) >= 4 && !strcmp(&p[len - 3], " --")) {
data/lynx-2.9.0dev.6/src/LYCharUtils.c:3396:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((tmp_buffer = (char *) malloc(strlen(src) + 1)) == 0)
data/lynx-2.9.0dev.6/src/LYCookie.c:298:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int value_len = (int) strlen(value);
data/lynx-2.9.0dev.6/src/LYCookie.c:299:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int suffix_len = (int) strlen(domain);
data/lynx-2.9.0dev.6/src/LYCookie.c:345:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(a);
data/lynx-2.9.0dev.6/src/LYCookie.c:596:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
data/lynx-2.9.0dev.6/src/LYCookie.c:596:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    ptr = ((hostname + strlen(hostname)) - strlen(co->domain));
data/lynx-2.9.0dev.6/src/LYCookie.c:1062:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *cookie_len += (int) strlen(cur_cookie->comment);
data/lynx-2.9.0dev.6/src/LYCookie.c:1084:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*cookie_len += (int) strlen(cur_cookie->commentURL);
data/lynx-2.9.0dev.6/src/LYCookie.c:1099:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *cookie_len -= (int) strlen(cur_cookie->domain);
data/lynx-2.9.0dev.6/src/LYCookie.c:1129:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *cookie_len += (int) strlen(cur_cookie->domain);
data/lynx-2.9.0dev.6/src/LYCookie.c:1140:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *cookie_len -= (int) strlen(cur_cookie->path);
data/lynx-2.9.0dev.6/src/LYCookie.c:1142:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *cookie_len += (cur_cookie->pathlen = (int) strlen(cur_cookie->path));
data/lynx-2.9.0dev.6/src/LYCookie.c:1164:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    *cookie_len += (int) strlen(cur_cookie->PortList);
data/lynx-2.9.0dev.6/src/LYCookie.c:1177:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*cookie_len += (int) strlen(cur_cookie->PortList);
data/lynx-2.9.0dev.6/src/LYCookie.c:1518:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (int) strlen(cur_cookie->name);
data/lynx-2.9.0dev.6/src/LYCookie.c:1520:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (int) strlen(cur_cookie->value);
data/lynx-2.9.0dev.6/src/LYCookie.c:1522:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (int) strlen(hostname);
data/lynx-2.9.0dev.6/src/LYCookie.c:1524:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (cur_cookie->pathlen = (int) strlen(cur_cookie->path));
data/lynx-2.9.0dev.6/src/LYCookie.c:1807:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (int) strlen(cur_cookie->name);
data/lynx-2.9.0dev.6/src/LYCookie.c:1809:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (int) strlen(cur_cookie->value);
data/lynx-2.9.0dev.6/src/LYCookie.c:1811:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (int) strlen(hostname);
data/lynx-2.9.0dev.6/src/LYCookie.c:1813:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		cookie_len += (cur_cookie->pathlen = (int) strlen(cur_cookie->path));
data/lynx-2.9.0dev.6/src/LYCookie.c:2067:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(buf, "\t");	/* add sep after line if enough space - kw */
data/lynx-2.9.0dev.6/src/LYCookie.c:2118:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    value[1] && value[strlen(value) - 1] == '"' &&
data/lynx-2.9.0dev.6/src/LYCookie.c:2119:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    value[strlen(value) - 2] != '\\') {
data/lynx-2.9.0dev.6/src/LYCookie.c:2120:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    value[strlen(value) - 1] = '\0';
data/lynx-2.9.0dev.6/src/LYCookie.c:2126:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	moo->pathlen = (int) strlen(moo->path);
data/lynx-2.9.0dev.6/src/LYCookie.c:2569:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUTS(buf)    (*target->isa->put_block)(target, buf, (int) strlen(buf))
data/lynx-2.9.0dev.6/src/LYCurses.c:1829:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(term) < 5) ||
data/lynx-2.9.0dev.6/src/LYCurses.c:1834:6:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	c = getchar();
data/lynx-2.9.0dev.6/src/LYCurses.c:1987:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = (int) strlen(the_string);
data/lynx-2.9.0dev.6/src/LYCurses.c:2259:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	used = ((len < 0) ? (int) strlen(string) : len);
data/lynx-2.9.0dev.6/src/LYCurses.c:2341:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return LYstrExtent2(string, (int) strlen(string));
data/lynx-2.9.0dev.6/src/LYCurses.c:2442:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(VerString) + 1;	/* Transmit ending 0 too */
data/lynx-2.9.0dev.6/src/LYCurses.c:2466:10:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		(void) getchar();
data/lynx-2.9.0dev.6/src/LYCurses.c:2760:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    command_desc.dsc$w_length = strlen(command);
data/lynx-2.9.0dev.6/src/LYCurses.h:491:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define LYaddstr(s)      LYwaddnstr(LYwin, s, strlen(s))
data/lynx-2.9.0dev.6/src/LYDownload.c:469:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t have = strlen(filename);
data/lynx-2.9.0dev.6/src/LYDownload.c:470:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t need = strlen(suffix);
data/lynx-2.9.0dev.6/src/LYEditmap.c:1703:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(comment, "");
data/lynx-2.9.0dev.6/src/LYEditmap.c:1831:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((need = (int) strlen(mp->name)) > width[0])
data/lynx-2.9.0dev.6/src/LYEditmap.c:1833:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if ((need = (int) strlen(mp->descr)) > width[1])
data/lynx-2.9.0dev.6/src/LYEditmap.c:1878:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
							  strlen(ranges)) : 0);
data/lynx-2.9.0dev.6/src/LYEditmap.c:1885:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			after += (int) strlen(value) + 2;
data/lynx-2.9.0dev.6/src/LYExtern.c:92:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t last = strlen(parameter);
data/lynx-2.9.0dev.6/src/LYExtern.c:189:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	last_pos = (int) strlen(host) - 1;
data/lynx-2.9.0dev.6/src/LYExtern.c:203:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(e_buff, p, sizeof(e_buff) - strlen(e_buff) - 1);
data/lynx-2.9.0dev.6/src/LYExtern.c:203:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strncat(e_buff, p, sizeof(e_buff) - strlen(e_buff) - 1);
data/lynx-2.9.0dev.6/src/LYExtern.c:374:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(cmdbuf);
data/lynx-2.9.0dev.6/src/LYForms.c:396:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(form->value) > form->maxlength) {
data/lynx-2.9.0dev.6/src/LYForms.c:401:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	link_value += (strlen(form->value) - form->maxlength);
data/lynx-2.9.0dev.6/src/LYForms.c:602:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen((const char *) s);
data/lynx-2.9.0dev.6/src/LYForms.c:816:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int old_len = (int) strlen(form->value);
data/lynx-2.9.0dev.6/src/LYForms.c:817:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int new_len = (int) strlen(link_value);
data/lynx-2.9.0dev.6/src/LYGetFile.c:144:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(temp) > 3) {
data/lynx-2.9.0dev.6/src/LYGetFile.c:204:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(helpfilepath))) ||
data/lynx-2.9.0dev.6/src/LYGetFile.c:207:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(lynxlistfile))) ||
data/lynx-2.9.0dev.6/src/LYGetFile.c:210:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(lynxlinksfile))) ||
data/lynx-2.9.0dev.6/src/LYGetFile.c:213:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(lynxjumpfile))))) {
data/lynx-2.9.0dev.6/src/LYGetFile.c:228:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			       strlen(startrealm)) ||
data/lynx-2.9.0dev.6/src/LYGetFile.c:255:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				    strlen(helpfilepath)) ||
data/lynx-2.9.0dev.6/src/LYGetFile.c:258:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(lynxlistfile))) ||
data/lynx-2.9.0dev.6/src/LYGetFile.c:261:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				     strlen(lynxjumpfile))))) {
data/lynx-2.9.0dev.6/src/LYGetFile.c:469:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    == (int) strlen(doc->address) - 1)
data/lynx-2.9.0dev.6/src/LYGetFile.c:470:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    doc->address[strlen(doc->address) - 1] = '\0';
data/lynx-2.9.0dev.6/src/LYGetFile.c:734:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    tmp[strlen(tmp) - 4] = ':';
data/lynx-2.9.0dev.6/src/LYGetFile.c:736:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(cp + 7) > 1)
data/lynx-2.9.0dev.6/src/LYGetFile.c:1455:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (STRNADDRCOMP(source, tp->src, strlen(tp->src)) == 0 &&
data/lynx-2.9.0dev.6/src/LYGetFile.c:1456:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		STRNADDRCOMP(command, tp->path, strlen(tp->path)) == 0)
data/lynx-2.9.0dev.6/src/LYGetFile.c:1488:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	LYIsHtmlSep(doc->address[strlen(doc->address) - 1])) {
data/lynx-2.9.0dev.6/src/LYGetFile.c:1523:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    second = first + strlen(first);
data/lynx-2.9.0dev.6/src/LYHash.c:90:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	get_buffer(strlen(string));
data/lynx-2.9.0dev.6/src/LYHash.c:105:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	get_buffer(strlen(p) + strlen(q) + strlen(r));
data/lynx-2.9.0dev.6/src/LYHash.c:105:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	get_buffer(strlen(p) + strlen(q) + strlen(r));
data/lynx-2.9.0dev.6/src/LYHash.c:105:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	get_buffer(strlen(p) + strlen(q) + strlen(r));
data/lynx-2.9.0dev.6/src/LYHistory.c:246:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (ulen = strlen(docurl)) <= strlen(HTML_SUFFIX) ||
data/lynx-2.9.0dev.6/src/LYHistory.c:246:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (ulen = strlen(docurl)) <= strlen(HTML_SUFFIX) ||
data/lynx-2.9.0dev.6/src/LYHistory.c:247:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    strcmp(docurl + ulen - strlen(HTML_SUFFIX), HTML_SUFFIX) != 0) {
data/lynx-2.9.0dev.6/src/LYHistory.c:734:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(newdoc->address) < 10 || !isdigit(UCH(*(newdoc->address + 9))))
data/lynx-2.9.0dev.6/src/LYHistory.c:1108:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUTS(buf)    (*target->isa->put_block)(target, buf, (int) strlen(buf))
data/lynx-2.9.0dev.6/src/LYJump.c:170:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (jtp->msg[strlen(jtp->msg) - 1] != ' ')	/* ensure a trailing space */
data/lynx-2.9.0dev.6/src/LYJump.c:215:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(jtp->shortcut) > len) {
data/lynx-2.9.0dev.6/src/LYJump.c:418:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	if (read(fd, mp, (size_t) st.st_size) != st.st_size) {
data/lynx-2.9.0dev.6/src/LYJump.c:435:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    while (fgets(mp + strlen(mp), blocksize, fp) != NULL) {
data/lynx-2.9.0dev.6/src/LYKeymap.c:20:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUTS(buf)    (*target->isa->put_block)(target, buf, (int) strlen(buf))
data/lynx-2.9.0dev.6/src/LYKeymap.c:728:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t need = strlen(name);
data/lynx-2.9.0dev.6/src/LYKeymap.c:795:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(src);
data/lynx-2.9.0dev.6/src/LYKeymap.c:858:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    adj += (int) strlen(dst) - 1;
data/lynx-2.9.0dev.6/src/LYKeymap.c:859:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    dst += (int) strlen(dst);
data/lynx-2.9.0dev.6/src/LYKeymap.c:960:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(src) == 1) {
data/lynx-2.9.0dev.6/src/LYKeymap.c:962:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(src) == 2 && *src == '^') {
data/lynx-2.9.0dev.6/src/LYKeymap.c:964:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (strlen(src) >= 2 && isdigit(UCH(*src))) {
data/lynx-2.9.0dev.6/src/LYKeymap.c:1254:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (fmt_first && strlen(fmt_first) == 1 && *fmt_first != '\'') {
data/lynx-2.9.0dev.6/src/LYKeymap.c:1274:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		  (((strlen(fmt_second) > 2 && *fmt_second != '<') ||
data/lynx-2.9.0dev.6/src/LYKeymap.c:1275:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (strlen(buf) > 2 && buf[strlen(buf) - 1] != '>'))
data/lynx-2.9.0dev.6/src/LYKeymap.c:1275:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    (strlen(buf) > 2 && buf[strlen(buf) - 1] != '>'))
data/lynx-2.9.0dev.6/src/LYKeymap.c:1492:4:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
			strcpy(comment, "");
data/lynx-2.9.0dev.6/src/LYLeaks.c:751:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t length = strlen(source) + 1;
data/lynx-2.9.0dev.6/src/LYLeaks.c:780:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *dest = (char *) LYLeakMalloc(strlen(src) + 1, cp_File, ssi_Line);
data/lynx-2.9.0dev.6/src/LYLeaks.c:805:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t length = strlen(*dest);
data/lynx-2.9.0dev.6/src/LYLeaks.c:808:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
					   (length + strlen(src) + 1),
data/lynx-2.9.0dev.6/src/LYLeaks.c:815:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    *dest = (char *) LYLeakMalloc((strlen(src) + 1),
data/lynx-2.9.0dev.6/src/LYLeaks.c:898:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    LYLeakSABCopy(dest, src, (int) strlen(src), cp_File, ssi_Line);
data/lynx-2.9.0dev.6/src/LYLeaks.c:953:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    LYLeakSABCat(dest, src, (int) strlen(src), cp_File, ssi_Line);
data/lynx-2.9.0dev.6/src/LYLeaks.c:1039:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	LYLeak_mark_malloced(*dest, strlen(*dest) + 1, cp_File, ssi_Line);
data/lynx-2.9.0dev.6/src/LYLeaks.c:1087:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    LYLeak_mark_malloced(*dest, strlen(*dest) + 1, cp_File, ssi_Line);
data/lynx-2.9.0dev.6/src/LYLeaks.c:1090:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		mark_realloced(ALp_old, *dest, strlen(*dest) + 1, cp_File, ssi_Line);
data/lynx-2.9.0dev.6/src/LYLeaks.c:1113:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	inuse = strlen(*pstr);
data/lynx-2.9.0dev.6/src/LYLocal.c:304:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(name);
data/lynx-2.9.0dev.6/src/LYLocal.c:317:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
		    strcpy(temp + len, ".");
data/lynx-2.9.0dev.6/src/LYLocal.c:369:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(src) >= DIRED_MAXBUF) {
data/lynx-2.9.0dev.6/src/LYLocal.c:921:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    } else if (strlen(tmpbuf->str)) {
data/lynx-2.9.0dev.6/src/LYLocal.c:980:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(tmpbuf->str)) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1069:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) >= DIRED_MAXBUF) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1117:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strlen(tmpbuf->str) &&
data/lynx-2.9.0dev.6/src/LYLocal.c:1154:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (strlen(tmpbuf->str) &&
data/lynx-2.9.0dev.6/src/LYLocal.c:1184:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(cp) >= DIRED_MAXBUF) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1231:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) < 37) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1240:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) < 60) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1247:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) < 50) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1291:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(tp) >= DIRED_MAXBUF) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1298:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((i = (int) strlen(testpath)) && testpath[i - 1] == '/')
data/lynx-2.9.0dev.6/src/LYLocal.c:1495:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(destpath) >= LY_MAXPATH) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1683:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    } else if (strlen(dot) == 1) {
data/lynx-2.9.0dev.6/src/LYLocal.c:1700:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(prefix);
data/lynx-2.9.0dev.6/src/LYLocal.c:2014:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((int) strlen(buffer) < LYcolLimit - 14) {
data/lynx-2.9.0dev.6/src/LYLocal.c:2096:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(path)) {
data/lynx-2.9.0dev.6/src/LYLocal.c:2165:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (strlen(path) < strlen(my_suffix) ||
data/lynx-2.9.0dev.6/src/LYLocal.c:2165:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (strlen(path) < strlen(my_suffix) ||
data/lynx-2.9.0dev.6/src/LYLocal.c:2166:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	     strcmp(my_suffix, &path[(strlen(path) - strlen(my_suffix))]) != 0))
data/lynx-2.9.0dev.6/src/LYLocal.c:2166:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	     strcmp(my_suffix, &path[(strlen(path) - strlen(my_suffix))]) != 0))
data/lynx-2.9.0dev.6/src/LYLocal.c:2423:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	} else if (!StrNCmp(savepath, destpath, strlen(destpath)) &&
data/lynx-2.9.0dev.6/src/LYLocal.c:2424:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   LYIsPathSep(savepath[strlen(destpath)]) &&
data/lynx-2.9.0dev.6/src/LYLocal.c:2425:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		   LYLastPathSep(savepath + strlen(destpath) + 1) == 0) {
data/lynx-2.9.0dev.6/src/LYLocal.c:2454:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    } else if (!StrNCmp(args[src], destpath, strlen(destpath)) &&
data/lynx-2.9.0dev.6/src/LYLocal.c:2455:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		       LYIsPathSep(args[src][strlen(destpath)]) &&
data/lynx-2.9.0dev.6/src/LYLocal.c:2456:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		       LYLastPathSep(args[src] + strlen(destpath) + 1) == 0) {
data/lynx-2.9.0dev.6/src/LYMail.c:89:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(keyword);
data/lynx-2.9.0dev.6/src/LYMail.c:121:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(keyword);
data/lynx-2.9.0dev.6/src/LYMail.c:155:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(keyword);
data/lynx-2.9.0dev.6/src/LYMail.c:183:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = (int) strlen(cp0);
data/lynx-2.9.0dev.6/src/LYMail.c:187:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = (int) strlen(&cp0[i]);
data/lynx-2.9.0dev.6/src/LYMail.c:193:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = (int) strlen(cp0);
data/lynx-2.9.0dev.6/src/LYMail.c:197:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = (int) strlen(&cp0[i]);
data/lynx-2.9.0dev.6/src/LYMail.c:222:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (address[(strlen(address) - 1)] == ',')
data/lynx-2.9.0dev.6/src/LYMail.c:223:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	address[(strlen(address) - 1)] = '\0';
data/lynx-2.9.0dev.6/src/LYMail.c:320:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *result = malloc(strlen(option) + 4 + 4 * strlen(value));
data/lynx-2.9.0dev.6/src/LYMail.c:320:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char *result = malloc(strlen(option) + 4 + 4 * strlen(value));
data/lynx-2.9.0dev.6/src/LYMail.c:325:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	working += strlen(working);
data/lynx-2.9.0dev.6/src/LYMail.c:472:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(address_ptr1) > 3) {
data/lynx-2.9.0dev.6/src/LYMail.c:790:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(subject) > MAX_SUBJECT)
data/lynx-2.9.0dev.6/src/LYMail.c:816:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(mailto_content);
data/lynx-2.9.0dev.6/src/LYMail.c:821:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = (int) strlen(&mailto_content[i]);
data/lynx-2.9.0dev.6/src/LYMail.c:827:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(mailto_content);
data/lynx-2.9.0dev.6/src/LYMail.c:832:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(&mailto_content[i]);
data/lynx-2.9.0dev.6/src/LYMain.c:1309:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(lynx_temp_space) == 1) {
data/lynx-2.9.0dev.6/src/LYMain.c:1445:2:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	strlen(ANONYMOUS_USER) > 0 &&
data/lynx-2.9.0dev.6/src/LYMain.c:1690:9:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (fgetc(stdin) != EOF) {
data/lynx-2.9.0dev.6/src/LYMain.c:1826:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(lynx_save_space) == 1) {
data/lynx-2.9.0dev.6/src/LYMain.c:2507:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	memset(next_arg, ' ', strlen(next_arg));	/* Let's not show too much */
data/lynx-2.9.0dev.6/src/LYMain.c:3158:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		column += (unsigned) (5 + strlen(name) + strlen(value));
data/lynx-2.9.0dev.6/src/LYMain.c:3158:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		column += (unsigned) (5 + strlen(name) + strlen(value));
data/lynx-2.9.0dev.6/src/LYMain.c:4086:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pad = field_width - (2 + option + (int) strlen(name));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:668:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    strlen(table[n].name))) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:728:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = (int) strlen((*user_input)->str);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:883:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    cx += (int) strlen(text) / 2;
data/lynx-2.9.0dev.6/src/LYMainLoop.c:924:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strlen(traversal_host));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:928:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
						strlen(traversal_host));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:1010:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!StrNCmp(base, text, strlen(base))) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:1283:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			       strlen(helpfilepath)))) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:1846:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (LYIsTilde(*temp) && strlen(temp) > 1) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:2050:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		     lynx_temp_space, strlen(lynx_temp_space))) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:2385:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*follow_col += (int) strlen(text) / 2;
data/lynx-2.9.0dev.6/src/LYMainLoop.c:3531:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	result = malloc(strlen(str) * 3 + 1);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:3593:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    int fill_in = (int) strlen(encoded) - 2;
data/lynx-2.9.0dev.6/src/LYMainLoop.c:3594:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t have = strlen(result);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:3595:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t want = strlen(encoded) + have - 1;
data/lynx-2.9.0dev.6/src/LYMainLoop.c:4893:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		*follow_col += (int) strlen(text) / 2;
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6112:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    len = (unsigned) strlen(name);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6115:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(temp) > len)
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6118:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(temp) > len)
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6427:4:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			strlen(temp) > 1) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6686:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(links[curdoc.link].lname) == 0) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6729:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(p) < ((sizeof(sjis_buff) / 2) - 1)) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:6739:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(curdoc.address) < sizeof(temp_buff) - 1) {
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7256:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len2 = (int) strlen((const char *) s);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:7964:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    LYmove(LYlines - 1, LYcolLimit - (int) strlen(indx));
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8128:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	prefix = (int) strlen(format);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8135:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    prefix = (int) strlen(format);
data/lynx-2.9.0dev.6/src/LYMainLoop.c:8136:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = (int) strlen(curlink_name);
data/lynx-2.9.0dev.6/src/LYMap.c:549:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define PUTS(buf)    (*target->isa->put_block)(target, buf, (int) strlen(buf))
data/lynx-2.9.0dev.6/src/LYMap.c:610:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t only_len = strlen(only);
data/lynx-2.9.0dev.6/src/LYNews.c:240:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(user_input);
data/lynx-2.9.0dev.6/src/LYNews.c:376:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (!nonempty && strlen(user_input))
data/lynx-2.9.0dev.6/src/LYOptions.c:1585:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int len = (int) strlen(choices[n]);
data/lynx-2.9.0dev.6/src/LYOptions.c:1599:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(choice);
data/lynx-2.9.0dev.6/src/LYOptions.c:2683:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    len = strlen(q[count].value);
data/lynx-2.9.0dev.6/src/LYOptions.c:2726:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	unsigned len = (unsigned) strlen(portion);
data/lynx-2.9.0dev.6/src/LYOptions.c:3589:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int have = (int) strlen(name);
data/lynx-2.9.0dev.6/src/LYOptions.c:3917:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(LYchar_set_names[i]);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:142:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		      : strlen(source));
data/lynx-2.9.0dev.6/src/LYReadCFG.c:176:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    ? (source + strlen(source))
data/lynx-2.9.0dev.6/src/LYReadCFG.c:318:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	 && !strncasecomp(ptr->name, name, (int) strlen(ptr->name))
data/lynx-2.9.0dev.6/src/LYReadCFG.c:980:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(value) < 3)
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1097:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(value) < 3)
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1108:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(strlen(viewer) > 1) && *(environment - 1) != '\\') {
data/lynx-2.9.0dev.6/src/LYReadCFG.c:1172:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(p);
data/lynx-2.9.0dev.6/src/LYReadCFG.c:2087:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!cfg_filename || strlen(cfg_filename) == 0) {
data/lynx-2.9.0dev.6/src/LYReadCFG.c:2206:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    p1 += strlen(sep);
data/lynx-2.9.0dev.6/src/LYSearch.c:38:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		memset(stars, '*', strlen(stars));
data/lynx-2.9.0dev.6/src/LYSearch.c:192:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen((*prev_target)->str) == 0) {
data/lynx-2.9.0dev.6/src/LYSearch.c:213:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen((*prev_target)->str) == 0 &&
data/lynx-2.9.0dev.6/src/LYShowInfo.c:80:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    have = (int) strlen(the_label);
data/lynx-2.9.0dev.6/src/LYShowInfo.c:178:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int next_to_last = (int) strlen(links[doc->link].lname) - 1;
data/lynx-2.9.0dev.6/src/LYStrings.c:325:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(base);
data/lynx-2.9.0dev.6/src/LYStrings.c:590:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(source);
data/lynx-2.9.0dev.6/src/LYStrings.c:827:19:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define GetChar() getchar()	/* used to be "getc(stdin)" and "getch()" */
data/lynx-2.9.0dev.6/src/LYStrings.c:1011:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (*result) += strlen(*result);
data/lynx-2.9.0dev.6/src/LYStrings.c:1081:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(void) expand_tiname(name, strlen(name), result, final);
data/lynx-2.9.0dev.6/src/LYStrings.c:1109:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    s = first + strlen(first);
data/lynx-2.9.0dev.6/src/LYStrings.c:1139:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(parse);
data/lynx-2.9.0dev.6/src/LYStrings.c:1147:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(buf) == 1)
data/lynx-2.9.0dev.6/src/LYStrings.c:1166:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (expand_substring(target, source + 1, source + strlen(source) - 1, final))
data/lynx-2.9.0dev.6/src/LYStrings.c:1220:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t len = strlen(str);
data/lynx-2.9.0dev.6/src/LYStrings.c:1239:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(buf) <= 1)
data/lynx-2.9.0dev.6/src/LYStrings.c:1446:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t len = strlen(table[n].name);
data/lynx-2.9.0dev.6/src/LYStrings.c:1448:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(s) > len && !StrNCmp(s, table[n].name, len)
data/lynx-2.9.0dev.6/src/LYStrings.c:1819:6:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	c = getchar();
data/lynx-2.9.0dev.6/src/LYStrings.c:2807:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t i = strlen(buffer);
data/lynx-2.9.0dev.6/src/LYStrings.c:2819:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t i = strlen(buffer);
data/lynx-2.9.0dev.6/src/LYStrings.c:2836:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(buff);
data/lynx-2.9.0dev.6/src/LYStrings.c:2991:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	buffer_limit = (unsigned) strlen(old_value) + 1;
data/lynx-2.9.0dev.6/src/LYStrings.c:3005:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EditAt = (int) strlen(old_value);
data/lynx-2.9.0dev.6/src/LYStrings.c:3013:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    BufInUse = strlen(old_value);
data/lynx-2.9.0dev.6/src/LYStrings.c:3130:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(s);
data/lynx-2.9.0dev.6/src/LYStrings.c:3176:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = (int) strlen(Buffer);
data/lynx-2.9.0dev.6/src/LYStrings.c:3213:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			l = (int) strlen(utfbuf);
data/lynx-2.9.0dev.6/src/LYStrings.c:3302:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    BufInUse = strlen(&Buffer[0]);
data/lynx-2.9.0dev.6/src/LYStrings.c:3606:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    BufInUse = strlen(&Buffer[0]);
data/lynx-2.9.0dev.6/src/LYStrings.c:3771:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    BufInUse = strlen(&Buffer[0]);
data/lynx-2.9.0dev.6/src/LYStrings.c:4079:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	check = (int) strlen(*list++);
data/lynx-2.9.0dev.6/src/LYStrings.c:4265:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	Lnum = (int) strlen(Cnum);
data/lynx-2.9.0dev.6/src/LYStrings.c:5287:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		len = strlen((const char *) s);
data/lynx-2.9.0dev.6/src/LYStrings.c:5428:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    phelp += strlen(helpbuf);
data/lynx-2.9.0dev.6/src/LYStrings.c:5432:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    (strlen(source) <= available)) {
data/lynx-2.9.0dev.6/src/LYStrings.c:5479:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    char *extra = (char *) malloc(2 + strlen(src));
data/lynx-2.9.0dev.6/src/LYStrings.c:5547:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = (int) strlen(needle);
data/lynx-2.9.0dev.6/src/LYStrings.c:5968:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    size_t length = strlen(*target);
data/lynx-2.9.0dev.6/src/LYStyle.c:159:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		next = temp_attrs + strlen(temp_attrs);
data/lynx-2.9.0dev.6/src/LYStyle.c:668:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	else if (buffer[0] != '#' && strlen(buffer) != 0)
data/lynx-2.9.0dev.6/src/LYTraversal.c:161:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = strlen(buffer);
data/lynx-2.9.0dev.6/src/LYUtils.c:380:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(data + 1) < utf_extra) {
data/lynx-2.9.0dev.6/src/LYUtils.c:527:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int tlen = (int) strlen(target);
data/lynx-2.9.0dev.6/src/LYUtils.c:542:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hlen = (int) strlen(buffer);
data/lynx-2.9.0dev.6/src/LYUtils.c:969:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			len = (int) strlen(data);
data/lynx-2.9.0dev.6/src/LYUtils.c:1365:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    i = (int) strlen(dirname) - 1;
data/lynx-2.9.0dev.6/src/LYUtils.c:1376:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int length = (int) strlen(buffer);
data/lynx-2.9.0dev.6/src/LYUtils.c:1381:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(buffer, " ");
data/lynx-2.9.0dev.6/src/LYUtils.c:1437:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((temp = typecallocn(unsigned char, strlen(text_buff) + 1)) == NULL)
data/lynx-2.9.0dev.6/src/LYUtils.c:1491:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(text_buff);
data/lynx-2.9.0dev.6/src/LYUtils.c:2040:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(path) == 3
data/lynx-2.9.0dev.6/src/LYUtils.c:2045:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return (BOOL) ((strlen(path) == 1) && LYIsPathSep(path[0]));
data/lynx-2.9.0dev.6/src/LYUtils.c:2334:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	limit = (int) strlen(cp);
data/lynx-2.9.0dev.6/src/LYUtils.c:2529:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			if (strlen(cp) >= 11
data/lynx-2.9.0dev.6/src/LYUtils.c:2952:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t ulen = strlen(mytty);
data/lynx-2.9.0dev.6/src/LYUtils.c:2969:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (ulen > strlen(LYLocalDomain) &&
data/lynx-2.9.0dev.6/src/LYUtils.c:2971:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			me.ut_host + ulen - strlen(LYLocalDomain),
data/lynx-2.9.0dev.6/src/LYUtils.c:3239:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    end = fname + strlen(fname);
data/lynx-2.9.0dev.6/src/LYUtils.c:3255:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!StrNCmp(fname, temp, strlen(temp))) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3257:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(cp) > (strlen(temp) - 4))
data/lynx-2.9.0dev.6/src/LYUtils.c:3257:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(cp) > (strlen(temp) - 4))
data/lynx-2.9.0dev.6/src/LYUtils.c:3265:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (fname[strlen(fname) - 1] == '/')
data/lynx-2.9.0dev.6/src/LYUtils.c:3271:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fname[strlen(fname) - 1] = '\0';
data/lynx-2.9.0dev.6/src/LYUtils.c:3276:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((cp = strrchr(fname, '/')) != NULL && strlen(cp) > 1) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3288:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((cp = strrchr(fname, '=')) != NULL && strlen(cp) > 1) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3315:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	(cp1 = strrchr(cp, ']')) != NULL && strlen(cp1) > 1) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3325:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dot = fname + strlen(fname);
data/lynx-2.9.0dev.6/src/LYUtils.c:3365:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dot = fname + (strlen(fname));
data/lynx-2.9.0dev.6/src/LYUtils.c:3380:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = fname + (strlen(fname)) - 1;
data/lynx-2.9.0dev.6/src/LYUtils.c:3385:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	dot = fname + (strlen(fname));
data/lynx-2.9.0dev.6/src/LYUtils.c:3403:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    j = strlen(fname) - 1;
data/lynx-2.9.0dev.6/src/LYUtils.c:3435:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		j = strlen(fname);
data/lynx-2.9.0dev.6/src/LYUtils.c:3456:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((fname + strlen(fname) - dot) > 39) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3463:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	j = (strlen(fname) - 1);
data/lynx-2.9.0dev.6/src/LYUtils.c:3472:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(fname) > 39) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3475:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	j = (strlen(fname) - 1);
data/lynx-2.9.0dev.6/src/LYUtils.c:3502:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp = fname + strlen(fname);
data/lynx-2.9.0dev.6/src/LYUtils.c:3584:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(leaf) > 8)
data/lynx-2.9.0dev.6/src/LYUtils.c:3586:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(suffix) > 4 || *suffix != '.') {
data/lynx-2.9.0dev.6/src/LYUtils.c:3590:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    tail = suffix + strlen(suffix);
data/lynx-2.9.0dev.6/src/LYUtils.c:3601:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(prefix) + strlen(leaf)) < LY_MAXPATH) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3601:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ((strlen(prefix) + strlen(leaf)) < LY_MAXPATH) {
data/lynx-2.9.0dev.6/src/LYUtils.c:3823:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	len = (int) strlen(name);
data/lynx-2.9.0dev.6/src/LYUtils.c:3983:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    uilist[0].buffer_length = strlen(user);
data/lynx-2.9.0dev.6/src/LYUtils.c:4288:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    StartP = ((prefix_list && Str[strlen(Str) - 1] != '.')
data/lynx-2.9.0dev.6/src/LYUtils.c:4337:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (Host[strlen(Host) - 1] == '.') {
data/lynx-2.9.0dev.6/src/LYUtils.c:4338:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		Host[strlen(Host) - 1] = '\0';
data/lynx-2.9.0dev.6/src/LYUtils.c:4517:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	url_file_dsc.dsc$w_length = (short) strlen(url_file);
data/lynx-2.9.0dev.6/src/LYUtils.c:4632:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(old_string) == 1 && *old_string == '.') {
data/lynx-2.9.0dev.6/src/LYUtils.c:4683:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (strlen(temp) == 2 && LYIsDosDrive(temp))
data/lynx-2.9.0dev.6/src/LYUtils.c:4804:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    if (strlen(q) == 3 && LYIsDosDrive(q)) {
data/lynx-2.9.0dev.6/src/LYUtils.c:4954:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    TerminalSlash = (BOOL) (LYIsPathSep(path[(strlen(path) - 1)]));
data/lynx-2.9.0dev.6/src/LYUtils.c:5049:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lname.dsc$w_length = strlen(LogicalName);
data/lynx-2.9.0dev.6/src/LYUtils.c:5057:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    lvalue.dsc$w_length = strlen(LogicalValue);
data/lynx-2.9.0dev.6/src/LYUtils.c:5081:2:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
	strcpy(pathname, ".");
data/lynx-2.9.0dev.6/src/LYUtils.c:5230:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (leaf = 0, n = (int) strlen(pathname) - 1; n >= 0; n--) {
data/lynx-2.9.0dev.6/src/LYUtils.c:5382:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	|| LYIsPathSep(cp[(strlen(cp) - 1)])
data/lynx-2.9.0dev.6/src/LYUtils.c:5399:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) > (fbuffer_size - 3))
data/lynx-2.9.0dev.6/src/LYUtils.c:5403:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(cp) > (fbuffer_size - 1))
data/lynx-2.9.0dev.6/src/LYUtils.c:5565:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) fbuffer_size - ((int) strlen(home) + 1);
data/lynx-2.9.0dev.6/src/LYUtils.c:5584:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (home[strlen(home) - 1] == ']') {
data/lynx-2.9.0dev.6/src/LYUtils.c:5687:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size = strlen(string);
data/lynx-2.9.0dev.6/src/LYUtils.c:5913:16:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	mode_t save = umask(HIDE_UMASK);
data/lynx-2.9.0dev.6/src/LYUtils.c:5917:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	(void) umask(save);
data/lynx-2.9.0dev.6/src/LYUtils.c:5991:16:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	mode_t save = umask(HIDE_UMASK);
data/lynx-2.9.0dev.6/src/LYUtils.c:5994:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	(void) umask(save);
data/lynx-2.9.0dev.6/src/LYUtils.c:6084:24:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	    mode_t old_mask = umask(HIDE_UMASK);
data/lynx-2.9.0dev.6/src/LYUtils.c:6091:13:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
	    (void) umask(old_mask);
data/lynx-2.9.0dev.6/src/LYUtils.c:6547:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			   (!StrNCmp(ly_uip[i].url, url, (l = strlen(ly_uip[i].url)))
data/lynx-2.9.0dev.6/src/LYUtils.c:6557:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			    ? (!StrNCmp(p, url, (l = strlen(p))) &&
data/lynx-2.9.0dev.6/src/LYUtils.c:6924:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (len = strlen(path)) != 0
data/lynx-2.9.0dev.6/src/LYUtils.c:6940:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (len = strlen(temp)) != 0
data/lynx-2.9.0dev.6/src/LYUtils.c:6955:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (len = strlen(path)) != 0
data/lynx-2.9.0dev.6/src/LYUtils.c:6987:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (len = strlen(path)) != 0
data/lynx-2.9.0dev.6/src/LYUtils.c:7003:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (len = strlen(temp)) != 0
data/lynx-2.9.0dev.6/src/LYUtils.c:7018:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	&& (len = strlen(path)) != 0
data/lynx-2.9.0dev.6/src/LYUtils.c:7021:2:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	strcat(path, "/");
data/lynx-2.9.0dev.6/src/LYUtils.c:7479:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int sz = strlen(s) + 1;
data/lynx-2.9.0dev.6/src/LYUtils.c:7544:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sz = strlen(ClipData);
data/lynx-2.9.0dev.6/src/LYUtils.c:7630:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t l = strlen(s), res;
data/lynx-2.9.0dev.6/src/LYUtils.c:7660:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000 * msec);
data/lynx-2.9.0dev.6/src/LYUtils.c:7685:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(szBuffer);
data/lynx-2.9.0dev.6/src/LYUtils.c:8007:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = (int) strlen(fname);
data/lynx-2.9.0dev.6/src/LYmktime.c:27:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(src);
data/lynx-2.9.0dev.6/src/LYmktime.c:243:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(temp, start, 2);
data/lynx-2.9.0dev.6/src/LYrcFile.c:207:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unsigned len = (unsigned) strlen(name);
data/lynx-2.9.0dev.6/src/LYrcFile.c:721:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (!strncasecomp(name, special, (int) strlen(special))) {
data/lynx-2.9.0dev.6/src/LYrcFile.c:788:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    notes = value + strlen(value);
data/lynx-2.9.0dev.6/src/UCAuto.c:200:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	IGNORE_RC(write(fd, p, strlen(p)));
data/lynx-2.9.0dev.6/src/UCAuto.c:338:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((nlen = strlen(old_font) + 1) < LY_MAXPATH)
data/lynx-2.9.0dev.6/src/UCAuto.c:341:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if ((nlen = strlen(old_umap) + 1) < LY_MAXPATH)
data/lynx-2.9.0dev.6/src/UCAuto.c:406:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (strlen(name) <= 10 || !isdigit(UCH(name[10])))
data/lynx-2.9.0dev.6/src/UCAuto.c:594:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(name), source = 1;
data/lynx-2.9.0dev.6/src/UCdomap.c:931:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:993:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:1000:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:1008:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:1432:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:1445:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/UCdomap.c:1453:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    return (int) strlen(outbuf);
data/lynx-2.9.0dev.6/src/Xsystem.c:113:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = (int) strlen(s);
data/lynx-2.9.0dev.6/src/Xsystem.c:123:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	lc = (int) strlen(cmdtab[i]);
data/lynx-2.9.0dev.6/src/Xsystem.c:330:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmd_len = (int) strlen(p->cmd);
data/lynx-2.9.0dev.6/src/Xsystem.c:397:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	LYStrNCpy(tplate, ev, sizeof(tplate) - 2 - strlen(tp));
data/lynx-2.9.0dev.6/src/Xsystem.c:398:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	i = (int) strlen(ev);
data/lynx-2.9.0dev.6/src/Xsystem.c:400:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(tplate, "\\");
data/lynx-2.9.0dev.6/src/Xsystem.c:492:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    cmdline = xmalloc(strlen(p->cmd) + strlen(p->arg) + 10);
data/lynx-2.9.0dev.6/src/Xsystem.c:492:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    cmdline = xmalloc(strlen(p->cmd) + strlen(p->arg) + 10);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:344:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if ((outname = (char *) malloc(strlen(tblname) + 3)) != 0) {
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:348:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    p = outname + strlen(outname);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:481:6:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    sscanf(p, "%40s", this_MIMEcharset);
data/lynx-2.9.0dev.6/src/chrtrans/makeuctb.c:564:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    tbuf = (char *) malloc(5 * strlen(p));
data/lynx-2.9.0dev.6/src/tidy_tls.c:635:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int need = (int) strlen(tag) + 2;
data/lynx-2.9.0dev.6/src/tidy_tls.c:637:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	target += strlen(target);
data/lynx-2.9.0dev.6/src/tidy_tls.c:639:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(target, "/");
data/lynx-2.9.0dev.6/src/tidy_tls.c:641:6:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
	    strcat(target, "=");
data/lynx-2.9.0dev.6/src/tidy_tls.c:645:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	need = (int) strlen(data);
data/lynx-2.9.0dev.6/src/tidy_tls.c:648:2:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
	strncat(target, data, (size_t) need)[need] = '\0';

ANALYSIS SUMMARY:

Hits = 2012
Lines analyzed = 187283 in approximately 4.91 seconds (38164 lines/second)
Physical Source Lines of Code (SLOC) = 134974
Hits@level = [0] 745 [1] 772 [2] 908 [3]  16 [4] 299 [5]  17
Hits@level+ = [0+] 2757 [1+] 2012 [2+] 1240 [3+] 332 [4+] 316 [5+]  17
Hits/KSLOC@level+ = [0+] 20.4262 [1+] 14.9066 [2+] 9.18695 [3+] 2.45973 [4+] 2.34119 [5+] 0.12595
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.