Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/macutils-2.0b3/comm/zm_to.c
Examining data/macutils-2.0b3/comm/zm_from.c
Examining data/macutils-2.0b3/comm/ym_to.c
Examining data/macutils-2.0b3/comm/ym_from.c
Examining data/macutils-2.0b3/comm/xm_to.c
Examining data/macutils-2.0b3/comm/tty.c
Examining data/macutils-2.0b3/comm/globals.c
Examining data/macutils-2.0b3/comm/tomac.c
Examining data/macutils-2.0b3/comm/globals.h
Examining data/macutils-2.0b3/comm/protocol.h
Examining data/macutils-2.0b3/comm/frommac.c
Examining data/macutils-2.0b3/comm/xm_from.c
Examining data/macutils-2.0b3/comm/comm.h
Examining data/macutils-2.0b3/binhex/dofile.c
Examining data/macutils-2.0b3/binhex/binhex.c
Examining data/macutils-2.0b3/mixed/macbinary.c
Examining data/macutils-2.0b3/mixed/globals.h
Examining data/macutils-2.0b3/mixed/mcb.c
Examining data/macutils-2.0b3/mixed/macstream.c
Examining data/macutils-2.0b3/mixed/globals.c
Examining data/macutils-2.0b3/mixed/dir.c
Examining data/macutils-2.0b3/mixed/macsave.c
Examining data/macutils-2.0b3/hexbin/hexbin.h
Examining data/macutils-2.0b3/hexbin/hecx.c
Examining data/macutils-2.0b3/hexbin/printhdr.h
Examining data/macutils-2.0b3/hexbin/mu.c
Examining data/macutils-2.0b3/hexbin/buffer.h
Examining data/macutils-2.0b3/hexbin/readline.c
Examining data/macutils-2.0b3/hexbin/hqx.c
Examining data/macutils-2.0b3/hexbin/printhdr.c
Examining data/macutils-2.0b3/hexbin/readline.h
Examining data/macutils-2.0b3/hexbin/dl.c
Examining data/macutils-2.0b3/hexbin/crc.h
Examining data/macutils-2.0b3/hexbin/globals.h
Examining data/macutils-2.0b3/hexbin/globals.c
Examining data/macutils-2.0b3/hexbin/crc.c
Examining data/macutils-2.0b3/hexbin/hexbin.c
Examining data/macutils-2.0b3/hexbin/buffer.c
Examining data/macutils-2.0b3/macunpack/de_lzh.c
Examining data/macutils-2.0b3/macunpack/dd.c
Examining data/macutils-2.0b3/macunpack/dd.h
Examining data/macutils-2.0b3/macunpack/macunpack.h
Examining data/macutils-2.0b3/macunpack/jdw.h
Examining data/macutils-2.0b3/macunpack/jdw.c
Examining data/macutils-2.0b3/macunpack/arc.h
Examining data/macutils-2.0b3/macunpack/dia.h
Examining data/macutils-2.0b3/macunpack/dia.c
Examining data/macutils-2.0b3/macunpack/de_compress.c
Examining data/macutils-2.0b3/macunpack/de_huffman.c
Examining data/macutils-2.0b3/macunpack/macunpack.c
Examining data/macutils-2.0b3/macunpack/zmahdr.h
Examining data/macutils-2.0b3/macunpack/bits_be.c
Examining data/macutils-2.0b3/macunpack/bits_be.h
Examining data/macutils-2.0b3/macunpack/stf.h
Examining data/macutils-2.0b3/macunpack/zma.h
Examining data/macutils-2.0b3/macunpack/sit.h
Examining data/macutils-2.0b3/macunpack/huffman.h
Examining data/macutils-2.0b3/macunpack/cpt.h
Examining data/macutils-2.0b3/macunpack/stf.c
Examining data/macutils-2.0b3/macunpack/pit.h
Examining data/macutils-2.0b3/macunpack/globals.h
Examining data/macutils-2.0b3/macunpack/crc.h
Examining data/macutils-2.0b3/macunpack/bin.c
Examining data/macutils-2.0b3/macunpack/dir.c
Examining data/macutils-2.0b3/macunpack/crc.c
Examining data/macutils-2.0b3/macunpack/globals.c
Examining data/macutils-2.0b3/macunpack/macbinary.c
Examining data/macutils-2.0b3/macunpack/lzc.c
Examining data/macutils-2.0b3/macunpack/lzh.c
Examining data/macutils-2.0b3/macunpack/zma.c
Examining data/macutils-2.0b3/macunpack/cpt.c
Examining data/macutils-2.0b3/macunpack/mcb.c
Examining data/macutils-2.0b3/macunpack/lzc.h
Examining data/macutils-2.0b3/macunpack/sit.c
Examining data/macutils-2.0b3/macunpack/pit.c
Examining data/macutils-2.0b3/macunpack/de_lzah.c
Examining data/macutils-2.0b3/macunpack/lzh.h
Examining data/macutils-2.0b3/fileio/rdfileopt.h
Examining data/macutils-2.0b3/fileio/kind.h
Examining data/macutils-2.0b3/fileio/appledouble.h
Examining data/macutils-2.0b3/fileio/rdfile.h
Examining data/macutils-2.0b3/fileio/rdfile.c
Examining data/macutils-2.0b3/fileio/fileglob.c
Examining data/macutils-2.0b3/fileio/aufs.h
Examining data/macutils-2.0b3/fileio/wrfileopt.h
Examining data/macutils-2.0b3/fileio/machdr.h
Examining data/macutils-2.0b3/fileio/wrfile.c
Examining data/macutils-2.0b3/fileio/fileglob.h
Examining data/macutils-2.0b3/fileio/wrfile.h
Examining data/macutils-2.0b3/util/transname.c
Examining data/macutils-2.0b3/util/curtime.h
Examining data/macutils-2.0b3/util/backtrans.c
Examining data/macutils-2.0b3/util/masks.h
Examining data/macutils-2.0b3/util/patchlevel.h
Examining data/macutils-2.0b3/util/util.h
Examining data/macutils-2.0b3/util/util.c
Examining data/macutils-2.0b3/crc/makecrc.c
FINAL RESULTS:
data/macutils-2.0b3/binhex/binhex.c:8:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/binhex/binhex.c:36:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_rdfileopt());
data/macutils-2.0b3/binhex/binhex.c:37:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/comm/frommac.c:36:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_wrfileopt());
data/macutils-2.0b3/comm/frommac.c:37:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/comm/tomac.c:10:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/comm/tomac.c:39:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_rdfileopt());
data/macutils-2.0b3/comm/tomac.c:40:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/crc/makecrc.c:36:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/crc/makecrc.c:63:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(buf, name);
data/macutils-2.0b3/fileio/rdfile.c:47:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char *strcpy();
data/macutils-2.0b3/fileio/rdfile.c:49:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/fileio/rdfile.c:226:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename, infodir);
data/macutils-2.0b3/fileio/rdfile.c:228:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename, current_files->files[i]);
data/macutils-2.0b3/fileio/rdfile.c:239:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename, current_files->files[i]);
data/macutils-2.0b3/fileio/rdfile.c:256:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename, current_files->files[i]);
data/macutils-2.0b3/fileio/rdfile.c:258:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filename1, filename);
data/macutils-2.0b3/fileio/rdfile.c:279:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename, current_files->files[i]);
data/macutils-2.0b3/fileio/rdfile.c:317:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename, current_files->files[i]);
data/macutils-2.0b3/fileio/rdfile.c:361:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(file_info + I_NAMEOFF + 1, filename);
data/macutils-2.0b3/fileio/rdfile.c:547:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filename1, infodir);
data/macutils-2.0b3/fileio/rdfile.c:549:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename1, filename);
data/macutils-2.0b3/fileio/rdfile.c:555:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filename1, rsrcdir);
data/macutils-2.0b3/fileio/rdfile.c:557:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename1, filename);
data/macutils-2.0b3/fileio/rdfile.c:606:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filename1, infodir);
data/macutils-2.0b3/fileio/rdfile.c:608:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename1, filename);
data/macutils-2.0b3/fileio/rdfile.c:674:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(file_info + I_NAMEOFF + 1, filename);
data/macutils-2.0b3/fileio/rdfile.c:691:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filetable + cursize, curentry->d_name);
data/macutils-2.0b3/fileio/rdfile.c:720:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename1, infodir);
data/macutils-2.0b3/fileio/rdfile.c:722:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(filename1, filename);
data/macutils-2.0b3/fileio/rdfile.c:729:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(filename1, infodir);
data/macutils-2.0b3/fileio/wrfile.c:40:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char *strcpy();
data/macutils-2.0b3/fileio/wrfile.c:42:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/fileio/wrfile.c:46:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
char *sprintf();
data/macutils-2.0b3/fileio/wrfile.c:112:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_info, "%s.info", text);
data/macutils-2.0b3/fileio/wrfile.c:113:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_rsrc, "%s.rsrc", text);
data/macutils-2.0b3/fileio/wrfile.c:114:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_data, "%s.data", text);
data/macutils-2.0b3/fileio/wrfile.c:115:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_text, "%s.text", text);
data/macutils-2.0b3/fileio/wrfile.c:116:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_bin, "%s.bin", text);
data/macutils-2.0b3/fileio/wrfile.c:117:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_unix, "%s", text);
data/macutils-2.0b3/fileio/wrfile.c:384:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(share_name, name);
data/macutils-2.0b3/fileio/wrfile.c:387:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(share_name, name);
data/macutils-2.0b3/fileio/wrfile.c:396:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "mkdir %s", share_name);
data/macutils-2.0b3/fileio/wrfile.c:397:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if((sysreturn = system(command)) != 0) {
data/macutils-2.0b3/fileio/wrfile.c:441:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(dirinfo, infodir);
data/macutils-2.0b3/fileio/wrfile.c:443:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(dirinfo, share_name);
data/macutils-2.0b3/fileio/wrfile.c:479:8: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(dirinfo, infodir);
data/macutils-2.0b3/fileio/wrfile.c:565:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_info_aufs, "%s/%s", infodir, share_name);
data/macutils-2.0b3/fileio/wrfile.c:566:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_rsrc_aufs, "%s/%s", rsrcdir, share_name);
data/macutils-2.0b3/fileio/wrfile.c:567:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_data, "%s", share_name);
data/macutils-2.0b3/fileio/wrfile.c:628:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_info_appledouble, "%s/%s", infodir, share_name);
data/macutils-2.0b3/fileio/wrfile.c:629:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(f_data, "%s", share_name);
data/macutils-2.0b3/hexbin/hexbin.c:53:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_wrfileopt());
data/macutils-2.0b3/hexbin/hexbin.c:54:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/hexbin/hexbin.c:180:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(namebuf, "%s%s", filename, *ep);
data/macutils-2.0b3/macunpack/dd.c:14:14: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
extern char *strcpy();
data/macutils-2.0b3/macunpack/dd.c:189:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
(void)strcpy(locname, text);
data/macutils-2.0b3/macunpack/macunpack.c:11:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/macunpack/macunpack.c:40:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_wrfileopt());
data/macutils-2.0b3/macunpack/macunpack.c:41:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/mixed/macsave.c:9:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/mixed/macsave.c:27:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_wrfileopt());
data/macutils-2.0b3/mixed/macsave.c:28:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/mixed/macstream.c:9:14: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
extern char *strcat();
data/macutils-2.0b3/mixed/macstream.c:35:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, get_rdfileopt());
data/macutils-2.0b3/mixed/macstream.c:36:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void)strcat(options, LOCALOPT);
data/macutils-2.0b3/binhex/binhex.c:40:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/comm/frommac.c:40:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/comm/tomac.c:43:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/hexbin/hexbin.c:59:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/macunpack/macunpack.c:44:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/mixed/macsave.c:31:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/mixed/macstream.c:39:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while((c = getopt(argc, argv, options)) != EOF) {
data/macutils-2.0b3/binhex/binhex.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/binhex/binhex.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32], ftype[5], fauth[5];
data/macutils-2.0b3/comm/frommac.c:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/comm/frommac.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[64];
data/macutils-2.0b3/comm/frommac.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fauth[5];
data/macutils-2.0b3/comm/frommac.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5];
data/macutils-2.0b3/comm/tomac.c:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/comm/tomac.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32], ftype[5], fauth[5];
data/macutils-2.0b3/comm/xm_from.c:18:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[INFOBYTES];
data/macutils-2.0b3/comm/xm_from.c:23:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[64];
data/macutils-2.0b3/crc/makecrc.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/macutils-2.0b3/crc/makecrc.c:64:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(buf, ".c");
data/macutils-2.0b3/crc/makecrc.c:65:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(buf, "w")) == NULL) {
data/macutils-2.0b3/fileio/appledouble.h:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_magic[4]; /* magic header */
data/macutils-2.0b3/fileio/appledouble.h:22:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_version[2]; /* version number */
data/macutils-2.0b3/fileio/appledouble.h:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill1[4]; /* = 0, ???? */
data/macutils-2.0b3/fileio/appledouble.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill2[4]; /* = 0, ???? */
data/macutils-2.0b3/fileio/appledouble.h:25:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill3[4]; /* = 0, ???? */
data/macutils-2.0b3/fileio/appledouble.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill4[4]; /* = 0, ???? */
data/macutils-2.0b3/fileio/appledouble.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill5[4]; /* = 5, ???? */
data/macutils-2.0b3/fileio/appledouble.h:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill6[4]; /* = 2, ???? */
data/macutils-2.0b3/fileio/appledouble.h:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_hlen[4]; /* = 589, header length */
data/macutils-2.0b3/fileio/appledouble.h:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_rsrc[4]; /* resource length */
data/macutils-2.0b3/fileio/appledouble.h:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill7[4]; /* = 3, ???? */
data/macutils-2.0b3/fileio/appledouble.h:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_namptr[4]; /* = 86, filename pointer */
data/macutils-2.0b3/fileio/appledouble.h:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_namlen[4]; /* Mac filename length */
data/macutils-2.0b3/fileio/appledouble.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill9[4]; /* = 4, ???? */
data/macutils-2.0b3/fileio/appledouble.h:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_commptr[4]; /* = 341, comment pointer */
data/macutils-2.0b3/fileio/appledouble.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_commsize[4]; /* = 0, comment size */
data/macutils-2.0b3/fileio/appledouble.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill12[4]; /* = 7, ???? */
data/macutils-2.0b3/fileio/appledouble.h:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_timeptr[4]; /* = 541, pointer to times */
data/macutils-2.0b3/fileio/appledouble.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_timesize[4]; /* = 16, size of times */
data/macutils-2.0b3/fileio/appledouble.h:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill15[4]; /* = 9, ???? */
data/macutils-2.0b3/fileio/appledouble.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_infoptr[4]; /* = 557, finder info pointer */
data/macutils-2.0b3/fileio/appledouble.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_infosize[4]; /* = 32, finder info size */
data/macutils-2.0b3/fileio/appledouble.h:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_name[255]; /* Macintosh filename */
data/macutils-2.0b3/fileio/appledouble.h:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_comment[200];/* = 0, Comment */
data/macutils-2.0b3/fileio/appledouble.h:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_ctime[4]; /* Creation time (Unix time) */
data/macutils-2.0b3/fileio/appledouble.h:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_mtime[4]; /* Modification time (Unix time) */
data/macutils-2.0b3/fileio/appledouble.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill19[4]; /* = 0, ???? */
data/macutils-2.0b3/fileio/appledouble.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fill20[4]; /* = 0, ???? */
data/macutils-2.0b3/fileio/appledouble.h:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_type[4]; /* File type */
data/macutils-2.0b3/fileio/appledouble.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_auth[4]; /* File creator */
data/macutils-2.0b3/fileio/appledouble.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_finfo[24]; /* Finder info */
data/macutils-2.0b3/fileio/aufs.h:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_fndr[FINFOLEN]; /* finder info */
data/macutils-2.0b3/fileio/aufs.h:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_shortfilename[12+1]; /* possible short file name */
data/macutils-2.0b3/fileio/aufs.h:22:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_macfilename[32+1]; /* possible macintosh file name */
data/macutils-2.0b3/fileio/aufs.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_comnt[MAXCLEN+1]; /* comment string */
data/macutils-2.0b3/fileio/aufs.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_ctime[4]; /* mac file create time */
data/macutils-2.0b3/fileio/aufs.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_mtime[4]; /* mac file modify time */
data/macutils-2.0b3/fileio/aufs.h:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fi_utime[4]; /* (real) time mtime was set */
data/macutils-2.0b3/fileio/rdfile.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_info[INFOBYTES];
data/macutils-2.0b3/fileio/rdfile.c:79:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_auth[5];
data/macutils-2.0b3/fileio/rdfile.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_type[5];
data/macutils-2.0b3/fileio/rdfile.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[255];
data/macutils-2.0b3/fileio/rdfile.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255], filename1[255];
data/macutils-2.0b3/fileio/rdfile.c:240:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename, ".info");
data/macutils-2.0b3/fileio/rdfile.c:259:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename, ".data");
data/macutils-2.0b3/fileio/rdfile.c:260:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename1, ".rsrc");
data/macutils-2.0b3/fileio/rdfile.c:281:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename, ".info");
data/macutils-2.0b3/fileio/rdfile.c:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename1[255];
data/macutils-2.0b3/fileio/rdfile.c:387:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:418:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:438:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename, ".info");
data/macutils-2.0b3/fileio/rdfile.c:441:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:469:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename, ".data");
data/macutils-2.0b3/fileio/rdfile.c:470:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:481:12: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename, ".rsrc");
data/macutils-2.0b3/fileio/rdfile.c:482:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:493:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:550:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename1, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:570:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename1, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:593:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:609:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename1, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:641:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename, "r")) == NULL) {
data/macutils-2.0b3/fileio/rdfile.c:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename1[255];
data/macutils-2.0b3/fileio/rdfile.c:710:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(f_name, "r")) != NULL) {
data/macutils-2.0b3/fileio/rdfile.c:719:8: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy(filename1, "../");
data/macutils-2.0b3/fileio/rdfile.c:723:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename1, "r")) != NULL) {
data/macutils-2.0b3/fileio/rdfile.c:730:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(filename1, "/.Parent");
data/macutils-2.0b3/fileio/rdfile.c:731:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(filename1, "r")) != NULL) {
data/macutils-2.0b3/fileio/rdfile.c:739:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = fopen(f_name, "r")) != NULL) {
data/macutils-2.0b3/fileio/rdfile.c:794:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(theinfo.fi_fndr, file_info + I_TYPEOFF, 4);
data/macutils-2.0b3/fileio/rdfile.c:795:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(theinfo.fi_fndr + 4, file_info + I_AUTHOFF, 4);
data/macutils-2.0b3/fileio/rdfile.c:796:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(theinfo.fi_fndr + 8, file_info + I_FLAGOFF, 2);
data/macutils-2.0b3/fileio/rdfile.c:858:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(theinfo.fi_type, file_info + I_TYPEOFF, 4);
data/macutils-2.0b3/fileio/rdfile.c:859:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(theinfo.fi_auth, file_info + I_AUTHOFF, 4);
data/macutils-2.0b3/fileio/rdfile.c:860:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(theinfo.fi_finfo, file_info + I_FLAGOFF, 2);
data/macutils-2.0b3/fileio/rdfile.c:944:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/macutils-2.0b3/fileio/rdfile.h:6:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char file_info[INFOBYTES];
data/macutils-2.0b3/fileio/wrfile.c:65:9: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(src,dest,length) memcpy((dest),(src),(length))
data/macutils-2.0b3/fileio/wrfile.c:65:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define bcopy(src,dest,length) memcpy((dest),(src),(length))
data/macutils-2.0b3/fileio/wrfile.c:73:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_info[I_NAMELEN];
data/macutils-2.0b3/fileio/wrfile.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_data[I_NAMELEN*3];
data/macutils-2.0b3/fileio/wrfile.c:75:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_rsrc[I_NAMELEN];
data/macutils-2.0b3/fileio/wrfile.c:76:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_text[I_NAMELEN];
data/macutils-2.0b3/fileio/wrfile.c:77:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_unix[I_NAMELEN];
data/macutils-2.0b3/fileio/wrfile.c:78:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_bin[I_NAMELEN];
data/macutils-2.0b3/fileio/wrfile.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char share_name[256];
data/macutils-2.0b3/fileio/wrfile.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_info_aufs[I_NAMELEN*3+INFOSZ];
data/macutils-2.0b3/fileio/wrfile.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_rsrc_aufs[I_NAMELEN*3+RSRCSZ];
data/macutils-2.0b3/fileio/wrfile.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_info_appledouble[I_NAMELEN*3+INFOSZ];
data/macutils-2.0b3/fileio/wrfile.c:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char init_buffer[128];
data/macutils-2.0b3/fileio/wrfile.c:150:11: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)bcopy(info, ptr, 128);
data/macutils-2.0b3/fileio/wrfile.c:184:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_info, "w");
data/macutils-2.0b3/fileio/wrfile.c:192:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_rsrc, "w");
data/macutils-2.0b3/fileio/wrfile.c:201:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_data, "w");
data/macutils-2.0b3/fileio/wrfile.c:211:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_rsrc, "w");
data/macutils-2.0b3/fileio/wrfile.c:220:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_data, "w");
data/macutils-2.0b3/fileio/wrfile.c:229:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_text, "w");
data/macutils-2.0b3/fileio/wrfile.c:244:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_unix, "w");
data/macutils-2.0b3/fileio/wrfile.c:259:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_bin, "w");
data/macutils-2.0b3/fileio/wrfile.c:285:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_info_aufs, "w");
data/macutils-2.0b3/fileio/wrfile.c:292:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_rsrc_aufs, "w");
data/macutils-2.0b3/fileio/wrfile.c:299:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_data, "w");
data/macutils-2.0b3/fileio/wrfile.c:310:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_info_appledouble, "w");
data/macutils-2.0b3/fileio/wrfile.c:318:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_data, "w");
data/macutils-2.0b3/fileio/wrfile.c:361:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[21]; /* Systems without mkdir system call but more than 14
data/macutils-2.0b3/fileio/wrfile.c:366:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirinfo[I_NAMELEN*3+INFOSZ+10];
data/macutils-2.0b3/fileio/wrfile.c:381:8: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)bcopy(header, buffer, INFOBYTES);
data/macutils-2.0b3/fileio/wrfile.c:440:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(dirinfo, "../");
data/macutils-2.0b3/fileio/wrfile.c:444:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(dirinfo, "w");
data/macutils-2.0b3/fileio/wrfile.c:452:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_folder, "w");
data/macutils-2.0b3/fileio/wrfile.c:480:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(dirinfo, "/.Parent");
data/macutils-2.0b3/fileio/wrfile.c:481:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(dirinfo, "w");
data/macutils-2.0b3/fileio/wrfile.c:490:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_folder, "w");
data/macutils-2.0b3/fileio/wrfile.c:502:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(f_folder, "w");
data/macutils-2.0b3/fileio/wrfile.c:516:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[INFOBYTES];
data/macutils-2.0b3/fileio/wrfile.c:590:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buffer + I_TYPEOFF, theinfo.fi_fndr, 4);
data/macutils-2.0b3/fileio/wrfile.c:591:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buffer + I_AUTHOFF, theinfo.fi_fndr + 4, 4);
data/macutils-2.0b3/fileio/wrfile.c:592:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buffer + I_FLAGOFF, theinfo.fi_fndr + 8, 2);
data/macutils-2.0b3/fileio/wrfile.c:598:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy((char *)theinfo.fi_comnt,
data/macutils-2.0b3/fileio/wrfile.c:655:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buffer + I_TYPEOFF, theinfo.fi_type, 4);
data/macutils-2.0b3/fileio/wrfile.c:656:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buffer + I_AUTHOFF, theinfo.fi_auth, 4);
data/macutils-2.0b3/fileio/wrfile.c:657:5: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
bcopy(buffer + I_FLAGOFF, theinfo.fi_finfo, 2);
data/macutils-2.0b3/fileio/wrfile.c:667:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
(void)strcpy((char *)theinfo.fi_comment,
data/macutils-2.0b3/fileio/wrfile.c:817:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[20];
data/macutils-2.0b3/fileio/wrfile.c:826:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(options, "f3");
data/macutils-2.0b3/fileio/wrfile.c:828:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
(void)strcat(options, "rduU");
data/macutils-2.0b3/hexbin/globals.c:8:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[INFOBYTES];
data/macutils-2.0b3/hexbin/globals.c:9:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trname[64];
data/macutils-2.0b3/hexbin/globals.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_name[128];
data/macutils-2.0b3/hexbin/globals.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_type[4];
data/macutils-2.0b3/hexbin/globals.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_author[4];
data/macutils-2.0b3/hexbin/hecx.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[BUFSIZ];
data/macutils-2.0b3/hexbin/hexbin.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/hexbin/hexbin.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char macname[32];
data/macutils-2.0b3/hexbin/hexbin.c:167:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/macutils-2.0b3/hexbin/hexbin.c:189:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifp = fopen(namebuf, "r");
data/macutils-2.0b3/hexbin/hexbin.c:243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[INFOBYTES];
data/macutils-2.0b3/hexbin/hqx.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lookup[256] = {
data/macutils-2.0b3/hexbin/hqx.c:84:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char obuf[BUFSIZ];
data/macutils-2.0b3/hexbin/mu.c:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char obuf[BUFSIZ];
data/macutils-2.0b3/hexbin/printhdr.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/hexbin/readline.c:4:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024]; /* Allow a lot! */
data/macutils-2.0b3/macunpack/arc.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[31];
data/macutils-2.0b3/macunpack/arc.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[4];
data/macutils-2.0b3/macunpack/arc.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fauth[4];
data/macutils-2.0b3/macunpack/arc.h:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finfo[8];
data/macutils-2.0b3/macunpack/arc.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname2[13];
data/macutils-2.0b3/macunpack/bin.c:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[INFOBYTES];
data/macutils-2.0b3/macunpack/cpt.c:32:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char cpt_LZbuff[CIRCSIZE];
data/macutils-2.0b3/macunpack/cpt.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[CHDRSIZE];
data/macutils-2.0b3/macunpack/cpt.c:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/cpt.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_name[64];
data/macutils-2.0b3/macunpack/cpt.h:46:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fName[32]; /* a STR32 */
data/macutils-2.0b3/macunpack/dd.c:76:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dd_LZbuff[2048];
data/macutils-2.0b3/macunpack/dd.c:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/dd.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char locname[64];
data/macutils-2.0b3/macunpack/dd.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/dd.h:56:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[4]; /* "DDAR" */
data/macutils-2.0b3/macunpack/dd.h:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fill1[4]; /* ??? */
data/macutils-2.0b3/macunpack/dd.h:58:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fName[64]; /* a STR63 */
data/macutils-2.0b3/macunpack/dd.h:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fill2[18]; /* ??? */
data/macutils-2.0b3/macunpack/dd.h:77:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic[4]; /* "\253\315\000\124" */
data/macutils-2.0b3/macunpack/dd.h:93:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fill1[6]; /* ??? */
data/macutils-2.0b3/macunpack/dd.h:100:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fill2[20]; /* ??? */
data/macutils-2.0b3/macunpack/de_compress.c:29:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define tab_suffixof(i) ((unsigned char *)(htab))[i]
data/macutils-2.0b3/macunpack/de_compress.c:120:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rmask[9] =
data/macutils-2.0b3/macunpack/de_compress.c:132:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[BITS];
data/macutils-2.0b3/macunpack/de_lzah.c:88:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lzah_buf[4096];
data/macutils-2.0b3/macunpack/de_lzh.c:86:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char c_len[NC], pt_len[NPT];
data/macutils-2.0b3/macunpack/dia.c:25:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char dia_bitbuf[BCHUNKSIZE];
data/macutils-2.0b3/macunpack/dia.c:116:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lname[32];
data/macutils-2.0b3/macunpack/dia.c:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lname[32];
data/macutils-2.0b3/macunpack/dia.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/dia.c:355:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[CHUNKSIZE];
data/macutils-2.0b3/macunpack/globals.c:6:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[INFOBYTES];
data/macutils-2.0b3/macunpack/globals.c:7:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[F_NAMELEN+1];
data/macutils-2.0b3/macunpack/jdw.c:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fauth[5], ftype[5];
data/macutils-2.0b3/macunpack/jdw.h:12:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6];
data/macutils-2.0b3/macunpack/jdw.h:15:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finfo[8];
data/macutils-2.0b3/macunpack/jdw.h:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[32]; /* actually flength */
data/macutils-2.0b3/macunpack/lzc.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[HEADERBYTES];
data/macutils-2.0b3/macunpack/lzc.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/lzc.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subheader[3];
data/macutils-2.0b3/macunpack/lzh.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lzh_lzbuf[LZBUFFSIZE];
data/macutils-2.0b3/macunpack/lzh.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_name[64];
data/macutils-2.0b3/macunpack/lzh.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirinfo[INFOBYTES];
data/macutils-2.0b3/macunpack/lzh.c:368:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/lzh.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[5];
data/macutils-2.0b3/macunpack/lzh.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/macutils-2.0b3/macunpack/macbinary.c:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[INFOBYTES];
data/macutils-2.0b3/macunpack/macbinary.c:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/macutils-2.0b3/macunpack/macbinary.c:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255];
data/macutils-2.0b3/macunpack/macunpack.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/macunpack/macunpack.c:138:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((infp = fopen(argv[optind], "r")) == NULL) {
data/macutils-2.0b3/macunpack/mcb.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/pit.c:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pithdr[4];
data/macutils-2.0b3/macunpack/pit.c:168:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[HDRBYTES];
data/macutils-2.0b3/macunpack/pit.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/pit.h:18:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[63]; /* name of packed file */
data/macutils-2.0b3/macunpack/pit.h:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4]; /* file type */
data/macutils-2.0b3/macunpack/pit.h:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char auth[4]; /* file creator */
data/macutils-2.0b3/macunpack/sit.c:93:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sit_buffer[32768];
data/macutils-2.0b3/macunpack/sit.c:138:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[SITHDRSIZE];
data/macutils-2.0b3/macunpack/sit.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hdr[FILEHDRSIZE];
data/macutils-2.0b3/macunpack/sit.c:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/sit.c:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_name[64];
data/macutils-2.0b3/macunpack/sit.c:644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char byte_int[4], byte_short[2];
data/macutils-2.0b3/macunpack/sit.h:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[7];
data/macutils-2.0b3/macunpack/sit.h:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fName[64]; /* a STR63 */
data/macutils-2.0b3/macunpack/sit.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[6];
data/macutils-2.0b3/macunpack/stf.c:20:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char length[256];
data/macutils-2.0b3/macunpack/stf.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[3], fauth[5], ftype[5];
data/macutils-2.0b3/macunpack/stf.h:9:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[3];
data/macutils-2.0b3/macunpack/stf.h:11:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[32]; /* actually flength */
data/macutils-2.0b3/macunpack/zma.c:131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/macunpack/zma.c:235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char loc_name[64];
data/macutils-2.0b3/macunpack/zma.h:42:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fName[32]; /* a STR32 */
data/macutils-2.0b3/mixed/globals.c:4:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[INFOBYTES];
data/macutils-2.0b3/mixed/globals.c:5:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[F_NAMELEN+1];
data/macutils-2.0b3/mixed/macbinary.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[INFOBYTES];
data/macutils-2.0b3/mixed/macbinary.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/macutils-2.0b3/mixed/macbinary.c:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[1024], filename1[255];
data/macutils-2.0b3/mixed/macsave.c:14:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/mixed/macstream.c:18:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char options[128];
data/macutils-2.0b3/mixed/macstream.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32], ftype[5], fauth[5];
data/macutils-2.0b3/mixed/mcb.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ftype[5], fauth[5];
data/macutils-2.0b3/util/util.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tp, temp[10];
data/macutils-2.0b3/comm/tty.c:93:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(ttyfd, &c, 1);
data/macutils-2.0b3/comm/tty.c:117:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = read(ttyfd, buf, cc);
data/macutils-2.0b3/fileio/rdfile.c:48:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
extern char *strncpy();
data/macutils-2.0b3/fileio/rdfile.c:227:12: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(filename, "/");
data/macutils-2.0b3/fileio/rdfile.c:249:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(current_files->files[i]) - 5;
data/macutils-2.0b3/fileio/rdfile.c:362:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_info[I_NAMEOFF] = strlen(filename);
data/macutils-2.0b3/fileio/rdfile.c:377:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(file_info + I_TYPEOFF, "RSRC", 4);
data/macutils-2.0b3/fileio/rdfile.c:379:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_TYPEOFF, f_type, 4);
data/macutils-2.0b3/fileio/rdfile.c:382:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(file_info + I_AUTHOFF, "RSED", 4);
data/macutils-2.0b3/fileio/rdfile.c:384:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_AUTHOFF, f_auth, 4);
data/macutils-2.0b3/fileio/rdfile.c:408:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(file_info + I_TYPEOFF, "TEXT", 4);
data/macutils-2.0b3/fileio/rdfile.c:410:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_TYPEOFF, f_type, 4);
data/macutils-2.0b3/fileio/rdfile.c:413:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(file_info + I_AUTHOFF, "MACA", 4);
data/macutils-2.0b3/fileio/rdfile.c:415:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_AUTHOFF, f_auth, 4);
data/macutils-2.0b3/fileio/rdfile.c:440:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lname = strlen(filename) - 5;
data/macutils-2.0b3/fileio/rdfile.c:526:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)fgetc(fd);
data/macutils-2.0b3/fileio/rdfile.c:548:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(filename1, "/");
data/macutils-2.0b3/fileio/rdfile.c:556:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(filename1, "/");
data/macutils-2.0b3/fileio/rdfile.c:607:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(filename1, "/");
data/macutils-2.0b3/fileio/rdfile.c:675:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file_info[I_NAMEOFF] = strlen(filename);
data/macutils-2.0b3/fileio/rdfile.c:686:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namlen = strlen(curentry->d_name);
data/macutils-2.0b3/fileio/rdfile.c:706:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursize += (strlen(filetable + cursize) + 1);
data/macutils-2.0b3/fileio/rdfile.c:721:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(filename1, "/");
data/macutils-2.0b3/fileio/rdfile.c:798:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(theinfo.fi_macfilename);
data/macutils-2.0b3/fileio/rdfile.c:799:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_NAMEOFF + 1, (char *)theinfo.fi_macfilename,
data/macutils-2.0b3/fileio/rdfile.c:802:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(theinfo.fi_shortfilename);
data/macutils-2.0b3/fileio/rdfile.c:803:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_NAMEOFF + 1,
data/macutils-2.0b3/fileio/rdfile.c:806:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(filename);
data/macutils-2.0b3/fileio/rdfile.c:807:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_NAMEOFF + 1, filename, n);
data/macutils-2.0b3/fileio/rdfile.c:862:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(file_info + I_NAMEOFF + 1, theinfo.fi_name, n);
data/macutils-2.0b3/fileio/rdfile.c:876:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i = fgetc(stdin);
data/macutils-2.0b3/fileio/rdfile.c:910:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)fgetc(stdin);
data/macutils-2.0b3/fileio/rdfile.c:928:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)fgetc(stdin);
data/macutils-2.0b3/fileio/rdfile.c:959:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(f_auth, name, 4);
data/macutils-2.0b3/fileio/rdfile.c:963:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(f_type, name, 4);
data/macutils-2.0b3/fileio/wrfile.c:41:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
extern char *strncpy();
data/macutils-2.0b3/fileio/wrfile.c:340:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(name);
data/macutils-2.0b3/fileio/wrfile.c:442:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(dirinfo, "/");
data/macutils-2.0b3/fileio/wrfile.c:596:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy((char *)theinfo.fi_macfilename, buffer + I_NAMEOFF + 1,n);
data/macutils-2.0b3/fileio/wrfile.c:600:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
theinfo.fi_comln = strlen((char *)theinfo.fi_comnt);
data/macutils-2.0b3/fileio/wrfile.c:665:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy((char *)theinfo.fi_name, buffer + I_NAMEOFF + 1,n);
data/macutils-2.0b3/fileio/wrfile.c:669:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
put4(theinfo.fi_commsize, (unsigned long)strlen(theinfo.fi_comment));
data/macutils-2.0b3/fileio/wrfile.c:819:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
(void)strcpy(options, "b");
data/macutils-2.0b3/fileio/wrfile.c:821:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(options, "s");
data/macutils-2.0b3/fileio/wrfile.c:823:8: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(options, "S");
data/macutils-2.0b3/fileio/wrfile.c:830:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
(void)strcat(options, "a");
data/macutils-2.0b3/hexbin/dl.c:42:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(macname);
data/macutils-2.0b3/hexbin/dl.c:50:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(macname);
data/macutils-2.0b3/hexbin/dl.c:54:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_name, macname, n);
data/macutils-2.0b3/hexbin/dl.c:55:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(mh.m_type, "APPL", 4);
data/macutils-2.0b3/hexbin/dl.c:56:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
(void)strncpy(mh.m_author, "????", 4);
data/macutils-2.0b3/hexbin/dl.c:67:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_NAMEOFF + 1, mh.m_name, n);
data/macutils-2.0b3/hexbin/dl.c:68:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_TYPEOFF, mh.m_type, 4);
data/macutils-2.0b3/hexbin/dl.c:69:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_AUTHOFF, mh.m_author, 4);
data/macutils-2.0b3/hexbin/hecx.c:46:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(macname);
data/macutils-2.0b3/hexbin/hecx.c:55:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(macname);
data/macutils-2.0b3/hexbin/hecx.c:59:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_name, macname, n);
data/macutils-2.0b3/hexbin/hecx.c:63:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(line);
data/macutils-2.0b3/hexbin/hecx.c:66:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_type, &line[1], 4);
data/macutils-2.0b3/hexbin/hecx.c:69:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_author, &line[5], 4);
data/macutils-2.0b3/hexbin/hecx.c:86:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_NAMEOFF + 1, mh.m_name, n);
data/macutils-2.0b3/hexbin/hecx.c:87:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_TYPEOFF, mh.m_type, 4);
data/macutils-2.0b3/hexbin/hecx.c:88:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_AUTHOFF, mh.m_author, 4);
data/macutils-2.0b3/hexbin/hecx.c:197:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numread = strlen(line);
data/macutils-2.0b3/hexbin/hecx.c:226:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(line);
data/macutils-2.0b3/hexbin/hexbin.c:248:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(ifp);
data/macutils-2.0b3/hexbin/hexbin.c:252:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(ifp);
data/macutils-2.0b3/hexbin/hexbin.c:298:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(line);
data/macutils-2.0b3/hexbin/hqx.c:122:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen((char *)line);
data/macutils-2.0b3/hexbin/hqx.c:142:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(ifp);
data/macutils-2.0b3/hexbin/hqx.c:252:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(g_macname);
data/macutils-2.0b3/hexbin/hqx.c:256:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_name, g_macname, n);
data/macutils-2.0b3/hexbin/hqx.c:276:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_NAMEOFF + 1, mh.m_name, n);
data/macutils-2.0b3/hexbin/hqx.c:277:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_TYPEOFF, mh.m_type, 4);
data/macutils-2.0b3/hexbin/hqx.c:278:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_AUTHOFF, mh.m_author, 4);
data/macutils-2.0b3/hexbin/mu.c:35:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line) - 1] = 0;
data/macutils-2.0b3/hexbin/mu.c:37:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(macname);
data/macutils-2.0b3/hexbin/mu.c:41:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_name, macname, n);
data/macutils-2.0b3/hexbin/mu.c:44:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(info + I_NAMEOFF + 1, mh.m_name, n);
data/macutils-2.0b3/hexbin/mu.c:135:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_type, info + I_TYPEOFF, 4);
data/macutils-2.0b3/hexbin/mu.c:136:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(mh.m_author, info + I_AUTHOFF, 4);
data/macutils-2.0b3/hexbin/mu.c:204:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
numread = strlen(ip);
data/macutils-2.0b3/hexbin/readline.c:17:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(ifp);
data/macutils-2.0b3/hexbin/readline.c:32:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(ifp);
data/macutils-2.0b3/macunpack/cpt.c:101:12: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*cptptr = getc(infp);
data/macutils-2.0b3/macunpack/dd.c:15:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
extern char *strncpy();
data/macutils-2.0b3/macunpack/lzc.c:139:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/macunpack/lzc.c:173:6: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/macunpack/macbinary.c:67:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((c = fgetc(infp)) == EOF) {
data/macutils-2.0b3/macunpack/macbinary.c:483:10: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infp);
data/macutils-2.0b3/macunpack/macunpack.c:150:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infp);
data/macutils-2.0b3/macunpack/mcb.c:112:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/macunpack/mcb.c:127:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/macunpack/sit.c:544:5: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/mixed/macbinary.c:21:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if((c = fgetc(infp)) == EOF) {
data/macutils-2.0b3/mixed/macsave.c:77:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(infp);
data/macutils-2.0b3/mixed/mcb.c:90:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/mixed/mcb.c:102:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(getc(infp) == EOF) {
data/macutils-2.0b3/util/transname.c:4:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
char *strncpy();
data/macutils-2.0b3/util/transname.c:96:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
(void)strncpy(namebuf, name, n);
data/macutils-2.0b3/util/util.c:78:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fp);
data/macutils-2.0b3/util/util.c:101:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void) read(2, temp, sizeof(temp));
ANALYSIS SUMMARY:
Hits = 415
Lines analyzed = 14102 in approximately 0.43 seconds (32923 lines/second)
Physical Source Lines of Code (SLOC) = 12720
Hits@level = [0] 654 [1] 102 [2] 240 [3] 7 [4] 66 [5] 0
Hits@level+ = [0+] 1069 [1+] 415 [2+] 313 [3+] 73 [4+] 66 [5+] 0
Hits/KSLOC@level+ = [0+] 84.0409 [1+] 32.6258 [2+] 24.6069 [3+] 5.73899 [4+] 5.18868 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.