Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/magic-8.2.157+ds.1/plow/PlowJogs.c Examining data/magic-8.2.157+ds.1/plow/PlowRules1.c Examining data/magic-8.2.157+ds.1/plow/PlowRules3.c Examining data/magic-8.2.157+ds.1/plow/PlowMain.c Examining data/magic-8.2.157+ds.1/plow/PlowYank.c Examining data/magic-8.2.157+ds.1/plow/PlowWidth.c Examining data/magic-8.2.157+ds.1/plow/PlowCmd.c Examining data/magic-8.2.157+ds.1/plow/PlowQueue.c Examining data/magic-8.2.157+ds.1/plow/PlowTest.c Examining data/magic-8.2.157+ds.1/plow/plowDebugInt.h Examining data/magic-8.2.157+ds.1/plow/PlowRules2.c Examining data/magic-8.2.157+ds.1/plow/plow.h Examining data/magic-8.2.157+ds.1/plow/plowInt.h Examining data/magic-8.2.157+ds.1/plow/PlowRandom.c Examining data/magic-8.2.157+ds.1/plow/PlowSearch.c Examining data/magic-8.2.157+ds.1/plow/PlowTech.c Examining data/magic-8.2.157+ds.1/drc/DRCarray.c Examining data/magic-8.2.157+ds.1/drc/DRCcontin.c Examining data/magic-8.2.157+ds.1/drc/DRCsubcell.c Examining data/magic-8.2.157+ds.1/drc/DRCextend.c Examining data/magic-8.2.157+ds.1/drc/DRCcif.c Examining data/magic-8.2.157+ds.1/drc/DRCbasic.c Examining data/magic-8.2.157+ds.1/drc/DRCmain.c Examining data/magic-8.2.157+ds.1/drc/drc.h Examining data/magic-8.2.157+ds.1/drc/DRCprint.c Examining data/magic-8.2.157+ds.1/drc/DRCtech.c Examining data/magic-8.2.157+ds.1/windows/windSearch.c Examining data/magic-8.2.157+ds.1/windows/windSend.c Examining data/magic-8.2.157+ds.1/windows/windInt.h Examining data/magic-8.2.157+ds.1/windows/windCmdNR.c Examining data/magic-8.2.157+ds.1/windows/windClient.c Examining data/magic-8.2.157+ds.1/windows/windows.h Examining data/magic-8.2.157+ds.1/windows/windDebug.c Examining data/magic-8.2.157+ds.1/windows/windTrans.c Examining data/magic-8.2.157+ds.1/windows/windMain.c Examining data/magic-8.2.157+ds.1/windows/windView.c Examining data/magic-8.2.157+ds.1/windows/windDisp.c Examining data/magic-8.2.157+ds.1/windows/windCmdSZ.c Examining data/magic-8.2.157+ds.1/windows/windMove.c Examining data/magic-8.2.157+ds.1/windows/windCmdAM.c Examining data/magic-8.2.157+ds.1/tcltk/tclmagic.h Examining data/magic-8.2.157+ds.1/tcltk/tclmagic.c Examining data/magic-8.2.157+ds.1/tcltk/magicdnull.c Examining data/magic-8.2.157+ds.1/tcltk/magicexec.c Examining data/magic-8.2.157+ds.1/scmos/cif_template/cifout.c Examining data/magic-8.2.157+ds.1/scmos/cif_template/cifin.c Examining data/magic-8.2.157+ds.1/scmos/cif_template/cifout26g.c Examining data/magic-8.2.157+ds.1/scmos/cif_template/scgcifout.c Examining data/magic-8.2.157+ds.1/scmos/cif_template/cifin26g.c Examining data/magic-8.2.157+ds.1/oa/oa.c Examining data/magic-8.2.157+ds.1/oa/magicInit.h Examining data/magic-8.2.157+ds.1/oa/oa.h Examining data/magic-8.2.157+ds.1/oa/magicOA.cpp Examining data/magic-8.2.157+ds.1/oa/magicOA.h Examining data/magic-8.2.157+ds.1/oa/magicInit.cpp Examining data/magic-8.2.157+ds.1/calma/CalmaRdpt.c Examining data/magic-8.2.157+ds.1/calma/calma.h Examining data/magic-8.2.157+ds.1/calma/calmaInt.h Examining data/magic-8.2.157+ds.1/calma/CalmaRdio.c Examining data/magic-8.2.157+ds.1/calma/CalmaWrite.c Examining data/magic-8.2.157+ds.1/calma/CalmaRdcl.c Examining data/magic-8.2.157+ds.1/calma/CalmaRead.c Examining data/magic-8.2.157+ds.1/extflat/EFread.c Examining data/magic-8.2.157+ds.1/extflat/EFvisit.c Examining data/magic-8.2.157+ds.1/extflat/EFantenna.c Examining data/magic-8.2.157+ds.1/extflat/EFflat.c Examining data/magic-8.2.157+ds.1/extflat/EFint.h Examining data/magic-8.2.157+ds.1/extflat/EFerr.c Examining data/magic-8.2.157+ds.1/extflat/EFargs.c Examining data/magic-8.2.157+ds.1/extflat/EFname.c Examining data/magic-8.2.157+ds.1/extflat/extflat.h Examining data/magic-8.2.157+ds.1/extflat/EFbuild.c Examining data/magic-8.2.157+ds.1/extflat/EFhier.c Examining data/magic-8.2.157+ds.1/extflat/EFdef.c Examining data/magic-8.2.157+ds.1/extflat/EFsym.c Examining data/magic-8.2.157+ds.1/extract/ExtPerim.c Examining data/magic-8.2.157+ds.1/extract/ExtBasic.c Examining data/magic-8.2.157+ds.1/extract/ExtCouple.c Examining data/magic-8.2.157+ds.1/extract/ExtUnique.c Examining data/magic-8.2.157+ds.1/extract/ExtHier.c Examining data/magic-8.2.157+ds.1/extract/ExtNghbors.c Examining data/magic-8.2.157+ds.1/extract/ExtHard.c Examining data/magic-8.2.157+ds.1/extract/extDebugInt.h Examining data/magic-8.2.157+ds.1/extract/ExtTimes.c Examining data/magic-8.2.157+ds.1/extract/ExtArray.c Examining data/magic-8.2.157+ds.1/extract/ExtMain.c Examining data/magic-8.2.157+ds.1/extract/ExtTest.c Examining data/magic-8.2.157+ds.1/extract/extract.h Examining data/magic-8.2.157+ds.1/extract/extractInt.h Examining data/magic-8.2.157+ds.1/extract/ExtCell.c Examining data/magic-8.2.157+ds.1/extract/ExtRegion.c Examining data/magic-8.2.157+ds.1/extract/ExtInter.c Examining data/magic-8.2.157+ds.1/extract/ExtLength.c Examining data/magic-8.2.157+ds.1/extract/ExtYank.c Examining data/magic-8.2.157+ds.1/extract/ExtTech.c Examining data/magic-8.2.157+ds.1/extract/ExtSubtree.c Examining data/magic-8.2.157+ds.1/tiles/tile.h Examining data/magic-8.2.157+ds.1/tiles/tile.c Examining data/magic-8.2.157+ds.1/tiles/search.c Examining data/magic-8.2.157+ds.1/tiles/search2.c Examining data/magic-8.2.157+ds.1/wiring/wireTech.c Examining data/magic-8.2.157+ds.1/wiring/wireInt.h Examining data/magic-8.2.157+ds.1/wiring/wireUndo.c Examining data/magic-8.2.157+ds.1/wiring/wiring.h Examining data/magic-8.2.157+ds.1/wiring/wireOps.c Examining data/magic-8.2.157+ds.1/plot/plotInt.h Examining data/magic-8.2.157+ds.1/plot/plotPS.c Examining data/magic-8.2.157+ds.1/plot/plotVers.c Examining data/magic-8.2.157+ds.1/plot/plotPNM.c Examining data/magic-8.2.157+ds.1/plot/plotHP.c Examining data/magic-8.2.157+ds.1/plot/plotCmd.c Examining data/magic-8.2.157+ds.1/plot/plotGremln.c Examining data/magic-8.2.157+ds.1/plot/tclplot.c Examining data/magic-8.2.157+ds.1/plot/plot.h Examining data/magic-8.2.157+ds.1/plot/plotMain.c Examining data/magic-8.2.157+ds.1/plot/plotRutils.c Examining data/magic-8.2.157+ds.1/plot/plotPixels.c Examining data/magic-8.2.157+ds.1/net2ir/net2ir.c Examining data/magic-8.2.157+ds.1/irouter/irInternal.h Examining data/magic-8.2.157+ds.1/irouter/irUtils.c Examining data/magic-8.2.157+ds.1/irouter/irMain.c Examining data/magic-8.2.157+ds.1/irouter/irDebug.h Examining data/magic-8.2.157+ds.1/irouter/irCommand.c Examining data/magic-8.2.157+ds.1/irouter/irTestCmd.c Examining data/magic-8.2.157+ds.1/irouter/irouter.h Examining data/magic-8.2.157+ds.1/irouter/irRoute.c Examining data/magic-8.2.157+ds.1/magic/magicTop.c Examining data/magic-8.2.157+ds.1/garouter/gaInternal.h Examining data/magic-8.2.157+ds.1/garouter/gaSimple.c Examining data/magic-8.2.157+ds.1/garouter/gaTest.c Examining data/magic-8.2.157+ds.1/garouter/gaMaze.c Examining data/magic-8.2.157+ds.1/garouter/gaStem.c Examining data/magic-8.2.157+ds.1/garouter/gaMain.c Examining data/magic-8.2.157+ds.1/garouter/gaChannel.c Examining data/magic-8.2.157+ds.1/garouter/garouter.h Examining data/magic-8.2.157+ds.1/garouter/gaDebug.h Examining data/magic-8.2.157+ds.1/sim/sim.h Examining data/magic-8.2.157+ds.1/sim/SimRsim.c Examining data/magic-8.2.157+ds.1/sim/SimDBstuff.c Examining data/magic-8.2.157+ds.1/sim/SimExtract.c Examining data/magic-8.2.157+ds.1/sim/SimSelect.c Examining data/magic-8.2.157+ds.1/cif/CIFrdutils.c Examining data/magic-8.2.157+ds.1/cif/CIFrdpoly.c Examining data/magic-8.2.157+ds.1/cif/CIFrdpt.c Examining data/magic-8.2.157+ds.1/cif/CIFrdcl.c Examining data/magic-8.2.157+ds.1/cif/CIFread.h Examining data/magic-8.2.157+ds.1/cif/CIFgen.c Examining data/magic-8.2.157+ds.1/cif/CIFsee.c Examining data/magic-8.2.157+ds.1/cif/CIFint.h Examining data/magic-8.2.157+ds.1/cif/CIFtech.c Examining data/magic-8.2.157+ds.1/cif/CIFmain.c Examining data/magic-8.2.157+ds.1/cif/CIFwrite.c Examining data/magic-8.2.157+ds.1/cif/CIFhier.c Examining data/magic-8.2.157+ds.1/cif/CIFrdtech.c Examining data/magic-8.2.157+ds.1/cif/cif.h Examining data/magic-8.2.157+ds.1/gcr/gcrEdge.c Examining data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c Examining data/magic-8.2.157+ds.1/gcr/gcrUnsplit.c Examining data/magic-8.2.157+ds.1/gcr/gcrRiver.c Examining data/magic-8.2.157+ds.1/gcr/gcrColl.c Examining data/magic-8.2.157+ds.1/gcr/gcrChannel.c Examining data/magic-8.2.157+ds.1/gcr/gcrRoute.c Examining data/magic-8.2.157+ds.1/gcr/gcr.h Examining data/magic-8.2.157+ds.1/gcr/gcrFeas.c Examining data/magic-8.2.157+ds.1/gcr/gcrLib.c Examining data/magic-8.2.157+ds.1/gcr/gcrDebug.c Examining data/magic-8.2.157+ds.1/gcr/gcrFlags.c Examining data/magic-8.2.157+ds.1/gcr/gcrInit.c Examining data/magic-8.2.157+ds.1/select/selUnselect.c Examining data/magic-8.2.157+ds.1/select/selOps.c Examining data/magic-8.2.157+ds.1/select/selUndo.c Examining data/magic-8.2.157+ds.1/select/selEnum.c Examining data/magic-8.2.157+ds.1/select/selInt.h Examining data/magic-8.2.157+ds.1/select/selDisplay.c Examining data/magic-8.2.157+ds.1/select/select.h Examining data/magic-8.2.157+ds.1/select/selCreate.c Examining data/magic-8.2.157+ds.1/utils/maxrect.c Examining data/magic-8.2.157+ds.1/utils/runstats.c Examining data/magic-8.2.157+ds.1/utils/niceabort.c Examining data/magic-8.2.157+ds.1/utils/getrect.c Examining data/magic-8.2.157+ds.1/utils/parser.c Examining data/magic-8.2.157+ds.1/utils/child.c Examining data/magic-8.2.157+ds.1/utils/geofast.h Examining data/magic-8.2.157+ds.1/utils/hash.h Examining data/magic-8.2.157+ds.1/utils/port.c Examining data/magic-8.2.157+ds.1/utils/flsbuf.c Examining data/magic-8.2.157+ds.1/utils/magic.h Examining data/magic-8.2.157+ds.1/utils/LIBtextio.c Examining data/magic-8.2.157+ds.1/utils/args.c Examining data/magic-8.2.157+ds.1/utils/netlist.c Examining data/magic-8.2.157+ds.1/utils/lookup.c Examining data/magic-8.2.157+ds.1/utils/tech.h Examining data/magic-8.2.157+ds.1/utils/path.c Examining data/magic-8.2.157+ds.1/utils/finddisp.c Examining data/magic-8.2.157+ds.1/utils/undo.h Examining data/magic-8.2.157+ds.1/utils/set.c Examining data/magic-8.2.157+ds.1/utils/tech.c Examining data/magic-8.2.157+ds.1/utils/list.c Examining data/magic-8.2.157+ds.1/utils/malloc.h Examining data/magic-8.2.157+ds.1/utils/pathvisit.h Examining data/magic-8.2.157+ds.1/utils/macros.c Examining data/magic-8.2.157+ds.1/utils/LIBmain.c Examining data/magic-8.2.157+ds.1/utils/touchtypes.c Examining data/magic-8.2.157+ds.1/utils/heap.c Examining data/magic-8.2.157+ds.1/utils/stack.c Examining data/magic-8.2.157+ds.1/utils/macros.h Examining data/magic-8.2.157+ds.1/utils/flock.c Examining data/magic-8.2.157+ds.1/utils/utils.h Examining data/magic-8.2.157+ds.1/utils/strdup.c Examining data/magic-8.2.157+ds.1/utils/fraction.c Examining data/magic-8.2.157+ds.1/utils/styles.h Examining data/magic-8.2.157+ds.1/utils/parsetest.c Examining data/magic-8.2.157+ds.1/utils/dqueue.c Examining data/magic-8.2.157+ds.1/utils/magsgtty.h Examining data/magic-8.2.157+ds.1/utils/lookupany.c Examining data/magic-8.2.157+ds.1/utils/lookupfull.c Examining data/magic-8.2.157+ds.1/utils/stack.h Examining data/magic-8.2.157+ds.1/utils/main.c Examining data/magic-8.2.157+ds.1/utils/paths.h Examining data/magic-8.2.157+ds.1/utils/malloc.c Examining data/magic-8.2.157+ds.1/utils/pathvisit.c Examining data/magic-8.2.157+ds.1/utils/signals.c Examining data/magic-8.2.157+ds.1/utils/LIBdbio.c Examining data/magic-8.2.157+ds.1/utils/dqueue.h Examining data/magic-8.2.157+ds.1/utils/show.c Examining data/magic-8.2.157+ds.1/utils/maxrect.h Examining data/magic-8.2.157+ds.1/utils/touchingtypes.h Examining data/magic-8.2.157+ds.1/utils/netlist.h Examining data/magic-8.2.157+ds.1/utils/hash.c Examining data/magic-8.2.157+ds.1/utils/main.h Examining data/magic-8.2.157+ds.1/utils/runstats.h Examining data/magic-8.2.157+ds.1/utils/match.c Examining data/magic-8.2.157+ds.1/utils/heap.h Examining data/magic-8.2.157+ds.1/utils/undo.c Examining data/magic-8.2.157+ds.1/utils/printstuff.c Examining data/magic-8.2.157+ds.1/utils/geometry.c Examining data/magic-8.2.157+ds.1/utils/geometry.h Examining data/magic-8.2.157+ds.1/utils/signals.h Examining data/magic-8.2.157+ds.1/utils/list.h Examining data/magic-8.2.157+ds.1/mzrouter/mzSubrs.c Examining data/magic-8.2.157+ds.1/mzrouter/mzXtndUp.c Examining data/magic-8.2.157+ds.1/mzrouter/mzInternal.h Examining data/magic-8.2.157+ds.1/mzrouter/mzMain.c Examining data/magic-8.2.157+ds.1/mzrouter/mzXtndLeft.c Examining data/magic-8.2.157+ds.1/mzrouter/mzInit.c Examining data/magic-8.2.157+ds.1/mzrouter/mzrouter.h Examining data/magic-8.2.157+ds.1/mzrouter/mzBlock.c Examining data/magic-8.2.157+ds.1/mzrouter/mzNumLine.c Examining data/magic-8.2.157+ds.1/mzrouter/mzStart.c Examining data/magic-8.2.157+ds.1/mzrouter/mzHint.c Examining data/magic-8.2.157+ds.1/mzrouter/mzSearch.c Examining data/magic-8.2.157+ds.1/mzrouter/mzTech.c Examining data/magic-8.2.157+ds.1/mzrouter/mzDebug.c Examining data/magic-8.2.157+ds.1/mzrouter/mzDebug.h Examining data/magic-8.2.157+ds.1/mzrouter/mzTestCmd.c Examining data/magic-8.2.157+ds.1/mzrouter/mzXtndDown.c Examining data/magic-8.2.157+ds.1/mzrouter/mzWalk.c Examining data/magic-8.2.157+ds.1/mzrouter/mzEstimate.c Examining data/magic-8.2.157+ds.1/mzrouter/mzXtndRght.c Examining data/magic-8.2.157+ds.1/ext2sim/sim2simp.c Examining data/magic-8.2.157+ds.1/ext2sim/ext2sim.c Examining data/magic-8.2.157+ds.1/ext2sim/finds.c Examining data/magic-8.2.157+ds.1/database/DBcellname.c Examining data/magic-8.2.157+ds.1/database/DBlabel.c Examining data/magic-8.2.157+ds.1/database/DBexpand.c Examining data/magic-8.2.157+ds.1/database/DBtimestmp.c Examining data/magic-8.2.157+ds.1/database/DBtech.c Examining data/magic-8.2.157+ds.1/database/DBio.c Examining data/magic-8.2.157+ds.1/database/DBpaint2.c Examining data/magic-8.2.157+ds.1/database/DBprop.c Examining data/magic-8.2.157+ds.1/database/DBtechtype.c Examining data/magic-8.2.157+ds.1/database/DBtpaint2.c Examining data/magic-8.2.157+ds.1/database/DBconnect.c Examining data/magic-8.2.157+ds.1/database/databaseInt.h Examining data/magic-8.2.157+ds.1/database/DBtiles.c Examining data/magic-8.2.157+ds.1/database/DBtcontact.c Examining data/magic-8.2.157+ds.1/database/DBpaint.c Examining data/magic-8.2.157+ds.1/database/DBtechname.c Examining data/magic-8.2.157+ds.1/database/DBcellbox.c Examining data/magic-8.2.157+ds.1/database/DBcell.c Examining data/magic-8.2.157+ds.1/database/DBcellsel.c Examining data/magic-8.2.157+ds.1/database/DBcount.c Examining data/magic-8.2.157+ds.1/database/DBlabel2.c Examining data/magic-8.2.157+ds.1/database/DBcellsubr.c Examining data/magic-8.2.157+ds.1/database/DBcellsrch.c Examining data/magic-8.2.157+ds.1/database/DBtpaint.c Examining data/magic-8.2.157+ds.1/database/DBundo.c Examining data/magic-8.2.157+ds.1/database/fonts.h Examining data/magic-8.2.157+ds.1/database/DBbound.c Examining data/magic-8.2.157+ds.1/database/DBcellcopy.c Examining data/magic-8.2.157+ds.1/graphics/grOGL2.c Examining data/magic-8.2.157+ds.1/graphics/grTCairoInt.h Examining data/magic-8.2.157+ds.1/graphics/glyphs.h Examining data/magic-8.2.157+ds.1/graphics/grDStyle.c Examining data/magic-8.2.157+ds.1/graphics/W3Dmain.c Examining data/magic-8.2.157+ds.1/graphics/grOGL3.c Examining data/magic-8.2.157+ds.1/graphics/X11Helper.c Examining data/magic-8.2.157+ds.1/graphics/grOGL1.c Examining data/magic-8.2.157+ds.1/graphics/grMain.c Examining data/magic-8.2.157+ds.1/graphics/grX11thread.c Examining data/magic-8.2.157+ds.1/graphics/grTk1.c Examining data/magic-8.2.157+ds.1/graphics/grGlyphs.c Examining data/magic-8.2.157+ds.1/graphics/grOGL4.c Examining data/magic-8.2.157+ds.1/graphics/grTOGLInt.h Examining data/magic-8.2.157+ds.1/graphics/grTCairo2.c Examining data/magic-8.2.157+ds.1/graphics/graphicsInt.h Examining data/magic-8.2.157+ds.1/graphics/grX11su5.c Examining data/magic-8.2.157+ds.1/graphics/grX11su3.c Examining data/magic-8.2.157+ds.1/graphics/grX11Int.h Examining data/magic-8.2.157+ds.1/graphics/grTk2.c Examining data/magic-8.2.157+ds.1/graphics/grTOGL4.c Examining data/magic-8.2.157+ds.1/graphics/grTOGL2.c Examining data/magic-8.2.157+ds.1/graphics/grOGLInt.h Examining data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo2.c Examining data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo4.c Examining data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c Examining data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo5.c Examining data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo3.c Examining data/magic-8.2.157+ds.1/graphics/grX11su2.c Examining data/magic-8.2.157+ds.1/graphics/grTOGL5.c Examining data/magic-8.2.157+ds.1/graphics/graphics.h Examining data/magic-8.2.157+ds.1/graphics/grTCairo4.c Examining data/magic-8.2.157+ds.1/graphics/prcolors.c Examining data/magic-8.2.157+ds.1/graphics/grTOGL3.c Examining data/magic-8.2.157+ds.1/graphics/grClip.c Examining data/magic-8.2.157+ds.1/graphics/grOGL5.c Examining data/magic-8.2.157+ds.1/graphics/grTCairo1.c Examining data/magic-8.2.157+ds.1/graphics/grTkCommon.c Examining data/magic-8.2.157+ds.1/graphics/grTk4.c Examining data/magic-8.2.157+ds.1/graphics/grTk3.c Examining data/magic-8.2.157+ds.1/graphics/grLock.c Examining data/magic-8.2.157+ds.1/graphics/wind3d.h Examining data/magic-8.2.157+ds.1/graphics/grCMap.c Examining data/magic-8.2.157+ds.1/graphics/grTk5.c Examining data/magic-8.2.157+ds.1/graphics/grTkInt.h Examining data/magic-8.2.157+ds.1/graphics/grTCairo5.c Examining data/magic-8.2.157+ds.1/graphics/grX11su1.c Examining data/magic-8.2.157+ds.1/graphics/grText.c Examining data/magic-8.2.157+ds.1/graphics/grNull.c Examining data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo2.c Examining data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo4.c Examining data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c Examining data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo5.c Examining data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo3.c Examining data/magic-8.2.157+ds.1/graphics/grTOGL1.c Examining data/magic-8.2.157+ds.1/graphics/grX11su4.c Examining data/magic-8.2.157+ds.1/graphics/grTkCommon.h Examining data/magic-8.2.157+ds.1/graphics/grTCairo3.c Examining data/magic-8.2.157+ds.1/debug/hist.c Examining data/magic-8.2.157+ds.1/debug/debug.h Examining data/magic-8.2.157+ds.1/debug/debugFlags.c Examining data/magic-8.2.157+ds.1/netmenu/NMlabel.c Examining data/magic-8.2.157+ds.1/netmenu/NMnetlist.c Examining data/magic-8.2.157+ds.1/netmenu/NMshowcell.c Examining data/magic-8.2.157+ds.1/netmenu/NMundo.c Examining data/magic-8.2.157+ds.1/netmenu/nmInt.h Examining data/magic-8.2.157+ds.1/netmenu/NMcmdAK.c Examining data/magic-8.2.157+ds.1/netmenu/NMcmdLZ.c Examining data/magic-8.2.157+ds.1/netmenu/NMbutton.c Examining data/magic-8.2.157+ds.1/netmenu/NMwiring.c Examining data/magic-8.2.157+ds.1/netmenu/netmenu.h Examining data/magic-8.2.157+ds.1/netmenu/NMshowpt.c Examining data/magic-8.2.157+ds.1/netmenu/NMmain.c Examining data/magic-8.2.157+ds.1/resis/resis.h Examining data/magic-8.2.157+ds.1/resis/ResReadSim.c Examining data/magic-8.2.157+ds.1/resis/ResMerge.c Examining data/magic-8.2.157+ds.1/resis/ResMakeRes.c Examining data/magic-8.2.157+ds.1/resis/ResConDCS.c Examining data/magic-8.2.157+ds.1/resis/ResJunct.c Examining data/magic-8.2.157+ds.1/resis/ResSimple.c Examining data/magic-8.2.157+ds.1/resis/ResBasic.c Examining data/magic-8.2.157+ds.1/resis/ResDebug.c Examining data/magic-8.2.157+ds.1/resis/ResFract.c Examining data/magic-8.2.157+ds.1/resis/ResUtils.c Examining data/magic-8.2.157+ds.1/resis/ResWrite.c Examining data/magic-8.2.157+ds.1/resis/ResChecks.c Examining data/magic-8.2.157+ds.1/resis/ResRex.c Examining data/magic-8.2.157+ds.1/resis/ResMain.c Examining data/magic-8.2.157+ds.1/resis/ResPrint.c Examining data/magic-8.2.157+ds.1/extcheck/extcheck.c Examining data/magic-8.2.157+ds.1/grouter/grouteChan.c Examining data/magic-8.2.157+ds.1/grouter/grouteMain.c Examining data/magic-8.2.157+ds.1/grouter/groutePen.c Examining data/magic-8.2.157+ds.1/grouter/grouteDens.c Examining data/magic-8.2.157+ds.1/grouter/grouteMaze.c Examining data/magic-8.2.157+ds.1/grouter/groutePin.c Examining data/magic-8.2.157+ds.1/grouter/grouteDebug.h Examining data/magic-8.2.157+ds.1/grouter/groutePath.c Examining data/magic-8.2.157+ds.1/grouter/grouteTest.c Examining data/magic-8.2.157+ds.1/grouter/grouteCrss.c Examining data/magic-8.2.157+ds.1/grouter/grouteTile.c Examining data/magic-8.2.157+ds.1/grouter/grouteName.c Examining data/magic-8.2.157+ds.1/grouter/grouteMult.c Examining data/magic-8.2.157+ds.1/grouter/grouteNet.c Examining data/magic-8.2.157+ds.1/grouter/grouter.h Examining data/magic-8.2.157+ds.1/router/rtrTravers.c Examining data/magic-8.2.157+ds.1/router/rtrMain.c Examining data/magic-8.2.157+ds.1/router/rtrPaint.c Examining data/magic-8.2.157+ds.1/router/rtrChannel.c Examining data/magic-8.2.157+ds.1/router/rtrDcmpose.h Examining data/magic-8.2.157+ds.1/router/rtrDcmpose.c Examining data/magic-8.2.157+ds.1/router/routerInt.h Examining data/magic-8.2.157+ds.1/router/rtrTech.c Examining data/magic-8.2.157+ds.1/router/tclroute.c Examining data/magic-8.2.157+ds.1/router/rtrHazards.c Examining data/magic-8.2.157+ds.1/router/rtrVia.c Examining data/magic-8.2.157+ds.1/router/rtrStem.c Examining data/magic-8.2.157+ds.1/router/rtrFdback.c Examining data/magic-8.2.157+ds.1/router/rtrSide.c Examining data/magic-8.2.157+ds.1/router/router.h Examining data/magic-8.2.157+ds.1/router/rtrCmd.c Examining data/magic-8.2.157+ds.1/router/rtrPin.c Examining data/magic-8.2.157+ds.1/cmwind/cmwind.h Examining data/magic-8.2.157+ds.1/cmwind/CMWundo.c Examining data/magic-8.2.157+ds.1/cmwind/CMWrgbhsv.c Examining data/magic-8.2.157+ds.1/cmwind/CMWmain.c Examining data/magic-8.2.157+ds.1/cmwind/CMWcmmnds.c Examining data/magic-8.2.157+ds.1/commands/CmdRS.c Examining data/magic-8.2.157+ds.1/commands/CmdFI.c Examining data/magic-8.2.157+ds.1/commands/CmdAB.c Examining data/magic-8.2.157+ds.1/commands/CmdCD.c Examining data/magic-8.2.157+ds.1/commands/commands.h Examining data/magic-8.2.157+ds.1/commands/CmdSubrs.c Examining data/magic-8.2.157+ds.1/commands/CmdLQ.c Examining data/magic-8.2.157+ds.1/commands/CmdAuto.c Examining data/magic-8.2.157+ds.1/commands/CmdWizard.c Examining data/magic-8.2.157+ds.1/commands/CmdTZ.c Examining data/magic-8.2.157+ds.1/commands/CmdE.c Examining data/magic-8.2.157+ds.1/ext2spice/ext2hier.c Examining data/magic-8.2.157+ds.1/ext2spice/ext2spice.h Examining data/magic-8.2.157+ds.1/ext2spice/ext2spice.c Examining data/magic-8.2.157+ds.1/dbwind/dbwind.h Examining data/magic-8.2.157+ds.1/dbwind/DBWhlights.c Examining data/magic-8.2.157+ds.1/dbwind/DBWcommands.c Examining data/magic-8.2.157+ds.1/dbwind/DBWfdback.c Examining data/magic-8.2.157+ds.1/dbwind/DBWprocs.c Examining data/magic-8.2.157+ds.1/dbwind/DBWtools.c Examining data/magic-8.2.157+ds.1/dbwind/DBWbuttons.c Examining data/magic-8.2.157+ds.1/dbwind/DBWelement.c Examining data/magic-8.2.157+ds.1/dbwind/dbwtech.h Examining data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c Examining data/magic-8.2.157+ds.1/dbwind/DBWundo.c Examining data/magic-8.2.157+ds.1/lisp/lispInt.h Examining data/magic-8.2.157+ds.1/lisp/lispTrace.c Examining data/magic-8.2.157+ds.1/lisp/lispGC.c Examining data/magic-8.2.157+ds.1/lisp/lisp.h Examining data/magic-8.2.157+ds.1/lisp/lispA-Z.c Examining data/magic-8.2.157+ds.1/lisp/lispIO.c Examining data/magic-8.2.157+ds.1/lisp/lispA-Z.h Examining data/magic-8.2.157+ds.1/lisp/lispParse.c Examining data/magic-8.2.157+ds.1/lisp/lispMagic.c Examining data/magic-8.2.157+ds.1/lisp/lispEval.c Examining data/magic-8.2.157+ds.1/lisp/lispPrint.c Examining data/magic-8.2.157+ds.1/lisp/lispArith.c Examining data/magic-8.2.157+ds.1/lisp/lispFrame.c Examining data/magic-8.2.157+ds.1/lisp/lispargs.h Examining data/magic-8.2.157+ds.1/lisp/lispString.c Examining data/magic-8.2.157+ds.1/lisp/lispMain.c Examining data/magic-8.2.157+ds.1/textio/textio.h Examining data/magic-8.2.157+ds.1/textio/txMain.c Examining data/magic-8.2.157+ds.1/textio/txcommands.h Examining data/magic-8.2.157+ds.1/textio/txOutput.c Examining data/magic-8.2.157+ds.1/textio/txMore.c Examining data/magic-8.2.157+ds.1/textio/txInput.c Examining data/magic-8.2.157+ds.1/textio/txCommands.c Examining data/magic-8.2.157+ds.1/textio/textioInt.h Examining data/magic-8.2.157+ds.1/lef/lefInt.h Examining data/magic-8.2.157+ds.1/lef/lefRead.c Examining data/magic-8.2.157+ds.1/lef/defRead.c Examining data/magic-8.2.157+ds.1/lef/lefCmd.c Examining data/magic-8.2.157+ds.1/lef/defWrite.c Examining data/magic-8.2.157+ds.1/lef/lefWrite.c Examining data/magic-8.2.157+ds.1/lef/lef.h Examining data/magic-8.2.157+ds.1/lef/lefTech.c Examining data/magic-8.2.157+ds.1/lef/tcllef.c FINAL RESULTS: data/magic-8.2.157+ds.1/utils/niceabort.c:129:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void) chmod(tempName, 0644); data/magic-8.2.157+ds.1/utils/niceabort.c:139:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void) chmod(tempName, 0644); data/magic-8.2.157+ds.1/calma/CalmaRdcl.c:334:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(newname, "%s_%d", strname, suffix); data/magic-8.2.157+ds.1/calma/CalmaRead.c:373:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(calmaErrorFile, format, a1, a2, a3, a4, a5, a6, a7, data/magic-8.2.157+ds.1/calma/CalmaWrite.c:427:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newnameptr, "1%s", strname); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:460:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newnameptr, "1%s", strname); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:472:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newnameptr, "1%s_%s", prefix, strname); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:486:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newnameptr, "1%s_%s", prefix, strname); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:539:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newnameptr, "0%s_%s", prefix, strname); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:543:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newnameptr, "0%s_%s[[0]]", prefix, strname); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1347:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(defname, def->cd_name); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1406:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(contactCellName, DBTypeShortName(j)); data/magic-8.2.157+ds.1/cif/CIFmain.c:382:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(msg, "CIF error in cell %s, layer %s: %s", data/magic-8.2.157+ds.1/cif/CIFrdtech.c:534:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newStyle->crs_name, "%s%s", argv[1], tptr); data/magic-8.2.157+ds.1/cif/CIFsee.c:293:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(msg, "CIF layer \"%s\"", layer); data/magic-8.2.157+ds.1/cif/CIFsee.c:370:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(msg, "CIF layer \"%s\"", layer); data/magic-8.2.157+ds.1/cif/CIFtech.c:604:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newStyle->cs_name, "%s%s", argv[1], tptr); data/magic-8.2.157+ds.1/commands/CmdCD.c:900:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fullpath, "%s/%s.mag", filepath, cellDef->cd_name); data/magic-8.2.157+ds.1/commands/CmdCD.c:3705:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fullpathname, cmd->tx_argv[1]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3756:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newcellname, "%s_%c", cellnameptr, uniqchar); data/magic-8.2.157+ds.1/commands/CmdFI.c:849:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(n, label->lab_text); data/magic-8.2.157+ds.1/commands/CmdFI.c:1843:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(n, lab->lab_text); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1890:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keyvalue, "%s {}", name); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1895:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(keyvalue, "%s %s", name, (char *)value); data/magic-8.2.157+ds.1/commands/CmdRS.c:2126:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(command, cmd->tx_argv[1]); data/magic-8.2.157+ds.1/commands/CmdRS.c:2129:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(command, cmd->tx_argv[i]); data/magic-8.2.157+ds.1/commands/CmdRS.c:2131:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/magic-8.2.157+ds.1/commands/CmdRS.c:2272:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( cmdbuf, (nodeCmd != NULL) ? nodeCmd : cmd->tx_argv[1] ); data/magic-8.2.157+ds.1/commands/CmdRS.c:2278:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(strptr, cmd->tx_argv[i]); data/magic-8.2.157+ds.1/commands/CmdSubrs.c:795:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(caption, "%s [NOT BEING EDITED]", def->cd_name); data/magic-8.2.157+ds.1/commands/CmdSubrs.c:885:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(caption, "%s [NOT BEING EDITED]", wDef->cd_name); data/magic-8.2.157+ds.1/commands/CmdSubrs.c:887:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(caption, "%s EDITING %s", wDef->cd_name, data/magic-8.2.157+ds.1/database/DBcellname.c:350:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newID, useID); data/magic-8.2.157+ds.1/database/DBcellname.c:354:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (isx) strcat(newID, xbuf); data/magic-8.2.157+ds.1/database/DBcellname.c:356:11: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (isy) strcat(newID, ybuf); data/magic-8.2.157+ds.1/database/DBcellname.c:1714:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(useId, "%s_%d", lastName, n); data/magic-8.2.157+ds.1/database/DBcellname.c:1982:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(name, "%s_%d", use->cu_def->cd_name, suffix); data/magic-8.2.157+ds.1/database/DBio.c:117:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(name, W_OK) < 0) return(-1); data/magic-8.2.157+ds.1/database/DBio.c:438:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(line, "<< %s >>", layername) != 1) data/magic-8.2.157+ds.1/database/DBio.c:729:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempname, "%s%s%s", tempdir, doslash, dp->d_name); data/magic-8.2.157+ds.1/database/DBio.c:1099:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(realname, "%s%s", cellDef->cd_name, DBSuffix); data/magic-8.2.157+ds.1/database/DBio.c:1386:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, cellDef->cd_file); data/magic-8.2.157+ds.1/database/DBio.c:1390:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savepath, pathptr); data/magic-8.2.157+ds.1/database/DBio.c:1391:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s", cellDef->cd_file, savepath); data/magic-8.2.157+ds.1/database/DBio.c:1418:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savepath, pathptr + 1); data/magic-8.2.157+ds.1/database/DBio.c:1419:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, cellDef->cd_file); data/magic-8.2.157+ds.1/database/DBio.c:1420:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path + userlen, savepath); data/magic-8.2.157+ds.1/database/DBio.c:1465:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, subCellDef->cd_name); data/magic-8.2.157+ds.1/database/DBio.c:1466:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, DBSuffix); data/magic-8.2.157+ds.1/database/DBio.c:2358:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (fprintf(f,s) == EOF) goto ioerror;\ data/magic-8.2.157+ds.1/database/DBio.c:2363:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. if (fprintf(f,s) == EOF) return 1;\ data/magic-8.2.157+ds.1/database/DBio.c:2385:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(headerstring,"magic\ntech %s\ntimestamp %d\n", data/magic-8.2.157+ds.1/database/DBio.c:2388:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(headerstring,"magic\ntech %s\nmagscale %d %d\ntimestamp %d\n", data/magic-8.2.157+ds.1/database/DBio.c:2449:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lstring, "rlabel %s %s%d %d %d %d %d %s\n", data/magic-8.2.157+ds.1/database/DBio.c:2460:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lstring, "flabel %s %s%d %d %d %d %d %s %d %d %d %d %s\n", data/magic-8.2.157+ds.1/database/DBio.c:2482:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lstring, "port %d %s", lab->lab_flags & PORT_NUM_MASK, data/magic-8.2.157+ds.1/database/DBio.c:2631:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lstring, "string %s %s\n", key, (char *)value); data/magic-8.2.157+ds.1/database/DBio.c:2704:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(realname, "%s%s", fileName, DBSuffix); data/magic-8.2.157+ds.1/database/DBio.c:2721:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(realname, "%s%s", cellDef->cd_name, DBSuffix); data/magic-8.2.157+ds.1/database/DBio.c:2755:15: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. exists = (access(expandname, F_OK) == 0) ? TRUE : FALSE; data/magic-8.2.157+ds.1/database/DBio.c:2764:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(tmpname, "%s%s", expandname, template); data/magic-8.2.157+ds.1/database/DBio.c:3006:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pstring, "<< %s >>\n", DBTypeLongName(type)); data/magic-8.2.157+ds.1/database/DBio.c:3015:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pstring, "tri %d %d %d %d %s\n", data/magic-8.2.157+ds.1/database/DBio.c:3117:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cstring, "use %s %c%s\n", cellUse->cu_def->cd_name, data/magic-8.2.157+ds.1/database/DBio.c:3132:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cstring, "use %s %c%s ~%s\n", cellUse->cu_def->cd_name, data/magic-8.2.157+ds.1/database/DBio.c:3139:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cstring, "use %s %c%s %s\n", cellUse->cu_def->cd_name, data/magic-8.2.157+ds.1/database/DBio.c:3277:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(template, "%s/MAG%d.XXXXXX", tempdir, pid); data/magic-8.2.157+ds.1/database/DBlabel.c:151:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lab->lab_text, text); data/magic-8.2.157+ds.1/database/DBtech.c:188:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(contline, "%s\n%s", DBTechVersion, argv[n]); data/magic-8.2.157+ds.1/database/DBtech.c:201:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(contline, "%s\n%s", DBTechDescription, argv[n]); data/magic-8.2.157+ds.1/database/DBtechtype.c:515:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s+%s", DBTypeShortName(type1), DBTypeShortName(type2)); data/magic-8.2.157+ds.1/database/DBundo.c:486:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lup->lue_text, lab->lab_text); data/magic-8.2.157+ds.1/database/DBundo.c:529:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lup->lue_text, lab->lab_text); data/magic-8.2.157+ds.1/database/DBundo.c:671:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(up->cue_id, use->cu_id); data/magic-8.2.157+ds.1/database/DBundo.c:934:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(up->eue_name, old->cd_name); data/magic-8.2.157+ds.1/database/DBundo.c:941:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(up->eue_name, new->cd_name); data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1103:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(string, "%s",DBTypeShortName(TiGetType(tile))); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:115:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpstr, newstr); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:118:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpstr, *oldstr); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:119:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpstr, newstr); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:122:26: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (postfix != NULL) strcat(tmpstr, postfix); data/magic-8.2.157+ds.1/dbwind/DBWundo.c:158:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(ep->e_useId, useid); data/magic-8.2.157+ds.1/dbwind/DBWundo.c:180:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(ep->e_useId, useid); data/magic-8.2.157+ds.1/drc/DRCmain.c:202:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(why_out, whyptr); data/magic-8.2.157+ds.1/drc/DRCprint.c:182:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(printchain, drcGetName(i, buffer)); data/magic-8.2.157+ds.1/drc/DRCtech.c:695:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newStyle->ds_name, "%s%s", argv[1], tptr); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:521:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(simesDefaultOut, "%s%s.sim", inName, data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:524:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(esDefaultAlias, "%s%s.al", inName, data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:527:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(esDefaultLabel, "%s%s.nodes", inName, data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:532:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tclres, "exttosim: Unable to open file %s for writing\n", data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:541:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tclres, "exttosim: Unable to open file %s for writing\n", data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:550:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tclres, "exttosim: Unable to open file %s for writing\n", data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:705:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(simesDefaultOut, "%s.sim", inName); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:707:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(esDefaultAlias, "%s.al", inName); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:709:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(esDefaultLabel, "%s.nodes", inName); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:885:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ( sscanf(rp, "%d/%d/%s", &rClass, &rClassSub, subsNode) != 3 ) { data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:887:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ( sscanf(rp, "%d/%s", &rClass, subsNode) != 2 ) goto usage; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:893:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fetInfo[ndx].defSubs,subsNode); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1404:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSimF, esCapFormat, cap); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1487:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSimF, esCapFormat, cap); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1501:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSimF, fmt, ap->efa_text); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1620:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). t = (char *) strcat(a1,a2); \ data/magic-8.2.157+ds.1/ext2sim/finds.c:89:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, s, &a); data/magic-8.2.157+ds.1/ext2sim/sim2simp.c:30:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p,s); data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1126:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSpiceF, esSpiceCapFormat, esCapNum++, data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1265:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSpiceF, esSpiceCapFormat, esCapNum++, nsn, cap, data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1276:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSpiceF, fmt, ap->efa_text); data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1873:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( esSpiceCapFormat, "C%%d %%s %%s %%.%dlffF\n", esCapAccuracy); data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1883:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( esSpiceCapFormat, "C%%d %%s %s %%.%dlffF%%s\n", data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:701:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(spcesDefaultOut, "%s.spice", inName); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:715:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tclres, "exttospice: Unable to open file %s for writing\n", data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:927:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf( esSpiceCapFormat, "C%%d %%s %%s %%.%dlffF\n", data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:939:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf( esSpiceCapFormat, "C%%d %%s %s %%.%dlffF%%s", data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1028:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(spcesDefaultOut, "%s.spice", inName); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1093:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf( esSpiceCapFormat, "C%%d %%s %%s %%.%dlffF\n",esCapAccuracy); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1098:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf( esSpiceCapFormat, "C%%d %%s GND %%.%dlffF%%s", esCapAccuracy); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1235:11: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ( sscanf(rp, "%d/%d/%s", &rClass, &rClassSub, subsNode) != 3 ) { data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1237:12: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if ( sscanf(rp, "%d/%s", &rClass, subsNode) != 2 ) goto usage; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1251:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(esFetInfo[ndx].defSubs,subsNode); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1561:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(instname, ":%s", def->def_name); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1800:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(instname, ":%s", def->def_name); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2850:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (asterm) sprintf(afmt, " %s=%%g", asterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2851:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (psterm) sprintf(pfmt, " %s=%%g", psterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2855:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (asterm) sprintf(afmt, " %s=%%gp", asterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2856:14: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (psterm) sprintf(pfmt, " %s=%%gu", psterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2865:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, afmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2868:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, pfmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2874:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, afmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2878:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, pfmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2895:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, afmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2898:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, pfmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2904:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, afmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2908:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, pfmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2929:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(afmt," %s=%%g", asterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2930:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pfmt," %s=%%g", psterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2934:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(afmt," %s=%%gp", asterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2935:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pfmt," %s=%%gu", psterm); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2954:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, afmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2956:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, pfmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2961:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, afmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2964:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(outf, pfmt, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3055:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSpiceF, esSpiceCapFormat ,esCapNum++,nodeSpiceName(hierName1, NULL), data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3189:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSpiceF, esSpiceCapFormat, esCapNum++, nsn, cap, data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3200:6: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(esSpiceF, fmt, ap->efa_text); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3344:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(str, hierName->hn_name); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3413:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(map, s); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3438:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(map, "x%d/%s", snum, sf); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3441:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, map); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3670:15: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). t = (char *) strcat(*a1, *a2); data/magic-8.2.157+ds.1/extflat/EFantenna.c:647:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "Antenna error at plane %s\n", DBPlaneLongNameTbl[ams->pNum]); data/magic-8.2.157+ds.1/extflat/EFargs.c:312:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. if (EFArgTech) (void) sprintf(EFLibPath, EXT_PATH, EFArgTech); data/magic-8.2.157+ds.1/extflat/EFbuild.c:281:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(ap->efa_text, text); data/magic-8.2.157+ds.1/extflat/EFerr.c:76:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/magic-8.2.157+ds.1/extflat/EFflat.c:449:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(newap->efa_text, ap->efa_text); data/magic-8.2.157+ds.1/extflat/EFflat.c:839:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(hNew->hn_name, hierName->hn_name); data/magic-8.2.157+ds.1/extflat/EFhier.c:182:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(name1, c1->cn_name, i); data/magic-8.2.157+ds.1/extflat/EFhier.c:184:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(name2, c2->cn_name, i - i1lo + i2lo); data/magic-8.2.157+ds.1/extflat/EFhier.c:204:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(name1, c1->cn_name, i, j); data/magic-8.2.157+ds.1/extflat/EFhier.c:206:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(name2, c2->cn_name, data/magic-8.2.157+ds.1/extflat/EFname.c:40:18: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define PrintErr printf data/magic-8.2.157+ds.1/extflat/EFname.c:177:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(new->hn_name, suffix->hn_name); data/magic-8.2.157+ds.1/extflat/EFread.c:227:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tclres, "Cannot read extract file %s.ext\n", name); data/magic-8.2.157+ds.1/extflat/EFread.c:522:14: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(EFLibPath, EXT_PATH, EFTech); data/magic-8.2.157+ds.1/extract/ExtBasic.c:804:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(message, badmesg, text, name); data/magic-8.2.157+ds.1/extract/ExtBasic.c:1746:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(mesg, "device missing %d terminal%s", missing, data/magic-8.2.157+ds.1/extract/ExtBasic.c:1752:10: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(mesg, extNodeName((LabRegion *) node)); data/magic-8.2.157+ds.1/extract/ExtHier.c:119:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(childname, "%s[%d,%d]/%s", use->cu_id, y, x, name2); data/magic-8.2.157+ds.1/extract/ExtHier.c:124:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(childname, "%s[%d]/%s", use->cu_id, ((x >= 0) ? x : y), data/magic-8.2.157+ds.1/extract/ExtHier.c:130:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(childname, "%s/%s", use->cu_id, name2); data/magic-8.2.157+ds.1/extract/ExtLength.c:380:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(mesg, "Yanked %s", data/magic-8.2.157+ds.1/extract/ExtLength.c:493:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(tpath->tp_next, label->lab_text); data/magic-8.2.157+ds.1/extract/ExtLength.c:512:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(newLab->lab_text, tpath->tp_first); data/magic-8.2.157+ds.1/extract/ExtLength.c:591:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(lab->lab_text, text); data/magic-8.2.157+ds.1/extract/ExtSubtree.c:752:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newlab->lab_text, lab->lab_text); data/magic-8.2.157+ds.1/extract/ExtTech.c:1694:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newStyle->exts_name, "%s%s", argv[1], tptr); data/magic-8.2.157+ds.1/extract/ExtUnique.c:211:10: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. (void) sprintf(message, badmesg, text, name); data/magic-8.2.157+ds.1/extract/ExtUnique.c:227:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(name, text); data/magic-8.2.157+ds.1/extract/ExtUnique.c:255:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(name2, "%s_uq%d", name, nsuffix); data/magic-8.2.157+ds.1/extract/extractInt.h:246:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf((buf), "%s_%s%d_%s%d#", DBPlaneShortName(plane), \ data/magic-8.2.157+ds.1/gcr/gcrDebug.c:197:10: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (fscanf(fp, "%s", s) != 1) data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c:146:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(msg, "Channel flag \"%s\"", arg); data/magic-8.2.157+ds.1/graphics/X11Helper.c:276:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, X11HELP_PROG ": parent (ID %d) not found. Exiting.\n", data/magic-8.2.157+ds.1/graphics/X11Helper.c:307:2: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, X11HELP_PROG ": read on pipe failed\n"); data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:678:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outstring, ".text insert end \"%s\"", data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:686:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TxBuffer, macroDef); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:668:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outstring, ".text insert end \"%s\"", data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:676:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TxBuffer, macroDef); data/magic-8.2.157+ds.1/graphics/grDStyle.c:214:21: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if ((argsread = sscanf(line, scanline, data/magic-8.2.157+ds.1/graphics/grDStyle.c:229:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(colorName, ((version > 6) ? "%i" : "%o"), &color) == 0) data/magic-8.2.157+ds.1/graphics/grDStyle.c:291:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(line, scanline, data/magic-8.2.157+ds.1/graphics/grDStyle.c:456:7: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(line, "%s", sectionName) != 1) data/magic-8.2.157+ds.1/graphics/grMain.c:394:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. onSun = (access("/dev/win0", 0) == 0); data/magic-8.2.157+ds.1/graphics/grOGL1.c:654:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argv[0], "%s", fullname); data/magic-8.2.157+ds.1/graphics/grOGL1.c:656:13: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(argv[0], argv[0], argv[1], 0) != 0) data/magic-8.2.157+ds.1/graphics/grTCairo1.c:764:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outstring, ".text insert end \"%s\"", data/magic-8.2.157+ds.1/graphics/grTCairo1.c:772:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TxBuffer, macroDef); data/magic-8.2.157+ds.1/graphics/grTOGL1.c:785:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outstring, ".text insert end \"%s\"", data/magic-8.2.157+ds.1/graphics/grTOGL1.c:793:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TxBuffer, macroDef); data/magic-8.2.157+ds.1/graphics/grTk1.c:1040:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(outstring, ".text insert end \"%s\"", data/magic-8.2.157+ds.1/graphics/grTk1.c:1048:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(TxBuffer, macroDef); data/magic-8.2.157+ds.1/graphics/grX11su1.c:1004:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argv[0], "%s", fullname); data/magic-8.2.157+ds.1/graphics/grX11su1.c:1006:6: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execl(argv[0], argv[0], argv[1], 0) != 0) data/magic-8.2.157+ds.1/grouter/grouteChan.c:448:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(m, "%s: --more-- (t for tiles): ", mesg); data/magic-8.2.157+ds.1/grouter/grouteCrss.c:206:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(name1, NLNetName(pin->gcr_pId)); data/magic-8.2.157+ds.1/grouter/grouteCrss.c:207:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(name2, NLNetName(netid.netid_net)); data/magic-8.2.157+ds.1/grouter/grouteCrss.c:208:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(c, "Crossing multiply used, nets %s/%d, %s/%d", data/magic-8.2.157+ds.1/grouter/grouteMult.c:211:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mesg, "Can't find a path from \"%s\" to \"%s\"", data/magic-8.2.157+ds.1/grouter/grouteTest.c:372:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(name1, NLNetName(pin->gcr_pId)); data/magic-8.2.157+ds.1/grouter/grouteTest.c:373:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(name2, NLNetName(netId.netid_net)); data/magic-8.2.157+ds.1/grouter/grouteTile.c:164:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(buffer1, text); data/magic-8.2.157+ds.1/grouter/grouteTile.c:166:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(buffer1, buffer2); data/magic-8.2.157+ds.1/grouter/grouteTile.c:174:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(buffer2, "%s --more--", buffer1); data/magic-8.2.157+ds.1/lef/defWrite.c:1495:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(vname, "%s_%.10g_%.10g", lname, data/magic-8.2.157+ds.1/lef/defWrite.c:1802:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (sy) sprintf(idx, "%d%s", y, sx ? "," : ""); data/magic-8.2.157+ds.1/lef/lefRead.c:1512:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newname, "%250s_%d", mname, suffix); data/magic-8.2.157+ds.1/lef/lefRead.c:1609:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tsave + strlen(tsave), " %s", token); data/magic-8.2.157+ds.1/lisp/lispA-Z.c:1519:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (str, LSTR(ARG1(s))); data/magic-8.2.157+ds.1/lisp/lispGC.c:156:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(s),LSTR(l)); data/magic-8.2.157+ds.1/lisp/lispIO.c:332:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp (argv[0], argv); data/magic-8.2.157+ds.1/lisp/lispMagic.c:200:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (getpaint_buf, "((\"%s\" %d %d %d %d))", data/magic-8.2.157+ds.1/lisp/lispMagic.c:379:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (buf, "((\"%s\" \"%s\" %d %d %d %d))", data/magic-8.2.157+ds.1/lisp/lispMagic.c:517:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (cellbuffer, "((\"%s\" %d %d %d %d %d %d %d %d %d %d))", data/magic-8.2.157+ds.1/lisp/lispMain.c:188:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(l),s); data/magic-8.2.157+ds.1/lisp/lispMain.c:225:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(l),s); data/magic-8.2.157+ds.1/lisp/lispParse.c:225:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(l), q); data/magic-8.2.157+ds.1/lisp/lispString.c:63:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(l),LSTR(ARG1(s))); data/magic-8.2.157+ds.1/lisp/lispString.c:64:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (LSTR(l),LSTR(ARG2(s))); data/magic-8.2.157+ds.1/lisp/lispString.c:98:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(l), LSYM(ARG1(s))); data/magic-8.2.157+ds.1/lisp/lispString.c:173:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (LSTR(l),buf); data/magic-8.2.157+ds.1/net2ir/net2ir.c:85:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(line1, line2); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:194:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(pResult, num1String); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:212:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(pResult, num2String); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:646:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(mesg, "%s;%s", data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:442:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(new->nl_fileName, "%s.net", name); data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:771:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(realName, "%s.net", fileName); data/magic-8.2.157+ds.1/netmenu/NMundo.c:108:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(u->nmue_term, term); data/magic-8.2.157+ds.1/netmenu/NMundo.c:114:16: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(u->nmue_curNet, curNet); data/magic-8.2.157+ds.1/oa/magicInit.cpp:44:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. chars2 = vsnprintf(NULL,0,fmt,msg); data/magic-8.2.157+ds.1/oa/magicInit.cpp:48:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"Error in %s at %s:%d: ",function,file,line); data/magic-8.2.157+ds.1/oa/magicInit.cpp:49:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf+chars1,fmt,msg); data/magic-8.2.157+ds.1/oa/magicInit.cpp:64:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. chars = vsnprintf(NULL,0,fmt,msg); data/magic-8.2.157+ds.1/oa/magicInit.cpp:68:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf,fmt,msg); data/magic-8.2.157+ds.1/oa/magicInit.cpp:81:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = vsnprintf(ptr2,256,fmt,msg); data/magic-8.2.157+ds.1/oa/magicInit.cpp:84:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(ptr2,fmt,msg); data/magic-8.2.157+ds.1/oa/magicInit.h:45:1: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout,fmt, ## msg); \ data/magic-8.2.157+ds.1/oa/magicInit.h:50:1: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,fmt, ## msg); \ data/magic-8.2.157+ds.1/oa/magicInit.h:55:1: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,fmt, ## msg); \ data/magic-8.2.157+ds.1/plot/plotPNM.c:746:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempFile, "%s/magicPlotXXXXXX", PlotTempDirectory); data/magic-8.2.157+ds.1/plot/plotPNM.c:915:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(command, PlotVersCommand, PlotVersPrinter, fileName); data/magic-8.2.157+ds.1/plot/plotPNM.c:916:6: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) != 0) data/magic-8.2.157+ds.1/plot/plotPixels.c:931:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fileName, "%s/magicPlot-%d-%d-XXXXXX", PlotTempDirectory, data/magic-8.2.157+ds.1/plot/plotVers.c:1206:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fileName, "%s/magicPlotXXXXXX", PlotTempDirectory); data/magic-8.2.157+ds.1/plot/plotVers.c:1462:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(command, PlotVersCommand, PlotVersPrinter, fileName); data/magic-8.2.157+ds.1/plot/plotVers.c:1463:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (system(command) != 0) data/magic-8.2.157+ds.1/plow/PlowRandom.c:95:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(goodName, tempgood); data/magic-8.2.157+ds.1/plow/PlowRandom.c:96:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tempName, temptemp); data/magic-8.2.157+ds.1/plow/PlowRandom.c:99:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(goodExt, "%s.ext", goodName); data/magic-8.2.157+ds.1/plow/PlowRandom.c:100:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tempExt, "%s.ext", tempName); data/magic-8.2.157+ds.1/plow/PlowRandom.c:104:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(command, "sedplow %s", goodExt); data/magic-8.2.157+ds.1/plow/PlowRandom.c:105:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/magic-8.2.157+ds.1/plow/PlowRandom.c:139:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(command, "sedplow %s", tempExt); data/magic-8.2.157+ds.1/plow/PlowRandom.c:140:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/magic-8.2.157+ds.1/plow/PlowTest.c:502:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(mesg, "Edge between %s and %s", data/magic-8.2.157+ds.1/plow/PlowTest.c:731:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(mesg, "%s/%s/%s segment in=%s out=%s", data/magic-8.2.157+ds.1/plow/PlowTest.c:759:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(prompt, "%s --more--", mesg); data/magic-8.2.157+ds.1/resis/ResPrint.c:72:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s%s%d",nodename,".r",nodenum++); data/magic-8.2.157+ds.1/resis/ResPrint.c:80:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s%s%d",nodename,".r",nodenum++); data/magic-8.2.157+ds.1/resis/ResPrint.c:216:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(tmpname,"%s",nodename); data/magic-8.2.157+ds.1/resis/ResPrint.c:221:20: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s%s%d",tmpname,".n",nodenum++); data/magic-8.2.157+ds.1/resis/ResPrint.c:710:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "N%s_", nodeptr->rn_name); data/magic-8.2.157+ds.1/resis/ResPrint.c:723:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(name, nodeptr->rn_name); data/magic-8.2.157+ds.1/resis/ResReadSim.c:788:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(thisfix->fp_name,label); data/magic-8.2.157+ds.1/resis/ResRex.c:652:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nodename, "%s/%s", scx->scx_use->cu_id, lab->lab_text); data/magic-8.2.157+ds.1/resis/ResRex.c:1173:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oldnodename,nodename); data/magic-8.2.157+ds.1/resis/ResRex.c:1175:11: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s%s%d",nodename,".t",resNodeNum++); data/magic-8.2.157+ds.1/resis/ResRex.c:1192:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s%s%d",nodename,".t",resNodeNum++); data/magic-8.2.157+ds.1/resis/ResRex.c:1213:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s%s%d",nodename,".t",resNodeNum++); data/magic-8.2.157+ds.1/resis/ResRex.c:1635:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void)sprintf(newname,"%s",node->name); data/magic-8.2.157+ds.1/resis/ResWrite.c:55:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bigname,"%s.%s",filename,"res"); data/magic-8.2.157+ds.1/resis/ResWrite.c:109:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bigname,"%s.%d",filename,abs((int)(extension))); data/magic-8.2.157+ds.1/resis/ResWrite.c:192:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newname,filename); data/magic-8.2.157+ds.1/resis/ResWrite.c:215:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmpname,newname); data/magic-8.2.157+ds.1/router/rtrFdback.c:102:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(buff, "Net `%s', channel %p: ", netname, ch); data/magic-8.2.157+ds.1/router/rtrFdback.c:108:12: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). (void) strcat(buff, msg); data/magic-8.2.157+ds.1/router/rtrStem.c:294:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorMesg, "Terminal must be %d wide to connect to %s", data/magic-8.2.157+ds.1/router/rtrStem.c:307:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorMesg, "Terminal must be %d wide to connect to %s", data/magic-8.2.157+ds.1/router/rtrStem.c:328:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorMesg, "Terminal must be %d wide to connect to %s", data/magic-8.2.157+ds.1/router/rtrStem.c:340:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorMesg, "Can't have terminal on %s layer: must connect " data/magic-8.2.157+ds.1/router/rtrStem.c:706:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(errorMesg, data/magic-8.2.157+ds.1/sim/SimDBstuff.c:188:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nodeName, SimGetNodeName(cx->tc_scx, tile, tpath->tp_first)); data/magic-8.2.157+ds.1/sim/SimDBstuff.c:196:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bestName, nodeName); data/magic-8.2.157+ds.1/sim/SimDBstuff.c:443:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(Node_Name, bestName); data/magic-8.2.157+ds.1/sim/SimDBstuff.c:906:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(lab->lab_text, text); data/magic-8.2.157+ds.1/sim/SimExtract.c:738:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff, text); data/magic-8.2.157+ds.1/sim/SimExtract.c:739:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nodename, path); data/magic-8.2.157+ds.1/sim/SimExtract.c:740:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(nodename, text); data/magic-8.2.157+ds.1/sim/SimExtract.c:778:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nodename, path); data/magic-8.2.157+ds.1/sim/SimExtract.c:779:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(nodename, nname); data/magic-8.2.157+ds.1/sim/SimExtract.c:781:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buff, nname); data/magic-8.2.157+ds.1/sim/SimExtract.c:799:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(nodename, path); data/magic-8.2.157+ds.1/sim/SimExtract.c:800:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(nodename, buff); data/magic-8.2.157+ds.1/sim/SimRsim.c:192:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(rsimfile, src); data/magic-8.2.157+ds.1/sim/SimRsim.c:203:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if( access( rsimfile, 1 ) != 0 ) data/magic-8.2.157+ds.1/sim/SimRsim.c:258:2: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(rsimfile, argv); data/magic-8.2.157+ds.1/sim/SimRsim.c:407:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( rsim_prompt, last ); data/magic-8.2.157+ds.1/sim/SimRsim.c:570:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cleanName, nodeName); data/magic-8.2.157+ds.1/sim/SimRsim.c:581:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmdStr, "%s %s\n", cmd, cleanName); data/magic-8.2.157+ds.1/sim/SimSelect.c:402:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newNodeTile->tl_nodeName, nodeName); data/magic-8.2.157+ds.1/sim/SimSelect.c:494:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(timeString, replyLine); data/magic-8.2.157+ds.1/sim/SimSelect.c:524:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(current->tl_nodeName, name); data/magic-8.2.157+ds.1/sim/SimSelect.c:564:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(timeString, replyLine); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:131:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(substcmd, postcmd); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:173:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:178:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), tkpath); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:180:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:192:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:193:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(newcmd + (int)(sptr - substcmd), "\"%s\"", sres); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:194:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:207:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:208:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), argv[argidx]); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:209:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(newcmd, sptr + 2); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:217:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:218:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), sptr + 2); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:228:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd, substcmd); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:229:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(newcmd + (int)(sptr - substcmd), sptr + 1); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:496:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tclcmdstr, "wm protocol %s WM_DELETE_WINDOW " data/magic-8.2.157+ds.1/tcltk/tclmagic.c:578:6: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(commandTable[n], "%s ", kwptr); /* get first word */ data/magic-8.2.157+ds.1/tcltk/tclmagic.c:877:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(string, "magic::dialog \"\" \"%s\"\n", prefix); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1020:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (outstr + 19, (f == stderr) ? "err \"" : "out \""); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1024:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = vsnprintf(outptr + 24, 102, fmt, args); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1033:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(outptr + 24, nchars + 2, fmt, args); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1158:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, TxBuffer); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1166:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(locbuf, TxBuffer + toRead); data/magic-8.2.157+ds.1/textio/textio.h:54:18: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define Vfprintf vfprintf data/magic-8.2.157+ds.1/textio/txCommands.c:1164:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&tclcmd->tx_argstring[asize], argv[n]); data/magic-8.2.157+ds.1/textio/txInput.c:589:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(line, tokens[i]); data/magic-8.2.157+ds.1/textio/txInput.c:599:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(line, "%s*", tokens[0]); data/magic-8.2.157+ds.1/textio/txInput.c:1052:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dest, res); data/magic-8.2.157+ds.1/textio/txMore.c:51:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(prompt, "%s --more-- (Hit <RETURN> to continue)", mesg); data/magic-8.2.157+ds.1/textio/txOutput.c:178:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. nchars = vsnprintf(outstr, outlen, fmt, args); data/magic-8.2.157+ds.1/textio/txOutput.c:187:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(outstr, outlen, fmt, args); data/magic-8.2.157+ds.1/textio/txOutput.c:370:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pagerpath, PAGERDIR); data/magic-8.2.157+ds.1/textio/txOutput.c:403:2: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(pagerpath, pagername, 0); data/magic-8.2.157+ds.1/textio/txOutput.c:465:1: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(FILR *iop, char *fmt, va_list args_in) data/magic-8.2.157+ds.1/utils/LIBtextio.c:106:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, ap); data/magic-8.2.157+ds.1/utils/LIBtextio.c:136:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stdout, fmt, ap); data/magic-8.2.157+ds.1/utils/hash.c:421:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(h->h_key.h_name, key); data/magic-8.2.157+ds.1/utils/macros.c:304:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new, last); data/magic-8.2.157+ds.1/utils/macros.c:305:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new, replacestr); data/magic-8.2.157+ds.1/utils/macros.c:308:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(new, last); data/magic-8.2.157+ds.1/utils/macros.c:404:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(vis, str); data/magic-8.2.157+ds.1/utils/macros.c:578:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(pointerStr, vis); data/magic-8.2.157+ds.1/utils/main.c:568:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(CellLibPath, MAGIC_LIB_PATH_FORMAT, TechFileName); data/magic-8.2.157+ds.1/utils/main.c:575:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(CellLibPath, MAGIC_LIB_PATH_FORMAT, TechDefault); data/magic-8.2.157+ds.1/utils/main.c:906:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(startupFileName, "%s/%s", home, RCFileName); data/magic-8.2.157+ds.1/utils/main.c:923:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(startupFileName, "%s/.magic", home); data/magic-8.2.157+ds.1/utils/main.c:1023:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(startupFileName, "%s/%s", home, RCFileName); data/magic-8.2.157+ds.1/utils/main.c:1032:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(startupFileName, "%s/.magic", home); data/magic-8.2.157+ds.1/utils/netlist.c:116:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(mesg, "Net %s has only one terminal", data/magic-8.2.157+ds.1/utils/niceabort.c:97:3: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl(GCORE, "gcore", pidString, NULL); data/magic-8.2.157+ds.1/utils/niceabort.c:125:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(command, "mv core.%s %s", pidString, crashDir); data/magic-8.2.157+ds.1/utils/niceabort.c:126:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/magic-8.2.157+ds.1/utils/niceabort.c:128:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(tempName, "%s/core.%s", crashDir, pidString); data/magic-8.2.157+ds.1/utils/niceabort.c:136:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. (void) sprintf(tempName, "%s/comments.%s", crashDir, pidString); data/magic-8.2.157+ds.1/utils/niceabort.c:157:2: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(command, MAIL_COMMAND, tempName); data/magic-8.2.157+ds.1/utils/niceabort.c:158:2: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/magic-8.2.157+ds.1/utils/path.c:69:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(new, *pathptr); data/magic-8.2.157+ds.1/utils/path.c:71:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(new + oldlength + 1, newstring); data/magic-8.2.157+ds.1/utils/path.c:171:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(newEntry, string); data/magic-8.2.157+ds.1/utils/path.c:242:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(newEntry, string); data/magic-8.2.157+ds.1/utils/path.c:344:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). else strcpy(p, file); data/magic-8.2.157+ds.1/utils/signals.c:567:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(AbortMessage, msg); data/magic-8.2.157+ds.1/utils/signals.c:587:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(AbortMessage, msg); data/magic-8.2.157+ds.1/utils/strdup.c:63:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(newstr, str); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:645:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. rval = random() % 62; data/magic-8.2.157+ds.1/cif/CIFwrite.c:265:45: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fprintf(outf,"( @@user : %s );\n", (t = getenv("USER")) ? t : "?"); data/magic-8.2.157+ds.1/cif/CIFwrite.c:266:48: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fprintf(outf,"( @@machine : %s );\n", (t = getenv("HOSTNAME")) ? t : "?"); data/magic-8.2.157+ds.1/commands/CmdE.c:286:10: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. bool getopt; data/magic-8.2.157+ds.1/commands/CmdE.c:445:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (getopt) data/magic-8.2.157+ds.1/commands/CmdE.c:464:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (getopt) data/magic-8.2.157+ds.1/commands/CmdE.c:494:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (getopt) data/magic-8.2.157+ds.1/commands/CmdE.c:533:11: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. if (getopt) data/magic-8.2.157+ds.1/database/DBio.c:718:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tempdir = getenv("TMPDIR"); data/magic-8.2.157+ds.1/database/DBio.c:1405:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *homedir = getenv("HOME"); data/magic-8.2.157+ds.1/database/DBio.c:3127:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *homedir = getenv("HOME"); data/magic-8.2.157+ds.1/database/DBio.c:3271:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tempdir = getenv("TMPDIR"); data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo2.c:13:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo2.c:13:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/graphics/grMain.c:395:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. haveX = (getenv("DISPLAY") != NULL); data/magic-8.2.157+ds.1/graphics/grOGL2.c:21:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/graphics/grTCairo2.c:13:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/graphics/grTOGL2.c:11:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/graphics/grTk1.c:420:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. getenv("DISPLAY")); data/magic-8.2.157+ds.1/graphics/grTk1.c:484:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. log_color = getenv("MAGIC_COLOR"); data/magic-8.2.157+ds.1/graphics/grTk1.c:494:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv("X_COLORMAP_BASE"); data/magic-8.2.157+ds.1/graphics/grTk1.c:499:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv("X_COLORMAP_RESERVED"); data/magic-8.2.157+ds.1/graphics/grTk1.c:528:38: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. "Cannot initialize DISPLAY %s\n", getenv("DISPLAY")); data/magic-8.2.157+ds.1/graphics/grTk2.c:12:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/graphics/grX11su1.c:414:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. "Will attempt default.\n", getenv("DISPLAY")); data/magic-8.2.157+ds.1/graphics/grX11su1.c:429:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. TxPrintf("HOSTTYPE: %s\n", getenv("HOSTTYPE")); data/magic-8.2.157+ds.1/graphics/grX11su1.c:508:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. log_color = getenv("MAGIC_COLOR"); data/magic-8.2.157+ds.1/graphics/grX11su1.c:518:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv("X_COLORMAP_BASE"); data/magic-8.2.157+ds.1/graphics/grX11su1.c:523:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. env_str = getenv("X_COLORMAP_RESERVED"); data/magic-8.2.157+ds.1/graphics/grX11su1.c:552:38: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. "Cannot initialize DISPLAY %s\n", getenv("DISPLAY")); data/magic-8.2.157+ds.1/plow/PlowRandom.c:261:13: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int r = random(); data/magic-8.2.157+ds.1/sim/SimRsim.c:160:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *getenv(); data/magic-8.2.157+ds.1/sim/SimRsim.c:190:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. src = getenv("RSIM"); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1226:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. cadroot = getenv("CAD_ROOT"); data/magic-8.2.157+ds.1/textio/txOutput.c:357:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. extern char *getenv(); data/magic-8.2.157+ds.1/textio/txOutput.c:367:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((useenv = getenv("PAGER")) == NULL) data/magic-8.2.157+ds.1/utils/main.c:898:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = getenv("HOME"); data/magic-8.2.157+ds.1/utils/path.c:161:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. string = getenv("HOME"); data/magic-8.2.157+ds.1/utils/path.c:223:11: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. string = getenv(expandName); data/magic-8.2.157+ds.1/calma/CalmaRdcl.c:383:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fpcopy, "%"DLONG_PREFIX"d", (dlong) filepos); data/magic-8.2.157+ds.1/calma/CalmaRdcl.c:388:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fpcopy, "%"DLONG_PREFIX"d", (dlong) filepos); data/magic-8.2.157+ds.1/calma/CalmaRdio.c:348:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dchars[8]; data/magic-8.2.157+ds.1/calma/CalmaRdpt.c:256:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newname + 7, "%05d", ++CalmaPolygonCount); data/magic-8.2.157+ds.1/calma/CalmaRdpt.c:633:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(newname + 4, "%05d", ++CalmaPathCount); data/magic-8.2.157+ds.1/calma/CalmaRead.c:453:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char numeric[10]; data/magic-8.2.157+ds.1/calma/CalmaRead.c:475:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(numeric, "%d", rtype); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:179:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { short u_s; char u_c[2]; } u; \ data/magic-8.2.157+ds.1/calma/CalmaWrite.c:193:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { long u_i; char u_c[4]; } u; \ data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1280:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char arraystr[128]; data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1281:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(arraystr, "%d_%d_%d_%d", use->cu_xlo, use->cu_xhi, data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1319:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defname[CALMANAMELENGTH+1]; data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1355:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(defname, "XXXXX%d", calmanum); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1389:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char contactCellName[100]; data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1394:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(contactCellName, "$$"); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1408:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(contactCellName, "$$"); data/magic-8.2.157+ds.1/calma/calmaInt.h:163:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef union { char uc[2]; unsigned short us; } TwoByteInt; data/magic-8.2.157+ds.1/calma/calmaInt.h:164:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef union { char uc[4]; unsigned int ul; } FourByteInt; data/magic-8.2.157+ds.1/cif/CIFmain.c:377:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/magic-8.2.157+ds.1/cif/CIFrdcl.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[17]; data/magic-8.2.157+ds.1/cif/CIFrdcl.c:215:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%d", cifNum); data/magic-8.2.157+ds.1/cif/CIFrdcl.c:227:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%d_%d", cifNum, ++reused); data/magic-8.2.157+ds.1/cif/CIFrdcl.c:270:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[15]; data/magic-8.2.157+ds.1/cif/CIFrdcl.c:272:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%d", cifNum); data/magic-8.2.157+ds.1/cif/CIFrdcl.c:603:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char *(cifReadLayers[MAXCIFRLAYERS]); data/magic-8.2.157+ds.1/cif/CIFrdcl.c:703:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char propertyvalue[128], *storedvalue; data/magic-8.2.157+ds.1/cif/CIFrdcl.c:762:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(propertyvalue, "%d %d %d %d", data/magic-8.2.157+ds.1/cif/CIFrdcl.c:951:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[128]; data/magic-8.2.157+ds.1/cif/CIFrdpt.c:270:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sptr, "%.3f %.3f ", x, y); data/magic-8.2.157+ds.1/cif/CIFrdpt.c:724:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXCHARS+1]; data/magic-8.2.157+ds.1/cif/CIFrdtech.c:50:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *(cifReadLayers[MAXCIFRLAYERS]); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:505:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newStyle->crs_name = StrDup((char **) NULL, argv[1]); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:532:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newStyle->crs_name = (char *)mallocMagic(strlen(argv[1]) data/magic-8.2.157+ds.1/cif/CIFrdtech.c:645:46: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cifCurReadStyle->crs_gridLimit = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:977:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newOp->co_distance = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:1348:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num = atoi(str); data/magic-8.2.157+ds.1/cif/CIFrdutils.c:473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ BUFSIZ ]; data/magic-8.2.157+ds.1/cif/CIFrdutils.c:490:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *valuep = atoi(&buffer[0]); data/magic-8.2.157+ds.1/cif/CIFsee.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/magic-8.2.157+ds.1/cif/CIFsee.c:259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/magic-8.2.157+ds.1/cif/CIFsee.c:347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/magic-8.2.157+ds.1/cif/CIFtech.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curLayer[40], *p, *cp; data/magic-8.2.157+ds.1/cif/CIFtech.c:484:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(true_scale); data/magic-8.2.157+ds.1/cif/CIFtech.c:491:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(true_scale); data/magic-8.2.157+ds.1/cif/CIFtech.c:494:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n += atoi(decimal + 1); data/magic-8.2.157+ds.1/cif/CIFtech.c:575:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newStyle->cs_name = StrDup((char **) NULL, argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:728:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CIFCurStyle->cs_stepSize = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:742:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CIFCurStyle->cs_gridLimit = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:915:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cifCurLayer->cl_calmanum = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:916:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cifCurLayer->cl_calmatype = atoi(argv[2]); data/magic-8.2.157+ds.1/cif/CIFtech.c:927:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cifCurLayer->min_width = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1072:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newOp->co_distance = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1134:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(bloatArg[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1175:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newOp->co_client = (ClientData)StrDup((char **)NULL, argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1219:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1220:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). squares->sq_border = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1235:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). squares->sq_border = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1241:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). squares->sq_size = atoi(argv[2]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1247:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). squares->sq_sep = atoi(argv[3]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1255:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). squares->sq_gridx = squares->sq_gridy = atoi(argv[4]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1270:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). squares->sq_gridy = atoi(argv[5]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1304:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1311:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[2]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1318:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[3]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1333:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[4]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1343:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[5]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1350:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[6]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1366:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[7]); data/magic-8.2.157+ds.1/cif/CIFtech.c:1411:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(str); data/magic-8.2.157+ds.1/cmwind/CMWmain.c:380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char caption[40]; data/magic-8.2.157+ds.1/cmwind/CMWmain.c:385:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(caption, "COLOR = 0%o", cr->cmw_color); data/magic-8.2.157+ds.1/commands/CmdAB.c:250:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_xhi = atoi(cmd->tx_argv[argstart + 1]) - 1; data/magic-8.2.157+ds.1/commands/CmdAB.c:251:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_yhi = atoi(cmd->tx_argv[argstart + 2]) - 1; data/magic-8.2.157+ds.1/commands/CmdAB.c:258:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_xlo = atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdAB.c:259:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_xhi = atoi(cmd->tx_argv[argstart + 2]); data/magic-8.2.157+ds.1/commands/CmdAB.c:260:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_ylo = atoi(cmd->tx_argv[argstart + 3]); data/magic-8.2.157+ds.1/commands/CmdAB.c:261:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_yhi = atoi(cmd->tx_argv[argstart + 4]); data/magic-8.2.157+ds.1/commands/CmdAB.c:304:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xval = atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdAB.c:305:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yval = atoi(cmd->tx_argv[argstart + 2]); data/magic-8.2.157+ds.1/commands/CmdAB.c:340:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xval = atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdAB.c:341:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yval = atoi(cmd->tx_argv[argstart + 2]); data/magic-8.2.157+ds.1/commands/CmdAB.c:380:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xval = atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdAB.c:381:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yval = atoi(cmd->tx_argv[argstart + 2]); data/magic-8.2.157+ds.1/commands/CmdAB.c:421:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xval = atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdAB.c:422:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yval = atoi(cmd->tx_argv[argstart + 2]); data/magic-8.2.157+ds.1/commands/CmdAB.c:435:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_xhi = atoi(cmd->tx_argv[argstart]) - 1; data/magic-8.2.157+ds.1/commands/CmdAB.c:436:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_yhi = atoi(cmd->tx_argv[argstart + 1]) - 1; data/magic-8.2.157+ds.1/commands/CmdAB.c:443:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_xlo = atoi(cmd->tx_argv[argstart]); data/magic-8.2.157+ds.1/commands/CmdAB.c:444:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_xhi = atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdAB.c:445:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_ylo = atoi(cmd->tx_argv[argstart + 2]); data/magic-8.2.157+ds.1/commands/CmdAB.c:446:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). a.ar_yhi = atoi(cmd->tx_argv[argstart + 3]); data/magic-8.2.157+ds.1/commands/CmdAB.c:825:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(boxvalues, "%d", data/magic-8.2.157+ds.1/commands/CmdAB.c:845:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(boxvalues, "%d", data/magic-8.2.157+ds.1/commands/CmdAB.c:865:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(boxvalues, "%d %d", data/magic-8.2.157+ds.1/commands/CmdAB.c:889:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(boxvalues, "%d %d", data/magic-8.2.157+ds.1/commands/CmdAB.c:915:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(boxvalues, "%d %d %d %d", data/magic-8.2.157+ds.1/commands/CmdCD.c:1242:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). CIFRescaleLimit = atoi(argv[2]); data/magic-8.2.157+ds.1/commands/CmdCD.c:1596:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). degrees = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3415:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). drc_nth = atoi(argv[2]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3542:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if ((fp = fopen (argv[2],"w")) == (FILE *) NULL) data/magic-8.2.157+ds.1/commands/CmdCD.c:3723:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cellnameptr, ".mag"); data/magic-8.2.157+ds.1/commands/CmdCD.c:3850:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). childPoint.p_x = atoi(av[1]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3856:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). childPoint.p_y = atoi(av[2]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3909:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). editPoint.p_x = atoi(av[1]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3915:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). editPoint.p_y = atoi(av[2]); data/magic-8.2.157+ds.1/commands/CmdCD.c:3998:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). editPoint.p_x = atoi(av[1]); data/magic-8.2.157+ds.1/commands/CmdCD.c:4004:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). editPoint.p_y = atoi(av[2]); data/magic-8.2.157+ds.1/commands/CmdE.c:348:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style = atoi(cmd->tx_argv[4]); data/magic-8.2.157+ds.1/commands/CmdE.c:361:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_xbot = atoi(cmd->tx_argv[5]); data/magic-8.2.157+ds.1/commands/CmdE.c:363:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_ybot = atoi(cmd->tx_argv[6]); data/magic-8.2.157+ds.1/commands/CmdE.c:375:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_xtop = atoi(cmd->tx_argv[7]); data/magic-8.2.157+ds.1/commands/CmdE.c:377:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_ytop = atoi(cmd->tx_argv[8]); data/magic-8.2.157+ds.1/commands/CmdE.c:388:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_xtop = atoi(cmd->tx_argv[7]); data/magic-8.2.157+ds.1/commands/CmdE.c:390:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_ytop = atoi(cmd->tx_argv[8]); data/magic-8.2.157+ds.1/commands/CmdE.c:475:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style = atoi(cmd->tx_argv[5]); data/magic-8.2.157+ds.1/commands/CmdE.c:507:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crect.r_xbot = atoi(cmd->tx_argv[4]); data/magic-8.2.157+ds.1/commands/CmdE.c:508:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crect.r_ybot = atoi(cmd->tx_argv[5]); data/magic-8.2.157+ds.1/commands/CmdE.c:517:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crect.r_xtop = atoi(cmd->tx_argv[6]); data/magic-8.2.157+ds.1/commands/CmdE.c:518:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crect.r_ytop = atoi(cmd->tx_argv[7]); data/magic-8.2.157+ds.1/commands/CmdFI.c:385:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nth = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdFI.c:1241:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(boxvalues, "%d %d %d %d", data/magic-8.2.157+ds.1/commands/CmdFI.c:1299:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). multiple = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdFI.c:1383:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). num_to_list = atoi(cmd->tx_argv[i]); data/magic-8.2.157+ds.1/commands/CmdFI.c:1792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathstring[FLATTERMSIZE]; data/magic-8.2.157+ds.1/commands/CmdFI.c:1812:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelname[1024]; data/magic-8.2.157+ds.1/commands/CmdLQ.c:199:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). font = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdLQ.c:236:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rotate = atoi(cmd->tx_argv[4]); data/magic-8.2.157+ds.1/commands/CmdLQ.c:370:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/commands/CmdLQ.c:372:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). d = atoi(cmd->tx_argv[4]); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1295:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int portidx = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1542:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lab->lab_flags |= atoi(cmd->tx_argv[argstart + 1]); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1553:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cdir[5]; data/magic-8.2.157+ds.1/commands/CmdLQ.c:1631:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). idx = atoi(cmd->tx_argv[argstart]); data/magic-8.2.157+ds.1/commands/CmdRS.c:218:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scaled = atoi(argsep); data/magic-8.2.157+ds.1/commands/CmdRS.c:228:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scaled = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdRS.c:234:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scalen = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/commands/CmdRS.c:760:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[200], *printPath, **msg, **optionArgs, *feedtext; data/magic-8.2.157+ds.1/commands/CmdRS.c:1868:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int font = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdRS.c:1968:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rotate = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdRS.c:2247:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cmdbuf[200]; data/magic-8.2.157+ds.1/commands/CmdSubrs.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[50]; data/magic-8.2.157+ds.1/commands/CmdSubrs.c:695:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newname[256]; data/magic-8.2.157+ds.1/commands/CmdSubrs.c:788:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char caption[200]; data/magic-8.2.157+ds.1/commands/CmdSubrs.c:880:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char caption[200]; data/magic-8.2.157+ds.1/commands/CmdTZ.c:227:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DBLambda[1] = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdTZ.c:231:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DBLambda[0] = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/commands/CmdTZ.c:259:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DBLambda[1] = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdTZ.c:263:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DBLambda[0] = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/commands/CmdTZ.c:1117:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newPtr, labelBlockTop, labelEntryCount * sizeof(LabelStore)); data/magic-8.2.157+ds.1/commands/CmdTZ.c:1610:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[128]; data/magic-8.2.157+ds.1/commands/CmdWizard.c:386:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(av[0], "w"); data/magic-8.2.157+ds.1/commands/CmdWizard.c:446:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (ac > 0 && (outf = fopen(av[0], "w")) == NULL) data/magic-8.2.157+ds.1/commands/CmdWizard.c:782:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/commands/CmdWizard.c:893:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/database/DBcellbox.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indices[100]; data/magic-8.2.157+ds.1/database/DBcellbox.c:92:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(indices, "[%d]", scx->scx_y); data/magic-8.2.157+ds.1/database/DBcellbox.c:94:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(indices, "[%d]", scx->scx_x); data/magic-8.2.157+ds.1/database/DBcellbox.c:96:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(indices, "[%d,%d]", scx->scx_y, scx->scx_x); data/magic-8.2.157+ds.1/database/DBcellname.c:315:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *useID, *newID, xbuf[10], ybuf[10]; data/magic-8.2.157+ds.1/database/DBcellname.c:353:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newID, "\\["); data/magic-8.2.157+ds.1/database/DBcellname.c:357:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newID, "\\]"); data/magic-8.2.157+ds.1/database/DBcellname.c:1679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char useId[100], *lastName; data/magic-8.2.157+ds.1/database/DBcellname.c:1974:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/magic-8.2.157+ds.1/database/DBcellsel.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currentId[BUFSIZ]; data/magic-8.2.157+ds.1/database/DBcellsrch.c:1832:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(propval, "%d %d %d %d", r.r_xbot, r.r_ybot, data/magic-8.2.157+ds.1/database/DBconnect.c:745:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)newlist, (void *)csa2->csa2_list, data/magic-8.2.157+ds.1/database/DBconnect.c:930:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)newlist, (void *)csa2->csa2_list, data/magic-8.2.157+ds.1/database/DBio.c:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[2048], tech[50], layername[50]; data/magic-8.2.157+ds.1/database/DBio.c:703:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *snptr, *tempdir, tempname[256]; data/magic-8.2.157+ds.1/database/DBio.c:820:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256]; data/magic-8.2.157+ds.1/database/DBio.c:1206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cellname[1024], useid[1024], path[1024]; data/magic-8.2.157+ds.1/database/DBio.c:1389:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savepath[1024]; data/magic-8.2.157+ds.1/database/DBio.c:1413:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savepath[1024]; data/magic-8.2.157+ds.1/database/DBio.c:1549:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char propertyname[128], propertyvalue[2048], *storedvalue; data/magic-8.2.157+ds.1/database/DBio.c:1627:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(storedvalue, "%d %d %d %d", data/magic-8.2.157+ds.1/database/DBio.c:1679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char elementname[128], styles[1024], *text, flags[100]; data/magic-8.2.157+ds.1/database/DBio.c:1853:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char layername[50], text[1024], port_use[50], port_class[50]; data/magic-8.2.157+ds.1/database/DBio.c:1858:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stickyflag[2]; data/magic-8.2.157+ds.1/database/DBio.c:1915:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontname[256]; data/magic-8.2.157+ds.1/database/DBio.c:1956:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ppos[5], *pptr; data/magic-8.2.157+ds.1/database/DBio.c:2352:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lstring[256]; data/magic-8.2.157+ds.1/database/DBio.c:2383:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headerstring[256]; data/magic-8.2.157+ds.1/database/DBio.c:2475:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ppos[5]; data/magic-8.2.157+ds.1/database/DBio.c:2490:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " signal"); data/magic-8.2.157+ds.1/database/DBio.c:2493:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " analog"); data/magic-8.2.157+ds.1/database/DBio.c:2496:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " power"); data/magic-8.2.157+ds.1/database/DBio.c:2499:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " ground"); data/magic-8.2.157+ds.1/database/DBio.c:2502:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " clock"); data/magic-8.2.157+ds.1/database/DBio.c:2505:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " default"); data/magic-8.2.157+ds.1/database/DBio.c:2512:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " input"); data/magic-8.2.157+ds.1/database/DBio.c:2515:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " output"); data/magic-8.2.157+ds.1/database/DBio.c:2518:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " tristate"); data/magic-8.2.157+ds.1/database/DBio.c:2521:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " bidirectional"); data/magic-8.2.157+ds.1/database/DBio.c:2524:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " feedthrough"); data/magic-8.2.157+ds.1/database/DBio.c:2527:8: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(lstring, " default"); data/magic-8.2.157+ds.1/database/DBio.c:2567:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(propscaled, "%d %d %d %d", data/magic-8.2.157+ds.1/database/DBio.c:2690:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expandbuf[NAME_SIZE]; data/magic-8.2.157+ds.1/database/DBio.c:2765:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). tmpres = mkstemp(tmpname); data/magic-8.2.157+ds.1/database/DBio.c:2800:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (tmpf = fopen(tmpname, "w")) data/magic-8.2.157+ds.1/database/DBio.c:2858:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). realf = fopen(expandname, "a"); data/magic-8.2.157+ds.1/database/DBio.c:2914:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). realf = fopen(expandname,"r"); data/magic-8.2.157+ds.1/database/DBio.c:2965:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pstring[256]; data/magic-8.2.157+ds.1/database/DBio.c:3021:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pstring, "rect %d %d %d %d\n", data/magic-8.2.157+ds.1/database/DBio.c:3078:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cstring[256], *pathend, *pathstart, *parent; data/magic-8.2.157+ds.1/database/DBio.c:3152:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cstring, "array %d %d %d %d %d %d\n", data/magic-8.2.157+ds.1/database/DBio.c:3158:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cstring, "timestamp %d\n", cellUse->cu_def->cd_timestamp); data/magic-8.2.157+ds.1/database/DBio.c:3160:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cstring, "transform %d %d %d %d %d %d\n", data/magic-8.2.157+ds.1/database/DBio.c:3164:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cstring, "box %d %d %d %d\n", data/magic-8.2.157+ds.1/database/DBio.c:3199:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[512]; data/magic-8.2.157+ds.1/database/DBio.c:3279:11: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). fd = mkstemp(template); data/magic-8.2.157+ds.1/database/DBio.c:3304:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "w"); data/magic-8.2.157+ds.1/database/DBlabel.c:1030:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[512]; data/magic-8.2.157+ds.1/database/DBlabel2.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labSrStr[MAXLABPATHSIZE]; /* String buffer in which the full pathname data/magic-8.2.157+ds.1/database/DBpaint.c:3010:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[100]; data/magic-8.2.157+ds.1/database/DBtech.c:118:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TechFormatVersion = atoi(argv[1]); data/magic-8.2.157+ds.1/database/DBtechtype.c:41:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *DBTypeLongNameTbl[NT]; data/magic-8.2.157+ds.1/database/DBtechtype.c:48:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *DBPlaneLongNameTbl[PL_MAXTYPES]; data/magic-8.2.157+ds.1/database/DBtechtype.c:506:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], *cp; data/magic-8.2.157+ds.1/database/DBtechtype.c:740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char onename[BUFSIZ]; data/magic-8.2.157+ds.1/database/DBtpaint.c:114:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)dtype, (void *)stype, (size_t)TT_MAXTYPES data/magic-8.2.157+ds.1/database/DBtpaint.c:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)dtype, (void *)stype, (size_t)(TT_MAXTYPES data/magic-8.2.157+ds.1/database/DBundo.c:614:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cue_id[4]; data/magic-8.2.157+ds.1/database/DBundo.c:888:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eue_name[4]; /* Name of cell def edited. This is data/magic-8.2.157+ds.1/dbwind/DBWbuttons.c:49:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *dbwButtonHandlers[MAXBUTTONHANDLERS]; data/magic-8.2.157+ds.1/dbwind/DBWbuttons.c:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *dbwButtonDoc[MAXBUTTONHANDLERS]; data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1019:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idName[100]; data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1073:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[20]; data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1107:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(string, "%p", tile); data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1248:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(string, "%p", stitch); data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1678:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style = atoi(stylestr); data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1718:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char styleType[50]; data/magic-8.2.157+ds.1/dbwind/DBWelement.c:179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char istr[10]; data/magic-8.2.157+ds.1/dbwind/DBWelement.c:208:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(istr, "%d", elem->area.r_xbot); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:210:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(istr, "%d", elem->area.r_ybot); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:216:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(istr, "%d", elem->area.r_xtop); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:218:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(istr, "%d", elem->area.r_ytop); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:226:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(istr, "%d", elem->area.r_xtop); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:228:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(istr, "%d", elem->area.r_ytop); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:1161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ptemp[22]; data/magic-8.2.157+ds.1/dbwind/DBWfdback.c:444:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)new, (char *)dbwfbArray, DBWFeedbackCount * sizeof(Feedback)); data/magic-8.2.157+ds.1/dbwind/DBWundo.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char e_useId[4]; /* Use identifier. This is a place holder data/magic-8.2.157+ds.1/debug/hist.c:180:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp, * fopen(); data/magic-8.2.157+ds.1/debug/hist.c:185:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp=fopen(name, "w"); data/magic-8.2.157+ds.1/drc/DRCbasic.c:255:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)newrlist, (void *)arg->dCD_rlist, (size_t)entries * data/magic-8.2.157+ds.1/drc/DRCcif.c:171:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int centidistance = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCcif.c:236:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int centidistance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCcif.c:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *layers[2]; data/magic-8.2.157+ds.1/drc/DRCcif.c:1061:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int centiarea = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCcif.c:1062:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int centihorizon = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCcif.c:1122:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int centidistance = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCprint.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf1[20], buf2[20]; data/magic-8.2.157+ds.1/drc/DRCprint.c:169:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char printchain[400]; data/magic-8.2.157+ds.1/drc/DRCprint.c:170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/magic-8.2.157+ds.1/drc/DRCtech.c:669:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newStyle->ds_name = StrDup((char **) NULL, argv[1]); data/magic-8.2.157+ds.1/drc/DRCtech.c:774:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *locargv[2][10] = {"style", "default"}; data/magic-8.2.157+ds.1/drc/DRCtech.c:1090:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:1259:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCtech.c:1343:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCtech.c:1344:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int horizon = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:1443:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCtech.c:1533:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int angles = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCtech.c:1600:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2167:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wwidth = atoi(argv[2]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2171:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). runlength = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2173:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(argv[5]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2180:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(argv[4]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2191:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2325:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2327:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int cdist = atoi(argv[6]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2493:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:2728:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/drc/DRCtech.c:3106:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *drcRectOpt[4] = {"any", "even", "odd", 0}; data/magic-8.2.157+ds.1/drc/DRCtech.c:3274:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). DRCCurStyle->DRCStepSize = atoi(argv[1]); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:76:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char simesDefaultOut[FNSIZE]; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:78:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char esDefaultAlias[FNSIZE], esDefaultLabel[FNSIZE]; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:81:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char esCapFormat[FNSIZE]; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:389:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). LocResistThreshold = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:529:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((esSimF = fopen(simesOutName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:538:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!esNoAlias && (esAliasF = fopen(esAliasName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:547:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!esNoLabel && (esLabF = fopen(esLabelName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:627:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf( esCapFormat, " %%.%dlf\n", esCapAccuracy); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:631:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf( esCapFormat, " GND %%.%dlf\n", esCapAccuracy); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:710:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((esSimF = fopen(simesOutName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:715:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!esNoAlias && (esAliasF = fopen(esAliasName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:720:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!esNoLabel && (esLabF = fopen(esLabelName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:753:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf( esCapFormat, " %%.%dlf\n", esCapAccuracy); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:757:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf( esCapFormat, " GND %%.%dlf\n", esCapAccuracy); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:857:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). esCapAccuracy = atoi(t); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:877:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rp, subsNode[80] ; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:994:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12]; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:996:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "output"); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1064:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "fet"); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1070:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "fet"); data/magic-8.2.157+ds.1/ext2sim/finds.c:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024], *name, *cp, *next; data/magic-8.2.157+ds.1/ext2sim/sim2simp.c:97:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iptr->x = (int) atoi(x); data/magic-8.2.157+ds.1/ext2sim/sim2simp.c:98:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iptr->y = (int) atoi(y); data/magic-8.2.157+ds.1/ext2sim/sim2simp.c:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[STRLEN]; data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:346:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12], devchar; data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1256:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ntmp[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1302:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char esTempName[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2hier.c:1332:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(esTempName, "%d", esNodeNum++); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:59:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spcesDefaultOut[FNSIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:61:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char esSpiceCapFormat[FNSIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:573:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). LocResistThreshold = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:712:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((esSpiceF = fopen(spcesOutName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1030:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((esSpiceF = fopen(spcesOutName, "w")) == NULL) data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1221:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). esCapAccuracy = atoi(t); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1227:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rp, subsNode[80] ; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1376:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmp[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1779:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stmp[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2080:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12], devchar; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12], devchar; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2223:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "output"); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2409:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "fet"); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char afmt[15], pfmt[15]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:2925:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char afmt[15], pfmt[15]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3180:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ntmp[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3249:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char esTempName[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3277:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(esTempName, "%d", esNodeNum++); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3404:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char map[MAX_STR_SIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3445:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "z@%d", esNodeNum++); data/magic-8.2.157+ds.1/ext2spice/ext2spice.h:54:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char spcesDefaultOut[FNSIZE]; data/magic-8.2.157+ds.1/ext2spice/ext2spice.h:56:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char esSpiceCapFormat[FNSIZE]; data/magic-8.2.157+ds.1/extflat/EFantenna.c:644:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/magic-8.2.157+ds.1/extflat/EFargs.c:158:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char libpath[FNSIZE]; data/magic-8.2.157+ds.1/extflat/EFargs.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *realIn, line[1024], *inname = NULL, *name, *cp; data/magic-8.2.157+ds.1/extflat/EFargs.c:209:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). EFResistThreshold = atoi(cp); /* Ohms */ data/magic-8.2.157+ds.1/extflat/EFargs.c:259:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, "r"); data/magic-8.2.157+ds.1/extflat/EFargs.c:386:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[BUFSIZ]; data/magic-8.2.157+ds.1/extflat/EFbuild.c:50:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *EFDevTypes[MAXDEVTYPES]; data/magic-8.2.157+ds.1/extflat/EFbuild.c:54:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *EFLayerNames[MAXTYPES] = { "space" }; data/magic-8.2.157+ds.1/extflat/EFbuild.c:161:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newnode->efnode_pa[n].pa_area += atoi(*av++); data/magic-8.2.157+ds.1/extflat/EFbuild.c:162:40: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newnode->efnode_pa[n].pa_perim += atoi(*av++); data/magic-8.2.157+ds.1/extflat/EFbuild.c:191:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newnode->efnode_pa[n].pa_area = atoi(*av++); data/magic-8.2.157+ds.1/extflat/EFbuild.c:192:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newnode->efnode_pa[n].pa_perim = atoi(*av++); data/magic-8.2.157+ds.1/extflat/EFbuild.c:555:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newparm->parm_name = StrDup((char **)NULL, argv[n]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:609:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devhash[24]; data/magic-8.2.157+ds.1/extflat/EFbuild.c:672:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newparm->parm_name = StrDup((char **)NULL, argv[argstart]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:684:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devtmp.dev_area = atoi(pptr); data/magic-8.2.157+ds.1/extflat/EFbuild.c:689:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devtmp.dev_area = atoi(pptr); data/magic-8.2.157+ds.1/extflat/EFbuild.c:695:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devtmp.dev_perim = atoi(pptr); data/magic-8.2.157+ds.1/extflat/EFbuild.c:700:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devtmp.dev_perim = atoi(pptr); data/magic-8.2.157+ds.1/extflat/EFbuild.c:705:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devtmp.dev_length = atoi(pptr); data/magic-8.2.157+ds.1/extflat/EFbuild.c:708:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). devtmp.dev_width = atoi(pptr); data/magic-8.2.157+ds.1/extflat/EFbuild.c:752:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(devhash, "%dx%d", r->r_xbot, r->r_ybot); data/magic-8.2.157+ds.1/extflat/EFbuild.c:806:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_area = atoi(argv[0]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:807:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_perim = atoi(argv[1]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:812:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_length = atoi(argv[0]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:813:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_width = atoi(argv[1]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:818:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_length = atoi(argv[0]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:819:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_width = atoi(argv[1]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:846:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_length = atoi(argv[0]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:847:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newdev->dev_width = atoi(argv[1]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:907:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). term->dterm_length = atoi(av[TERM_PERIM]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:915:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. term->dterm_attrs = StrDup((char **) NULL, av[TERM_ATTRS]); data/magic-8.2.157+ds.1/extflat/EFbuild.c:1251:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). conn->conn_pa[n].pa_area = atoi(*av++); data/magic-8.2.157+ds.1/extflat/EFbuild.c:1252:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). conn->conn_pa[n].pa_perim = atoi(*av++); data/magic-8.2.157+ds.1/extflat/EFbuild.c:1418:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[1024]; data/magic-8.2.157+ds.1/extflat/EFflat.c:469:6: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) node->efnode_pa, (char *) newnode->efnode_pa, data/magic-8.2.157+ds.1/extflat/EFhier.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name1[1024], name2[1024]; data/magic-8.2.157+ds.1/extflat/EFname.c:273:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char namebuf[2048]; data/magic-8.2.157+ds.1/extflat/EFname.c:608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[2048], *namePtr; data/magic-8.2.157+ds.1/extflat/EFname.c:632:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(dstp, "%d", hc->hc_y); data/magic-8.2.157+ds.1/extflat/EFname.c:641:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(dstp, "%d", hc->hc_x); data/magic-8.2.157+ds.1/extflat/EFname.c:959:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen("hash.dump", "w"); data/magic-8.2.157+ds.1/extflat/EFread.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024], *argv[128], *name, *attrs; data/magic-8.2.157+ds.1/extflat/EFread.c:255:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rscale = atoi(argv[1]); data/magic-8.2.157+ds.1/extflat/EFread.c:261:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cscale = atoi(argv[2]); data/magic-8.2.157+ds.1/extflat/EFread.c:286:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_xbot = atoi(argv[2]); data/magic-8.2.157+ds.1/extflat/EFread.c:287:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_ybot = atoi(argv[3]); data/magic-8.2.157+ds.1/extflat/EFread.c:288:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_xtop = atoi(argv[4]); data/magic-8.2.157+ds.1/extflat/EFread.c:289:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_ytop = atoi(argv[5]), data/magic-8.2.157+ds.1/extflat/EFread.c:354:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_xbot = atoi(argv[3]); data/magic-8.2.157+ds.1/extflat/EFread.c:355:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_ybot = atoi(argv[4]); data/magic-8.2.157+ds.1/extflat/EFread.c:356:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_xtop = atoi(argv[5]); data/magic-8.2.157+ds.1/extflat/EFread.c:357:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_ytop = atoi(argv[6]); data/magic-8.2.157+ds.1/extflat/EFread.c:369:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_xbot = atoi(argv[2]); data/magic-8.2.157+ds.1/extflat/EFread.c:370:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_ybot = atoi(argv[3]); data/magic-8.2.157+ds.1/extflat/EFread.c:371:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_xtop = atoi(argv[4]); data/magic-8.2.157+ds.1/extflat/EFread.c:372:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). r.r_ytop = atoi(argv[5]); data/magic-8.2.157+ds.1/extflat/EFread.c:416:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[4]), atoi(argv[5]), argv[6], data/magic-8.2.157+ds.1/extflat/EFread.c:416:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[4]), atoi(argv[5]), argv[6], data/magic-8.2.157+ds.1/extflat/EFread.c:430:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). efBuildPortNode(def, argv[1], atoi(argv[2]), atoi(argv[3]), data/magic-8.2.157+ds.1/extflat/EFread.c:430:48: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). efBuildPortNode(def, argv[1], atoi(argv[2]), atoi(argv[3]), data/magic-8.2.157+ds.1/extflat/EFread.c:431:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[4]), argv[7], toplevel); data/magic-8.2.157+ds.1/extflat/EFread.c:442:8: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[4]), atoi(argv[5]), argv[6], data/magic-8.2.157+ds.1/extflat/EFread.c:442:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[4]), atoi(argv[5]), argv[6], data/magic-8.2.157+ds.1/extflat/EFread.c:452:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). efResists[n] = atoi(argv[n + 1]); data/magic-8.2.157+ds.1/extflat/EFread.c:464:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (efResists[n] != atoi(argv[n + 1])) data/magic-8.2.157+ds.1/extflat/EFread.c:474:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), data/magic-8.2.157+ds.1/extflat/EFread.c:474:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), data/magic-8.2.157+ds.1/extflat/EFread.c:474:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[3]), atoi(argv[4]), atoi(argv[5]), data/magic-8.2.157+ds.1/extflat/EFread.c:475:4: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[6]), atoi(argv[7]), atoi(argv[8])); data/magic-8.2.157+ds.1/extflat/EFread.c:475:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[6]), atoi(argv[7]), atoi(argv[8])); data/magic-8.2.157+ds.1/extflat/EFread.c:475:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi(argv[6]), atoi(argv[7]), atoi(argv[8])); data/magic-8.2.157+ds.1/extflat/EFread.c:504:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EFTech = StrDup((char **) NULL, argv[1]); data/magic-8.2.157+ds.1/extflat/EFread.c:519:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. else EFTech = StrDup((char **) NULL, argv[1]); data/magic-8.2.157+ds.1/extflat/EFread.c:566:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (int)(lscale*atoi(argv[3])), data/magic-8.2.157+ds.1/extflat/EFread.c:567:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (int)(lscale*atoi(argv[4]))); data/magic-8.2.157+ds.1/extflat/EFread.c:577:49: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). efBuildResistor(def, argv[1], argv[2], rscale*atoi(argv[3])); data/magic-8.2.157+ds.1/extflat/EFsym.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024], *cp; data/magic-8.2.157+ds.1/extflat/EFsym.c:101:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, "r"); data/magic-8.2.157+ds.1/extflat/EFsym.c:170:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). HashSetValue(he, (spointertype)atoi(value)); data/magic-8.2.157+ds.1/extflat/EFvisit.c:423:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (StrIsInt(cp)) value = atoi(cp); data/magic-8.2.157+ds.1/extflat/extflat.h:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hn_name[4]; /* String is allocated here */ data/magic-8.2.157+ds.1/extflat/extflat.h:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char efa_text[4]; /* String is allocated here */ data/magic-8.2.157+ds.1/extflat/extflat.h:254:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char parm_type[2]; data/magic-8.2.157+ds.1/extract/ExtArray.c:674:6: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) np->nreg_pa, (char *) nn->nn_node->node_pa, data/magic-8.2.157+ds.1/extract/ExtArray.c:774:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[2048]; data/magic-8.2.157+ds.1/extract/ExtArray.c:887:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(dstp, "%d:%d", hi, lo); data/magic-8.2.157+ds.1/extract/ExtArray.c:889:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(dstp, "%d:%d", lo, hi); data/magic-8.2.157+ds.1/extract/ExtArray.c:937:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelBuf[4096]; data/magic-8.2.157+ds.1/extract/ExtBasic.c:761:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[512], name[512], *text; data/magic-8.2.157+ds.1/extract/ExtBasic.c:849:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char namebuf[256]; /* Big enough to hold a generated nodename */ data/magic-8.2.157+ds.1/extract/ExtBasic.c:1612:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/extract/ExtBasic.c:1751:10: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(mesg, ";\n connecting remainder to node "); data/magic-8.2.157+ds.1/extract/ExtBasic.c:2047:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mesg, "Resistor has %d terminals: " data/magic-8.2.157+ds.1/extract/ExtBasic.c:2050:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mesg, "Resistor has %d terminals: " data/magic-8.2.157+ds.1/extract/ExtCell.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[512], *name, *endp, *ends; data/magic-8.2.157+ds.1/extract/ExtHard.c:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gen[100]; data/magic-8.2.157+ds.1/extract/ExtHier.c:342:7: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)lab, (char *)newlab, (int)n); data/magic-8.2.157+ds.1/extract/ExtHier.c:852:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defname[128]; data/magic-8.2.157+ds.1/extract/ExtHier.c:864:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(defname, "__EXTTREE%d__", extHierOneNameSuffix++); data/magic-8.2.157+ds.1/extract/ExtLength.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[512]; data/magic-8.2.157+ds.1/extract/ExtLength.c:432:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXNAMESIZE]; data/magic-8.2.157+ds.1/extract/ExtLength.c:777:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[512]; data/magic-8.2.157+ds.1/extract/ExtLength.c:808:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "Reached destination, dist = %d", newdistance); data/magic-8.2.157+ds.1/extract/ExtMain.c:591:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256]; data/magic-8.2.157+ds.1/extract/ExtSubtree.c:1097:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelBuf[4096]; data/magic-8.2.157+ds.1/extract/ExtTech.c:1665:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. newStyle->exts_name = StrDup((char **) NULL, argv[1]); data/magic-8.2.157+ds.1/extract/ExtTech.c:1876:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(argv[argc - 1]); data/magic-8.2.157+ds.1/extract/ExtTech.c:1894:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nterm = atoi(argv[3]); data/magic-8.2.157+ds.1/extract/ExtTech.c:2202:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nterm = atoi(argv[4]); data/magic-8.2.157+ds.1/extract/ExtTech.c:2312:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(argv[3]); data/magic-8.2.157+ds.1/extract/ExtTech.c:2667:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). val = atoi(argv[2]); data/magic-8.2.157+ds.1/extract/ExtTech.c:2684:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ExtCurStyle->exts_resistScale = atoi(argv[1]); data/magic-8.2.157+ds.1/extract/ExtTech.c:2723:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int pos = atoi(argv[2]); data/magic-8.2.157+ds.1/extract/ExtTest.c:205:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (cmd->tx_argc > 2) halo = atoi(cmd->tx_argv[2]) + 1; data/magic-8.2.157+ds.1/extract/ExtTest.c:206:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (cmd->tx_argc > 3) bloat = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/extract/ExtTest.c:216:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). halo = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/extract/ExtTest.c:219:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(cmd->tx_argv[3], "w"); data/magic-8.2.157+ds.1/extract/ExtTest.c:234:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(cmd->tx_argv[2], "w"); data/magic-8.2.157+ds.1/extract/ExtTest.c:302:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ExtCurStyle->exts_stepSize = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/extract/ExtTest.c:356:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(name, "w"); data/magic-8.2.157+ds.1/extract/ExtTest.c:717:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100]; data/magic-8.2.157+ds.1/extract/ExtTest.c:1096:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "w"); data/magic-8.2.157+ds.1/extract/ExtTimes.c:189:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). extDevNull = fopen("/dev/null", "w"); data/magic-8.2.157+ds.1/extract/ExtUnique.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cpend, *text, name[1024], name2[1024], message[1024]; data/magic-8.2.157+ds.1/extract/ExtYank.c:84:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) lab, (char *) newlab, (int) n); data/magic-8.2.157+ds.1/extract/ExtYank.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char labelBuf[4096]; data/magic-8.2.157+ds.1/extract/extractInt.h:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pl_param[2]; /* Default character for parameter */ data/magic-8.2.157+ds.1/gcr/gcrChannel.c:284:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_dColsByRow, (char *) dst->gcr_dColsByRow, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:287:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_iColsByRow, (char *) dst->gcr_iColsByRow, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:397:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_dRowsByCol, (char *) dst->gcr_dColsByRow, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:399:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_dColsByRow, (char *) dst->gcr_dRowsByCol, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:402:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_iRowsByCol, (char *) dst->gcr_iColsByRow, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:404:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_iColsByRow, (char *) dst->gcr_iRowsByCol, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:462:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_tPins, (char *) dst->gcr_tPins, pinBytes); data/magic-8.2.157+ds.1/gcr/gcrChannel.c:463:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_bPins, (char *) dst->gcr_bPins, pinBytes); data/magic-8.2.157+ds.1/gcr/gcrChannel.c:468:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *)src->gcr_result[i], (char *)dst->gcr_result[i], resBytes); data/magic-8.2.157+ds.1/gcr/gcrChannel.c:472:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_lPins, (char *) dst->gcr_lPins, pinBytes); data/magic-8.2.157+ds.1/gcr/gcrChannel.c:473:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_rPins, (char *) dst->gcr_rPins, pinBytes); data/magic-8.2.157+ds.1/gcr/gcrChannel.c:478:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_dRowsByCol, (char *) dst->gcr_dRowsByCol, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:480:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_dColsByRow, (char *) dst->gcr_dColsByRow, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:483:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_iRowsByCol, (char *) dst->gcr_iRowsByCol, data/magic-8.2.157+ds.1/gcr/gcrChannel.c:485:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) src->gcr_iColsByRow, (char *) dst->gcr_iColsByRow, data/magic-8.2.157+ds.1/gcr/gcrDebug.c:79:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fname, "r"); data/magic-8.2.157+ds.1/gcr/gcrDebug.c:140:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[25]; data/magic-8.2.157+ds.1/gcr/gcrDebug.c:287:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/magic-8.2.157+ds.1/gcr/gcrDebug.c:290:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(name, "chan.%p", ch); data/magic-8.2.157+ds.1/gcr/gcrDebug.c:291:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "w"); data/magic-8.2.157+ds.1/gcr/gcrDebug.c:374:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/magic-8.2.157+ds.1/gcr/gcrDebug.c:377:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(name, "dens.%d.%d.%d.%d", data/magic-8.2.157+ds.1/gcr/gcrDebug.c:380:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(name, "w"); data/magic-8.2.157+ds.1/gcr/gcrDebug.c:973:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; data/magic-8.2.157+ds.1/gcr/gcrRoute.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/gcr/gcrRoute.c:85:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "Density (%d) > channel size (%d)", data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[100]; data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c:210:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp, * fopen(); data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c:213:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(name, "channel.%p", ch); data/magic-8.2.157+ds.1/gcr/gcrShwFlgs.c:214:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(name, "w")) == NULL) data/magic-8.2.157+ds.1/graphics/W3Dmain.c:731:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crec->cutbox.r_xbot = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/graphics/W3Dmain.c:732:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crec->cutbox.r_ybot = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/graphics/W3Dmain.c:733:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crec->cutbox.r_xtop = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/graphics/W3Dmain.c:734:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crec->cutbox.r_ytop = atoi(cmd->tx_argv[4]); data/magic-8.2.157+ds.1/graphics/W3Dmain.c:901:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). crec->level = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/graphics/W3Dmain.c:1273:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style = atoi(cmd->tx_argv[4]); data/magic-8.2.157+ds.1/graphics/X11Helper.c:133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10], c, *p; data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:444:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10]; data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:946:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char windowname[10]; data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:956:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(windowname, ".magic%d", WindowNumber + 1); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:434:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10]; data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:946:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char windowname[10]; data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:956:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(windowname, ".magic%d", WindowNumber + 1); data/magic-8.2.157+ds.1/graphics/grCMap.c:128:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullName[256], inputLine[128], colorName[100]; data/magic-8.2.157+ds.1/graphics/grCMap.c:135:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(fullName, "%.80s.%.80s.%.80s", techStyle, data/magic-8.2.157+ds.1/graphics/grCMap.c:264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullName[256]; data/magic-8.2.157+ds.1/graphics/grCMap.c:267:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(fullName, "%.80s.%.80s.%.80s", techStyle, data/magic-8.2.157+ds.1/graphics/grDStyle.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shortName, longName[52]; data/magic-8.2.157+ds.1/graphics/grDStyle.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fill[42], ordstr[12], colorName[30]; data/magic-8.2.157+ds.1/graphics/grDStyle.c:237:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). newstyle->style.idx = atoi(ordstr); data/magic-8.2.157+ds.1/graphics/grDStyle.c:409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullName[256]; data/magic-8.2.157+ds.1/graphics/grDStyle.c:423:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(fullName, "%.100s.%.100s.dstyle", techType, grDStyleType); data/magic-8.2.157+ds.1/graphics/grDStyle.c:429:16: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(fullName, "%.100s.%.100s.dstyle5", techType, grDStyleType); data/magic-8.2.157+ds.1/graphics/grDStyle.c:439:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[STRLEN], sectionName[STRLEN]; data/magic-8.2.157+ds.1/graphics/grDStyle.c:520:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *)GrStippleTable[--grNumStipples]); data/magic-8.2.157+ds.1/graphics/grGlyphs.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[STRLEN], *fullname; data/magic-8.2.157+ds.1/graphics/grOGL1.c:652:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argv[2][100]; data/magic-8.2.157+ds.1/graphics/grOGL1.c:655:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argv[1], "%d %d", fildes2[0],fildes[1]); data/magic-8.2.157+ds.1/graphics/grOGL3.c:147:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *fontnames[4] = { data/magic-8.2.157+ds.1/graphics/grOGL3.c:152:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *optionnames[4] = { data/magic-8.2.157+ds.1/graphics/grOGL3.c:375:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *((char *)dataptr), coords[0], coords[1]); data/magic-8.2.157+ds.1/graphics/grOGL5.c:236:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char curs[32]; data/magic-8.2.157+ds.1/graphics/grTCairo1.c:530:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10]; data/magic-8.2.157+ds.1/graphics/grTCairo1.c:1063:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char windowname[10]; data/magic-8.2.157+ds.1/graphics/grTCairo1.c:1073:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(windowname, ".magic%d", WindowNumber + 1); data/magic-8.2.157+ds.1/graphics/grTOGL1.c:551:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10]; data/magic-8.2.157+ds.1/graphics/grTOGL1.c:1081:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char windowname[10]; data/magic-8.2.157+ds.1/graphics/grTOGL1.c:1091:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(windowname, ".magic%d", WindowNumber + 1); data/magic-8.2.157+ds.1/graphics/grTOGL3.c:502:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *((char *)dataptr), coords[0], coords[1]); data/magic-8.2.157+ds.1/graphics/grTk1.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dashlist[8]; data/magic-8.2.157+ds.1/graphics/grTk1.c:496:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_base = (int)atoi(env_str); data/magic-8.2.157+ds.1/graphics/grTk1.c:501:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_reserved = (int)atoi(env_str); data/magic-8.2.157+ds.1/graphics/grTk1.c:793:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10]; data/magic-8.2.157+ds.1/graphics/grTk1.c:1307:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char windowname[10]; data/magic-8.2.157+ds.1/graphics/grTk1.c:1320:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(windowname, ".magic%d", WindowNumber + 1); data/magic-8.2.157+ds.1/graphics/grTkCommon.c:73:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *fontnames[4] = { data/magic-8.2.157+ds.1/graphics/grTkCommon.c:78:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *optionnames[4] = { data/magic-8.2.157+ds.1/graphics/grTkCommon.c:164:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char source[32]; data/magic-8.2.157+ds.1/graphics/grTkCommon.c:165:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[32]; data/magic-8.2.157+ds.1/graphics/grTkCommon.c:641:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(colstring, "#%04x%04x%04x", falsecolor.red, data/magic-8.2.157+ds.1/graphics/grTkCommon.c:654:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(colstring, "#%02x%02x%02x", falsecolor.red, data/magic-8.2.157+ds.1/graphics/grTkCommon.c:1236:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) masterPtr, Tcl_GetString(objv[2]), 0); data/magic-8.2.157+ds.1/graphics/grTkCommon.c:1244:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. configSpecs, (char *) masterPtr, data/magic-8.2.157+ds.1/graphics/grX11su1.c:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dashlist[8]; data/magic-8.2.157+ds.1/graphics/grX11su1.c:520:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_base = (int)atoi(env_str); data/magic-8.2.157+ds.1/graphics/grX11su1.c:525:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color_reserved = (int)atoi(env_str); data/magic-8.2.157+ds.1/graphics/grX11su1.c:1002:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argv[2][100]; data/magic-8.2.157+ds.1/graphics/grX11su1.c:1005:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(argv[1], "%d %d", fildes2[0],fildes[1]); data/magic-8.2.157+ds.1/graphics/grX11su3.c:147:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *fontnames[4] = { data/magic-8.2.157+ds.1/graphics/grX11su3.c:152:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *optionnames[4] = { data/magic-8.2.157+ds.1/graphics/grX11su5.c:199:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char curs[32]; data/magic-8.2.157+ds.1/graphics/grX11su5.c:200:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mbits[32]; data/magic-8.2.157+ds.1/graphics/grX11thread.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inChar[10], c, *p; data/magic-8.2.157+ds.1/grouter/grouteChan.c:314:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[1024]; data/magic-8.2.157+ds.1/grouter/grouteChan.c:324:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "%d tiles over channel", glChanCheckCount); data/magic-8.2.157+ds.1/grouter/grouteChan.c:349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[1024]; data/magic-8.2.157+ds.1/grouter/grouteChan.c:358:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "Different tile type %d for chan %d", data/magic-8.2.157+ds.1/grouter/grouteChan.c:366:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "Tile client 0x%"DLONG_PREFIX"x doesn't match chan %p", data/magic-8.2.157+ds.1/grouter/grouteChan.c:422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/grouter/grouteChan.c:424:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "After clipping chan %p", ch); data/magic-8.2.157+ds.1/grouter/grouteChan.c:444:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[100], m[1024]; data/magic-8.2.157+ds.1/grouter/grouteChan.c:461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[1024]; data/magic-8.2.157+ds.1/grouter/grouteChan.c:466:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "tile ch=%"DLONG_PREFIX"x type=%d", data/magic-8.2.157+ds.1/grouter/grouteChan.c:474:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "chan %p type=%d", ch, ch->gcr_type); data/magic-8.2.157+ds.1/grouter/grouteCrss.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c[256], name1[1024], name2[1024]; data/magic-8.2.157+ds.1/grouter/grouteCrss.c:198:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(c, "Warning: crossing reassigned to same net/seg"); data/magic-8.2.157+ds.1/grouter/grouteDens.c:225:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) dm1->dm_value, (char *) dm2->dm_value, data/magic-8.2.157+ds.1/grouter/grouteMult.c:121:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[128], *lastTermName; data/magic-8.2.157+ds.1/grouter/grouteName.c:122:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tempId[100]; data/magic-8.2.157+ds.1/grouter/grouteName.c:126:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(tempId, "Net %d (with no name)", id); data/magic-8.2.157+ds.1/grouter/grouteNet.c:1700:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/grouter/grouteNet.c:1709:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, data/magic-8.2.157+ds.1/grouter/grouteNet.c:1721:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, data/magic-8.2.157+ds.1/grouter/groutePin.c:392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/grouter/groutePin.c:417:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, data/magic-8.2.157+ds.1/grouter/groutePin.c:424:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(mesg, " **BLOCKED**"); data/magic-8.2.157+ds.1/grouter/grouteTest.c:176:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). n = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/grouter/grouteTest.c:214:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/grouter/grouteTest.c:220:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "SEARCH %d %d %d %d\n", data/magic-8.2.157+ds.1/grouter/grouteTest.c:227:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "USED %d %d %d %d\n", data/magic-8.2.157+ds.1/grouter/grouteTest.c:350:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *name, name1[1024], name2[1024]; data/magic-8.2.157+ds.1/grouter/grouteTest.c:444:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(hname, "w"); data/magic-8.2.157+ds.1/grouter/grouteTest.c:552:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). glLogFile = fopen(logFileName, "w"); data/magic-8.2.157+ds.1/grouter/grouteTile.c:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer1[1024], buffer2[1024]; data/magic-8.2.157+ds.1/grouter/grouteTile.c:165:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(buffer2, "(value = %d)", value); data/magic-8.2.157+ds.1/irouter/irCommand.c:125:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) specialValues, data/magic-8.2.157+ds.1/irouter/irCommand.c:149:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if(StrIsInt(valueS) && (i=atoi(valueS))>=0) data/magic-8.2.157+ds.1/irouter/irCommand.c:693:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) specialArgs, data/magic-8.2.157+ds.1/irouter/irCommand.c:722:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else if(StrIsInt(s) && (i=atoi(s))>=0) data/magic-8.2.157+ds.1/irouter/irCommand.c:941:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) cParms, data/magic-8.2.157+ds.1/irouter/irCommand.c:1004:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) cParms, data/magic-8.2.157+ds.1/irouter/irCommand.c:1097:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) irSubcommands, data/magic-8.2.157+ds.1/irouter/irCommand.c:1315:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) lParms, data/magic-8.2.157+ds.1/irouter/irCommand.c:1380:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) lParms, data/magic-8.2.157+ds.1/irouter/irCommand.c:1677:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). SigSetTimer(atoi(argv[i])); data/magic-8.2.157+ds.1/irouter/irCommand.c:1782:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) srParms, data/magic-8.2.157+ds.1/irouter/irCommand.c:1979:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) subcellTable, data/magic-8.2.157+ds.1/irouter/irCommand.c:2036:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) subcellTable, data/magic-8.2.157+ds.1/irouter/irCommand.c:2069:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) sValue, data/magic-8.2.157+ds.1/irouter/irCommand.c:2150:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(StrIsInt(cmd->tx_argv[2]) && (i=atoi(cmd->tx_argv[2]))>=0) data/magic-8.2.157+ds.1/irouter/irCommand.c:2279:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) wzdParms, data/magic-8.2.157+ds.1/irouter/irCommand.c:2375:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). saveFile = fopen(cmd->tx_argv[2], "w"); data/magic-8.2.157+ds.1/irouter/irCommand.c:2640:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) irSubcommands, data/magic-8.2.157+ds.1/irouter/irRoute.c:1076:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[100]; data/magic-8.2.157+ds.1/irouter/irRoute.c:1113:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(answer,"yes"); data/magic-8.2.157+ds.1/irouter/irRoute.c:1153:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. (void) strcpy(answer,"yes"); data/magic-8.2.157+ds.1/irouter/irTestCmd.c:154:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) irTestCommands, data/magic-8.2.157+ds.1/irouter/irTestCmd.c:284:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char **) irTestCommands, data/magic-8.2.157+ds.1/irouter/irUtils.c:149:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RepeatString[100]; data/magic-8.2.157+ds.1/lef/defRead.c:923:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pinname[LEF_LINE_MAX]; data/magic-8.2.157+ds.1/lef/defRead.c:1153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vianame[LEF_LINE_MAX]; data/magic-8.2.157+ds.1/lef/defRead.c:1408:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usename[512]; data/magic-8.2.157+ds.1/lef/defWrite.c:251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ndn[256]; data/magic-8.2.157+ds.1/lef/defWrite.c:419:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nodeName[256]; data/magic-8.2.157+ds.1/lef/defWrite.c:481:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[12]; data/magic-8.2.157+ds.1/lef/defWrite.c:482:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numstr, "%.10g", ((float)width * defdata->scale)); data/magic-8.2.157+ds.1/lef/defWrite.c:514:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numstr[12]; data/magic-8.2.157+ds.1/lef/defWrite.c:537:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numstr, "%.10g", x); data/magic-8.2.157+ds.1/lef/defWrite.c:549:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numstr, "%.10g", y); data/magic-8.2.157+ds.1/lef/defWrite.c:608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ndn2[256]; data/magic-8.2.157+ds.1/lef/defWrite.c:658:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char locndn[256]; data/magic-8.2.157+ds.1/lef/defWrite.c:794:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *lefName, viaName[24]; data/magic-8.2.157+ds.1/lef/defWrite.c:1365:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *lname, vname[100], *vp; data/magic-8.2.157+ds.1/lef/defWrite.c:1797:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idx[32]; data/magic-8.2.157+ds.1/lef/defWrite.c:1803:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (sx) sprintf(idx + strlen(idx), "%d", x); data/magic-8.2.157+ds.1/lef/lefCmd.c:236:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). units = atoi(cmd->tx_argv[i]); data/magic-8.2.157+ds.1/lef/lefRead.c:217:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char line[LEF_LINE_MAX + 2]; /* input buffer */ data/magic-8.2.157+ds.1/lef/lefRead.c:454:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *match_name[2]; data/magic-8.2.157+ds.1/lef/lefRead.c:1481:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *token, tsave[128], *propval; data/magic-8.2.157+ds.1/lef/lefRead.c:1508:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[256]; data/magic-8.2.157+ds.1/lef/lefRead.c:1632:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefRead.c:1652:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefRead.c:1680:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(propval, "%d %d %d %d", data/magic-8.2.157+ds.1/lef/lefRead.c:1694:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(propval, "%d %d %d %d", data/magic-8.2.157+ds.1/lef/lefRead.c:1707:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(propval, "%d %d %d %d", data/magic-8.2.157+ds.1/lef/lefRead.c:2264:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tsave[128]; data/magic-8.2.157+ds.1/lef/lefRead.c:2360:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefRead.c:2393:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefRead.c:2452:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefRead.c:2461:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefRead.c:2491:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tsave, "%.127s", token); data/magic-8.2.157+ds.1/lef/lefWrite.c:85:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[512], *name, *endp, *ends; data/magic-8.2.157+ds.1/lisp/lispEval.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[TX_MAXARGS]; data/magic-8.2.157+ds.1/lisp/lispEval.c:275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char argstring[TX_MAX_CMDLEN]; data/magic-8.2.157+ds.1/lisp/lispEval.c:291:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (argstring+k, "%d", LINTEGER(l)); data/magic-8.2.157+ds.1/lisp/lispEval.c:296:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (argstring+k, "%lf", LFLOAT(l)); data/magic-8.2.157+ds.1/lisp/lispEval.c:313:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (argstring+k, "#%c", LINTEGER(l) ? 't' : 'f'); data/magic-8.2.157+ds.1/lisp/lispMagic.c:87:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/magic-8.2.157+ds.1/lisp/lispMagic.c:90:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "(%d %d %d %d)", editbox.r_xbot, editbox.r_ybot, data/magic-8.2.157+ds.1/lisp/lispMagic.c:125:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/magic-8.2.157+ds.1/lisp/lispMagic.c:141:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "(%d %d %d %d)", editRect.r_xbot, editRect.r_ybot, data/magic-8.2.157+ds.1/lisp/lispMagic.c:145:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "(%d %d %d %d)", rootRect.r_xbot, rootRect.r_ybot, data/magic-8.2.157+ds.1/lisp/lispMagic.c:182:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char getpaint_buf[128]; data/magic-8.2.157+ds.1/lisp/lispMagic.c:351:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[128]; data/magic-8.2.157+ds.1/lisp/lispMagic.c:514:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cellbuffer[1024]; data/magic-8.2.157+ds.1/lisp/lispMagic.c:539:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cellbuffer[1024]; data/magic-8.2.157+ds.1/lisp/lispMain.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output_buf[LISP_MAX_LEN]; data/magic-8.2.157+ds.1/lisp/lispPrint.c:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char obuf[128]; data/magic-8.2.157+ds.1/lisp/lispString.c:160:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/magic-8.2.157+ds.1/lisp/lispString.c:169:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%lf", LFLOAT(ARG1(s))); data/magic-8.2.157+ds.1/lisp/lispString.c:171:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buf, "%d", LINTEGER(ARG1(s))); data/magic-8.2.157+ds.1/mzrouter/mzEstimate.c:1986:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/magic-8.2.157+ds.1/mzrouter/mzEstimate.c:2008:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/magic-8.2.157+ds.1/mzrouter/mzTech.c:631:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->rl_hCost = atoi(argv[2]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:644:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->rl_vCost = atoi(argv[3]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:664:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->rl_jogCost = atoi(argv[4]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:680:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->rl_hintCost = atoi(argv[5]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:696:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->rl_overCost = atoi(argv[6]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:866:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(s); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:942:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int value = atoi(argv[1]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:962:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int value = atoi(argv[2]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:1062:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(argv[2]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:1084:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). value = atoi(argv[3]); data/magic-8.2.157+ds.1/mzrouter/mzTech.c:1182:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). new->rc_cost = atoi(argv[4]); data/magic-8.2.157+ds.1/net2ir/net2ir.c:52:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line1[LINESIZE], line2[LINESIZE], layer[LINESIZE], label[LINESIZE]; data/magic-8.2.157+ds.1/net2ir/net2ir.c:68:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "r"); data/magic-8.2.157+ds.1/net2ir/net2ir.c:106:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[2], "r"); data/magic-8.2.157+ds.1/netmenu/NMbutton.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newName[MAXLENGTH]; data/magic-8.2.157+ds.1/netmenu/NMbutton.c:115:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char termName[MAXTERMLENGTH]; data/magic-8.2.157+ds.1/netmenu/NMcmdAK.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[30]; data/magic-8.2.157+ds.1/netmenu/NMcmdLZ.c:65:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp, * fopen(); data/magic-8.2.157+ds.1/netmenu/NMcmdLZ.c:91:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fp = fopen(cmd->tx_argv[2], "w"))==NULL) data/magic-8.2.157+ds.1/netmenu/NMlabel.c:55:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * nmLabelArray[MAXLABELS]; /* Holds pointers to all labels data/magic-8.2.157+ds.1/netmenu/NMlabel.c:61:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmNum1String[12]; /* String equivalents of nmNum1 and nmNum2. */ data/magic-8.2.157+ds.1/netmenu/NMlabel.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmNum2String[12]; data/magic-8.2.157+ds.1/netmenu/NMlabel.c:153:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num1String[12], num2String[12]; data/magic-8.2.157+ds.1/netmenu/NMlabel.c:163:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(num1String, "%d", num1); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:164:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(num2String, "%d", num2); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:243:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (nmNum1 >= 0) (void) sprintf(nmNum1String, "%d", nmNum1); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:245:29: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (nmNum2 >= 0) (void) sprintf(nmNum2String, "%d", nmNum2); data/magic-8.2.157+ds.1/netmenu/NMlabel.c:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLENGTH]; /* Holds label temporarily. */ data/magic-8.2.157+ds.1/netmenu/NMlabel.c:638:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[2048]; data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:390:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINESIZE], *fullName, *currentTerm, *p; data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:754:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *realName, line[50]; data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:835:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[12]; data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[10]; data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:967:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[10]; data/magic-8.2.157+ds.1/netmenu/NMundo.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nmue_storage[4]; /* Used to store the actual strings for data/magic-8.2.157+ds.1/netmenu/NMwiring.c:480:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[TERMLENGTH]; data/magic-8.2.157+ds.1/netmenu/NMwiring.c:718:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[TERMLENGTH]; data/magic-8.2.157+ds.1/netmenu/NMwiring.c:826:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/magic-8.2.157+ds.1/netmenu/NMwiring.c:829:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(msg, "Net of \"%.100s\" isn't fully connected.", name); data/magic-8.2.157+ds.1/netmenu/NMwiring.c:973:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/magic-8.2.157+ds.1/netmenu/NMwiring.c:978:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(msg, "Net \"%.80s\" shorted to net \"%.80s\".\n", data/magic-8.2.157+ds.1/netmenu/NMwiring.c:1041:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *) nmwNonTerminalNames[i]); data/magic-8.2.157+ds.1/netmenu/NMwiring.c:1149:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[200]; data/magic-8.2.157+ds.1/netmenu/NMwiring.c:1154:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(msg, "Net \"%.80s\" shorted to net \"%.80s\".\n", data/magic-8.2.157+ds.1/oa/magicInit.cpp:75:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf2[256]; data/magic-8.2.157+ds.1/oa/magicInit.cpp:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uUnit[32]; data/magic-8.2.157+ds.1/oa/magicOA.cpp:23:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). oaTech *chipTech = oaTech::open(chipTechName); data/magic-8.2.157+ds.1/oa/magicOA.cpp:107:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). oaTech *chipTech = oaTech::open(chipTechName); data/magic-8.2.157+ds.1/oa/magicOA.cpp:111:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "micron"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:115:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "millimeter"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:119:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "centimeter"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:123:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "meter"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:127:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "mil"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:131:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "inch"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:136:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "nanometer"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:139:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(userUnit, "none"); data/magic-8.2.157+ds.1/oa/magicOA.cpp:157:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). oaTech *chipTech = oaTech::open(chipTechName); data/magic-8.2.157+ds.1/oa/magicOA.cpp:178:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cellView = oaCellView::open(libName, cellName, viewName, data/magic-8.2.157+ds.1/plot/plotCmd.c:255:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). scale = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/plot/plotCmd.c:305:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iwidth = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/plot/plotGremln.c:184:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stipple = atoi(argv[1]); data/magic-8.2.157+ds.1/plot/plotGremln.c:681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idName[100]; data/magic-8.2.157+ds.1/plot/plotHP.c:236:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + outp, s1 + base, size + 1); data/magic-8.2.157+ds.1/plot/plotHP.c:264:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + outp, s1 + base, size + 1); data/magic-8.2.157+ds.1/plot/plotMain.c:432:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(value); data/magic-8.2.157+ds.1/plot/plotPNM.c:587:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[200], tempFile[200]; data/magic-8.2.157+ds.1/plot/plotPNM.c:747:15: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). result = mkstemp(tempFile); data/magic-8.2.157+ds.1/plot/plotPNM.c:1326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullName[256]; data/magic-8.2.157+ds.1/plot/plotPNM.c:1332:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char longname[128]; data/magic-8.2.157+ds.1/plot/plotPNM.c:1333:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fill[42]; data/magic-8.2.157+ds.1/plot/plotPNM.c:1337:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(fullName, "%.100s.7bit.mraster_dstyle", DBWStyleType); data/magic-8.2.157+ds.1/plot/plotPNM.c:1428:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullName[256]; data/magic-8.2.157+ds.1/plot/plotPNM.c:1435:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(fullName, "%.100s.7bit.mraster.cmap", DBWStyleType); data/magic-8.2.157+ds.1/plot/plotPS.c:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char color[4]; data/magic-8.2.157+ds.1/plot/plotPS.c:271:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). color = atoi(argv[1]); data/magic-8.2.157+ds.1/plot/plotPS.c:286:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stipple = atoi(argv[2]); data/magic-8.2.157+ds.1/plot/plotPS.c:1040:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idName[100]; data/magic-8.2.157+ds.1/plot/plotPS.c:1139:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_in[100]; data/magic-8.2.157+ds.1/plot/plotPixels.c:745:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idName[100]; data/magic-8.2.157+ds.1/plot/plotPixels.c:828:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200], answer[32]; data/magic-8.2.157+ds.1/plot/plotPixels.c:933:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). result = mkstemp(fileName); data/magic-8.2.157+ds.1/plot/plotVers.c:982:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idName[100]; data/magic-8.2.157+ds.1/plot/plotVers.c:1075:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[200], command[300], answer[32]; data/magic-8.2.157+ds.1/plot/plotVers.c:1207:14: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). result = mkstemp(fileName); data/magic-8.2.157+ds.1/plow/PlowQueue.c:130:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *) plowBinArray[pNum]); data/magic-8.2.157+ds.1/plow/PlowRandom.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char goodName[64], tempName[64], goodExt[64], tempExt[64]; data/magic-8.2.157+ds.1/plow/PlowRandom.c:87:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[256]; data/magic-8.2.157+ds.1/plow/PlowRandom.c:97:5: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). mkstemp(goodName); data/magic-8.2.157+ds.1/plow/PlowRandom.c:98:5: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). mkstemp(tempName); data/magic-8.2.157+ds.1/plow/PlowRandom.c:289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b1[BUFSIZ], b2[BUFSIZ]; data/magic-8.2.157+ds.1/plow/PlowRandom.c:294:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f1 = open(file1, O_RDONLY, 0)) < 0) goto done; data/magic-8.2.157+ds.1/plow/PlowRandom.c:295:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f2 = open(file2, O_RDONLY, 0)) < 0) goto done; data/magic-8.2.157+ds.1/plow/PlowTech.c:229:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[2]); data/magic-8.2.157+ds.1/plow/PlowTech.c:310:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/plow/PlowTech.c:454:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int distance = atoi(argv[3]); data/magic-8.2.157+ds.1/plow/PlowTech.c:456:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int cdist = atoi(argv[6]); data/magic-8.2.157+ds.1/plow/PlowTest.c:248:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(cmd->tx_argv[2], "w"); data/magic-8.2.157+ds.1/plow/PlowTest.c:308:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (cmd->tx_argc == 3) trail = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/plow/PlowTest.c:371:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plowWhenTopPoint.p_x = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/plow/PlowTest.c:372:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plowWhenTopPoint.p_y = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/plow/PlowTest.c:386:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plowWhenBotPoint.p_x = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/plow/PlowTest.c:387:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). plowWhenBotPoint.p_y = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/plow/PlowTest.c:498:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[512]; data/magic-8.2.157+ds.1/plow/PlowTest.c:682:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[100]; data/magic-8.2.157+ds.1/plow/PlowTest.c:727:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[512], prompt[612], answer[128]; data/magic-8.2.157+ds.1/resis/ResConDCS.c:307:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)newlist, (void *)csa2->csa2_list, data/magic-8.2.157+ds.1/resis/ResPrint.c:58:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[MAXNAME]; data/magic-8.2.157+ds.1/resis/ResPrint.c:188:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[MAXNAME],tmpname[MAXNAME],*cp; data/magic-8.2.157+ds.1/resis/ResPrint.c:332:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[16]; data/magic-8.2.157+ds.1/resis/ResPrint.c:684:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/magic-8.2.157+ds.1/resis/ResPrint.c:707:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "N%d_", nodeptr->rn_id); data/magic-8.2.157+ds.1/resis/ResPrint.c:720:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name + strlen(name), "%d", nodeptr->rn_id); data/magic-8.2.157+ds.1/resis/ResReadSim.c:83:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char RDEV_NOATTR[1]={'0'}; data/magic-8.2.157+ds.1/resis/ResReadSim.c:128:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINE][MAXTOKEN]; data/magic-8.2.157+ds.1/resis/ResReadSim.c:130:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp, *fopen(); data/magic-8.2.157+ds.1/resis/ResReadSim.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINE][MAXTOKEN]; data/magic-8.2.157+ds.1/resis/ResReadSim.c:226:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp, *fopen(); data/magic-8.2.157+ds.1/resis/ResReadSim.c:341:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *newattr,tmpattr[MAXTOKEN]; data/magic-8.2.157+ds.1/resis/ResReadSim.c:604:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digit[MAXDIGIT]; data/magic-8.2.157+ds.1/resis/ResReadSim.c:709:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINE][MAXTOKEN]; data/magic-8.2.157+ds.1/resis/ResReadSim.c:727:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node->drivepoint.p_x = atoi(line[RES_EXT_ATTR_X]); data/magic-8.2.157+ds.1/resis/ResReadSim.c:728:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). node->drivepoint.p_y = atoi(line[RES_EXT_ATTR_Y]); data/magic-8.2.157+ds.1/resis/ResReadSim.c:756:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[MAXLINE][MAXTOKEN],*label,*c; data/magic-8.2.157+ds.1/resis/ResReadSim.c:784:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). thisfix->fp_loc.p_x = atoi(line[RES_EXT_ATTR_X]); data/magic-8.2.157+ds.1/resis/ResReadSim.c:785:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). thisfix->fp_loc.p_y = atoi(line[RES_EXT_ATTR_Y]); data/magic-8.2.157+ds.1/resis/ResRex.c:1154:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newname[MAXNAME], oldnodename[MAXNAME]; data/magic-8.2.157+ds.1/resis/ResRex.c:1623:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cp, newname[MAXNAME]; data/magic-8.2.157+ds.1/resis/ResWrite.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bigname[255],name1[255],name2[255]; data/magic-8.2.157+ds.1/resis/ResWrite.c:56:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(bigname,"w"); data/magic-8.2.157+ds.1/resis/ResWrite.c:71:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name1,"gnd"); data/magic-8.2.157+ds.1/resis/ResWrite.c:75:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name1,"n%d_%d_%d", data/magic-8.2.157+ds.1/resis/ResWrite.c:82:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name2,"gnd"); data/magic-8.2.157+ds.1/resis/ResWrite.c:86:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name2,"n%d_%d_%d", data/magic-8.2.157+ds.1/resis/ResWrite.c:105:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bigname[255]; data/magic-8.2.157+ds.1/resis/ResWrite.c:111:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(bigname,"w"); data/magic-8.2.157+ds.1/resis/ResWrite.c:188:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[100],*tmpname,*per; data/magic-8.2.157+ds.1/resis/ResWrite.c:194:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(newname,".res"); data/magic-8.2.157+ds.1/resis/ResWrite.c:196:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(newname,"w")) == NULL) data/magic-8.2.157+ds.1/resis/ResWrite.c:207:14: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(newname,"gnd"); data/magic-8.2.157+ds.1/resis/ResWrite.c:211:20: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void)sprintf(newname,"n%d_%d_%d",nodelist->rn_loc.p_x, data/magic-8.2.157+ds.1/resis/resis.h:398:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fp_name[1]; data/magic-8.2.157+ds.1/router/rtrChannel.c:222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/router/rtrChannel.c:231:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "Degenerate channel at (%d, %d) (%d, %d)", data/magic-8.2.157+ds.1/router/rtrChannel.c:244:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, "Degenerate channel at (%d, %d) (%d, %d)", data/magic-8.2.157+ds.1/router/rtrChannel.c:541:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) ch->gcr_dColsByRow, (char *) ch->gcr_iColsByRow, data/magic-8.2.157+ds.1/router/rtrChannel.c:543:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) ch->gcr_dRowsByCol, (char *) ch->gcr_iRowsByCol, data/magic-8.2.157+ds.1/router/rtrCmd.c:339:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(cmd->tx_argv[3], "w"); data/magic-8.2.157+ds.1/router/rtrFdback.c:94:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[2048]; data/magic-8.2.157+ds.1/router/rtrFdback.c:106:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(buff, "channel %p: ", ch); data/magic-8.2.157+ds.1/router/rtrFdback.c:145:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *) rtrFList[0]); data/magic-8.2.157+ds.1/router/rtrFdback.c:151:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *) rtrFList[1]); data/magic-8.2.157+ds.1/router/rtrHazards.c:210:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *) height[col]); data/magic-8.2.157+ds.1/router/rtrHazards.c:211:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. freeMagic((char *) width[col]); data/magic-8.2.157+ds.1/router/rtrPin.c:400:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/router/rtrPin.c:425:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(mesg, data/magic-8.2.157+ds.1/router/rtrPin.c:432:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. (void) strcat(mesg, " **BLOCKED**"); data/magic-8.2.157+ds.1/router/rtrStem.c:244:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorMesg[200]; data/magic-8.2.157+ds.1/router/rtrStem.c:280:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errorMesg, "Terminal is degenerate"); data/magic-8.2.157+ds.1/router/rtrStem.c:386:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(errorMesg, "Can't find a channel in any direction from terminal"); data/magic-8.2.157+ds.1/router/rtrStem.c:701:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorMesg[256]; data/magic-8.2.157+ds.1/router/rtrStem.c:1027:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *reason, buf[256]; data/magic-8.2.157+ds.1/router/rtrStem.c:1072:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(buf, data/magic-8.2.157+ds.1/router/rtrTech.c:156:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = atoi(argv[2]); data/magic-8.2.157+ds.1/router/rtrTech.c:167:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(nextArg[1]); data/magic-8.2.157+ds.1/router/rtrTech.c:198:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = atoi(argv[2]); data/magic-8.2.157+ds.1/router/rtrTech.c:209:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). distance = atoi(nextArg[1]); data/magic-8.2.157+ds.1/router/rtrTech.c:238:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width = atoi(argv[2]); data/magic-8.2.157+ds.1/router/rtrTech.c:251:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RtrMetalSurround = atoi(argv[3]); data/magic-8.2.157+ds.1/router/rtrTech.c:263:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). RtrPolySurround = atoi(argv[4]); data/magic-8.2.157+ds.1/router/rtrTech.c:279:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(argv[1]); data/magic-8.2.157+ds.1/select/selDisplay.c:312:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char idName[100]; data/magic-8.2.157+ds.1/sim/SimDBstuff.c:104:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bestName[256]; data/magic-8.2.157+ds.1/sim/SimDBstuff.c:148:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nodeName[256]; data/magic-8.2.157+ds.1/sim/SimDBstuff.c:401:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathName[MAXPATHNAME]; data/magic-8.2.157+ds.1/sim/SimExtract.c:342:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[30]; data/magic-8.2.157+ds.1/sim/SimExtract.c:351:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( name, "@=%c%d,%d", "gsd"[nterm+1], r2.r_xbot, r2.r_ybot ); data/magic-8.2.157+ds.1/sim/SimExtract.c:706:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nodename[256]; data/magic-8.2.157+ds.1/sim/SimExtract.c:707:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[256]; data/magic-8.2.157+ds.1/sim/SimRsim.c:70:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char keyBoardBuf[BUF_SIZE]; data/magic-8.2.157+ds.1/sim/SimRsim.c:72:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char rsim_prompt[20]; data/magic-8.2.157+ds.1/sim/SimRsim.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rsimfile[256]; data/magic-8.2.157+ds.1/sim/SimRsim.c:200:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(rsimfile, "/irsim"); data/magic-8.2.157+ds.1/sim/SimRsim.c:386:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[READBUF_SIZE]; data/magic-8.2.157+ds.1/sim/SimRsim.c:553:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cmdStr[256]; data/magic-8.2.157+ds.1/sim/SimRsim.c:554:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cleanName[256]; data/magic-8.2.157+ds.1/sim/SimRsim.c:803:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char simReadBuff[READBUF_SIZE]; /* buffer in which to read the data/magic-8.2.157+ds.1/sim/SimSelect.c:324:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nameBuff[256], *nodeName; data/magic-8.2.157+ds.1/sim/SimSelect.c:438:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timeString[256]; data/magic-8.2.157+ds.1/tcltk/tclmagic.c:176:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(newcmd + (int)(sptr - substcmd), "{}"); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:290:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. hstring = StrDup((char **)NULL, argv[2]); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:512:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyword[100]; data/magic-8.2.157+ds.1/tcltk/tclmagic.c:567:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(keyword, "magic::"); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:758:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&inChannel, stdChannel, sizeof(Tcl_ChannelType)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:846:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char promptline[16]; data/magic-8.2.157+ds.1/tcltk/tclmagic.c:850:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(promptline, "replaceprompt %c", ch); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1015:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char outstr[128] = "puts -nonewline std"; data/magic-8.2.157+ds.1/textio/txCommands.c:251:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char TxTemp[200]; data/magic-8.2.157+ds.1/textio/txCommands.c:643:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). txLogFile = fopen(fileName, "w"); data/magic-8.2.157+ds.1/textio/txCommands.c:901:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char inputLine[TX_MAX_CMDLEN] = ""; data/magic-8.2.157+ds.1/textio/txCommands.c:1063:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inputLine[TX_MAX_CMDLEN]; data/magic-8.2.157+ds.1/textio/txInput.c:108:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[32]; data/magic-8.2.157+ds.1/textio/txInput.c:329:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ans[100]; data/magic-8.2.157+ds.1/textio/txInput.c:395:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prompts[2]; data/magic-8.2.157+ds.1/textio/txMain.c:83:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sebuf[BUFSIZ]; data/magic-8.2.157+ds.1/textio/txMore.c:48:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prompt[512]; data/magic-8.2.157+ds.1/textio/txMore.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[512]; data/magic-8.2.157+ds.1/textio/txOutput.c:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[100]; data/magic-8.2.157+ds.1/textio/txOutput.c:470:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char localbuf[BUFSIZ]; data/magic-8.2.157+ds.1/textio/txOutput.c:472:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localbuf[BUFSIZ]; data/magic-8.2.157+ds.1/textio/txcommands.h:56:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tx_argv[TX_MAXARGS]; /* An array of pointers to the words (if any) data/magic-8.2.157+ds.1/textio/txcommands.h:64:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tx_argstring[TX_MAX_CMDLEN]; data/magic-8.2.157+ds.1/utils/LIBdbio.c:56:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, mode); data/magic-8.2.157+ds.1/utils/LIBmain.c:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AbortMessage[500] = ""; data/magic-8.2.157+ds.1/utils/finddisp.c:90:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[100], name1[100]; data/magic-8.2.157+ds.1/utils/finddisp.c:91:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name2[100], mon[100], dType[100], tabletPort[100]; data/magic-8.2.157+ds.1/utils/flock.c:107:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (is_locked == NULL) return fopen(filename, mode); data/magic-8.2.157+ds.1/utils/flock.c:112:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp = fopen(filename, "r+"); data/magic-8.2.157+ds.1/utils/flock.c:116:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/magic-8.2.157+ds.1/utils/flock.c:129:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, mode); data/magic-8.2.157+ds.1/utils/flock.c:142:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r+"); data/magic-8.2.157+ds.1/utils/flock.c:163:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/magic-8.2.157+ds.1/utils/hash.h:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h_name[4]; /* Text name of this entry. Note: the data/magic-8.2.157+ds.1/utils/heap.c:399:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((char *) list, (char *) new, data/magic-8.2.157+ds.1/utils/macros.c:382:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hex[17] = "0123456789ABCDEF"; data/magic-8.2.157+ds.1/utils/macros.c:399:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & Mod1Mask) strcat(vis, "Meta_"); data/magic-8.2.157+ds.1/utils/macros.c:400:26: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & ControlMask) strcat(vis, "Control_"); data/magic-8.2.157+ds.1/utils/macros.c:401:23: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & LockMask) strcat(vis, "Capslock_"); data/magic-8.2.157+ds.1/utils/macros.c:402:24: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. if (kmod & ShiftMask) strcat(vis, "Shift_"); data/magic-8.2.157+ds.1/utils/macros.c:403:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(vis, "XK_"); data/magic-8.2.157+ds.1/utils/macros.c:577:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pointerStr, "Pointer_"); data/magic-8.2.157+ds.1/utils/magic.h:139:10: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # ifndef bcopy data/magic-8.2.157+ds.1/utils/magic.h:140:11: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(a, b, c) memcpy(b, a, c) data/magic-8.2.157+ds.1/utils/magic.h:140:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define bcopy(a, b, c) memcpy(b, a, c) data/magic-8.2.157+ds.1/utils/magic.h:176:9: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define vfork fork data/magic-8.2.157+ds.1/utils/main.c:791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *home, cwd[512]; data/magic-8.2.157+ds.1/utils/main.c:792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startupFileName[256]; data/magic-8.2.157+ds.1/utils/maxrect.c:172:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)newrlist, (void *)mrd->rlist, data/magic-8.2.157+ds.1/utils/maxrect.c:180:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)newrlist, (void *)mrd->swap, data/magic-8.2.157+ds.1/utils/netlist.c:101:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256]; data/magic-8.2.157+ds.1/utils/netlist.c:365:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char tempId[100]; data/magic-8.2.157+ds.1/utils/netlist.c:381:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(tempId, "#%"DLONG_PREFIX"d", (dlong) net); data/magic-8.2.157+ds.1/utils/netlist.c:388:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(tempId, "[%p]", net); data/magic-8.2.157+ds.1/utils/niceabort.c:56:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char AbortMessage[200]; data/magic-8.2.157+ds.1/utils/niceabort.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidString[20], line[150], command[200], tempName[200], *crashDir; data/magic-8.2.157+ds.1/utils/niceabort.c:73:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pidString, "%d", parentPid); data/magic-8.2.157+ds.1/utils/niceabort.c:137:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). commentFile = fopen(tempName, "w"); data/magic-8.2.157+ds.1/utils/parsetest.c:11:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[100]; data/magic-8.2.157+ds.1/utils/parsetest.c:12:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[4]; data/magic-8.2.157+ds.1/utils/path.c:122:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expandName[100], *string, *newEntry; data/magic-8.2.157+ds.1/utils/path.c:406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extendedName[MAXSIZE], *p1, *p2; data/magic-8.2.157+ds.1/utils/path.c:407:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char realName[MAXSIZE]; data/magic-8.2.157+ds.1/utils/path.c:454:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(realName, mode); data/magic-8.2.157+ds.1/utils/path.c:473:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(realName, mode); data/magic-8.2.157+ds.1/utils/path.c:485:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(realName, mode); data/magic-8.2.157+ds.1/utils/path.c:504:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(realName, mode); data/magic-8.2.157+ds.1/utils/path.c:588:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char newPath[NEWPATHSIZE]; data/magic-8.2.157+ds.1/utils/path.c:685:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char component[MAXSIZE], *next; data/magic-8.2.157+ds.1/utils/pathvisit.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[BUFSIZ+2]; data/magic-8.2.157+ds.1/utils/pathvisit.c:229:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(name, "r"); data/magic-8.2.157+ds.1/utils/runstats.c:86:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char string[100]; data/magic-8.2.157+ds.1/utils/runstats.c:103:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sp, "%d:%02du %d:%02ds", umins, usecs, smins, ssecs); data/magic-8.2.157+ds.1/utils/runstats.c:130:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sp, "%d:%02d.%du %d:%02d.%ds", umins, usecs, udsecs, data/magic-8.2.157+ds.1/utils/runstats.c:142:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(sp, "%dk", (int)size); data/magic-8.2.157+ds.1/utils/runstats.c:178:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[50]; data/magic-8.2.157+ds.1/utils/runstats.c:212:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld:%02ld.%ld %ld:%02ld.%ld", data/magic-8.2.157+ds.1/utils/set.c:80:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *parm = atoi(valueS); data/magic-8.2.157+ds.1/utils/set.c:182:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). *parm = (dlong)atoi(valueS); data/magic-8.2.157+ds.1/utils/tech.c:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[20], line[MAXLINESIZE], *realname; data/magic-8.2.157+ds.1/utils/tech.c:404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[MAXARGS]; data/magic-8.2.157+ds.1/utils/tech.c:449:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(suffix, ".tech"); data/magic-8.2.157+ds.1/utils/tech.c:470:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(suffix, ".tech%d", TECH_FORMAT_VERSION); data/magic-8.2.157+ds.1/utils/utils.h:78:33: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. #define FORK_vf(pid) do { pid = vfork(); if (pid > 0) ForkChildAdd (pid); } while (0) data/magic-8.2.157+ds.1/windows/windCmdAM.c:281:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rootPoint.p_x = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/windows/windCmdAM.c:282:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rootPoint.p_y = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/windows/windCmdAM.c:462:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (*GrSetCursorPtr)(atoi(cmd->tx_argv[1])); data/magic-8.2.157+ds.1/windows/windCmdAM.c:677:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int unopen, open; data/magic-8.2.157+ds.1/windows/windCmdAM.c:703:67: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). TxError("%d open files, %d unopened file descriptors left\n", open, unopen); data/magic-8.2.157+ds.1/windows/windCmdAM.c:782:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/windows/windCmdAM.c:784:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). style = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/windows/windCmdNR.c:154:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ssline[TX_MAX_CMDLEN]; data/magic-8.2.157+ds.1/windows/windCmdNR.c:331:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). UndoStackTrace(atoi(cmd->tx_argv[2])); data/magic-8.2.157+ds.1/windows/windCmdNR.c:342:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:229:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). wid = atoi(cmd->tx_argv[3]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:256:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ptstr, "%d %d %d %d", cmd->tx_p.p_x, cmd->tx_p.p_y, data/magic-8.2.157+ds.1/windows/windCmdSZ.c:273:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). yval = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:283:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TxSetPoint(atoi(cmd->tx_argv[1]), yval, wid); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:328:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:432:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_xbot = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:433:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_ybot = atoi(cmd->tx_argv[2]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:434:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_xtop = MAX(atoi(cmd->tx_argv[3]), area.r_xbot + WIND_MIN_WIDTH); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:435:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). area.r_ytop = MAX(atoi(cmd->tx_argv[4]), area.r_ybot + WIND_MIN_HEIGHT); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:659:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). UndoStackTrace((-1) - atoi(cmd->tx_argv[2])); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:675:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/windows/windCmdSZ.c:1143:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). windpos.file = fopen(filename, "w"); data/magic-8.2.157+ds.1/windows/windMain.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char glyphName[30]; data/magic-8.2.157+ds.1/windows/windMain.c:111:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(glyphName, "windows%d", WindScrollBarWidth); data/magic-8.2.157+ds.1/windows/windSend.c:268:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *(ownTable[3]); data/magic-8.2.157+ds.1/windows/windSend.c:392:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char patString[200], *pattern; data/magic-8.2.157+ds.1/windows/windSend.c:420:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(patString, "*%.195s*", cmd->tx_argv[1]); data/magic-8.2.157+ds.1/wiring/wireTech.c:110:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). WireUnits = atoi(argv[1]); data/magic-8.2.157+ds.1/wiring/wireTech.c:143:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else new->con_size = atoi(argv[2]); data/magic-8.2.157+ds.1/wiring/wireTech.c:149:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else new->con_surround1 = atoi(argv[4]); data/magic-8.2.157+ds.1/wiring/wireTech.c:155:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else new->con_surround2 = atoi(argv[6 + hasExtend]); data/magic-8.2.157+ds.1/wiring/wireTech.c:164:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else new->con_extend1 = atoi(argv[5]); data/magic-8.2.157+ds.1/wiring/wireTech.c:170:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). else new->con_extend2 = atoi(argv[8]); data/magic-8.2.157+ds.1/calma/CalmaRdcl.c:122:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strRecSize = strlen(strname); data/magic-8.2.157+ds.1/calma/CalmaRdcl.c:338:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(strname, newname, CALMANAMELENGTH*2); data/magic-8.2.157+ds.1/calma/CalmaRdio.c:543:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (getc(calmaInputFile) < 0) data/magic-8.2.157+ds.1/calma/CalmaRdpt.c:909:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(textbody) == 0) data/magic-8.2.157+ds.1/calma/CalmaRead.c:194:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (k = 0; k < strlen(libname); k++) data/magic-8.2.157+ds.1/calma/CalmaWrite.c:426:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = mallocMagic(strlen(strname) + 2); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:459:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = mallocMagic(strlen(strname) + 2); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:471:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = mallocMagic(strlen(strname) + strlen(prefix) + 9); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:471:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = mallocMagic(strlen(strname) + strlen(prefix) + 9); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:485:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = mallocMagic(strlen(strname) + strlen(prefix) + 9); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:485:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = mallocMagic(strlen(strname) + strlen(prefix) + 9); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:509:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rtype = getc(calmaInputFile); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:510:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). datatype = getc(calmaInputFile); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:537:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newnameptr = (char *)mallocMagic(strlen(strname) + data/magic-8.2.157+ds.1/calma/CalmaWrite.c:538:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(prefix) + 9); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:557:19: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((byte = getc(calmaInputFile)) < 0) data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1065:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(defName); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:1403:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(contactCellName, "_"); data/magic-8.2.157+ds.1/calma/CalmaWrite.c:2752:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/magic-8.2.157+ds.1/calma/calmaInt.h:170:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). u.uc[0] = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:171:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). u.uc[1] = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:179:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). u.uc[0] = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:180:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). u.uc[1] = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:181:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). u.uc[2] = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:182:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). u.uc[3] = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:197:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (rt) = getc(calmaInputFile); \ data/magic-8.2.157+ds.1/calma/calmaInt.h:198:14: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void) getc(calmaInputFile); \ data/magic-8.2.157+ds.1/cif/CIFmain.c:246:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name); data/magic-8.2.157+ds.1/cif/CIFrdpt.c:271:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sptr = sptr + strlen(sptr); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:471:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (argc >= 2) l = strlen(argv[1]); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:532:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newStyle->crs_name = (char *)mallocMagic(strlen(argv[1]) data/magic-8.2.157+ds.1/cif/CIFrdtech.c:533:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(tptr) + 1); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:691:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(cifCurReadStyle->crs_name) - strlen(tptr); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:691:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(cifCurReadStyle->crs_name) - strlen(tptr); data/magic-8.2.157+ds.1/cif/CIFrdtech.c:1282:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name); data/magic-8.2.157+ds.1/cif/CIFread.h:194:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cifParseLaChar = getc(cifInputFile))) data/magic-8.2.157+ds.1/cif/CIFread.h:198:23: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). : (cifParseLaChar = getc(cifInputFile))) data/magic-8.2.157+ds.1/cif/CIFtech.c:489:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). places = strlen(decimal + 1); data/magic-8.2.157+ds.1/cif/CIFtech.c:538:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (argc >= 2) l = strlen(argv[1]); data/magic-8.2.157+ds.1/cif/CIFtech.c:603:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(tptr) + 1); data/magic-8.2.157+ds.1/cif/CIFtech.c:786:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(CIFCurStyle->cs_name) - strlen(tptr); data/magic-8.2.157+ds.1/cif/CIFtech.c:786:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(CIFCurStyle->cs_name) - strlen(tptr); data/magic-8.2.157+ds.1/cif/CIFwrite.c:263:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). now[strlen(now)-1] = '\0'; data/magic-8.2.157+ds.1/commands/CmdCD.c:898:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullpath = (char *)mallocMagic(strlen(filepath) + data/magic-8.2.157+ds.1/commands/CmdCD.c:899:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cellDef->cd_name) + 6); data/magic-8.2.157+ds.1/commands/CmdCD.c:3704:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullpathname = (char *)mallocMagic(strlen(cmd->tx_argv[1]) + 10); data/magic-8.2.157+ds.1/commands/CmdCD.c:3714:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(cellnameptr); data/magic-8.2.157+ds.1/commands/CmdCD.c:3721:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(fullpathname); data/magic-8.2.157+ds.1/commands/CmdCD.c:3749:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *newcellname = (char *)mallocMagic(strlen(cellnameptr) + 3); data/magic-8.2.157+ds.1/commands/CmdE.c:762:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (strncmp(cmd->tx_argv[1], "toggle", strlen(cmd->tx_argv[1])) != 0))) data/magic-8.2.157+ds.1/commands/CmdFI.c:1907:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cmd->tx_argv[i]) > 3) data/magic-8.2.157+ds.1/commands/CmdLQ.c:407:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(cmd->tx_argv[1] + strlen(cmd->tx_argv[1]) - 1) = '\0'; data/magic-8.2.157+ds.1/commands/CmdLQ.c:1557:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (pos & PORT_DIR_NORTH) strcat(cdir, "n"); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1558:32: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (pos & PORT_DIR_EAST) strcat(cdir, "e"); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1559:33: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (pos & PORT_DIR_SOUTH) strcat(cdir, "s"); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1560:32: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (pos & PORT_DIR_WEST) strcat(cdir, "w"); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1812:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cmd->tx_argv[argstart + 1]) == 0) data/magic-8.2.157+ds.1/commands/CmdLQ.c:1889:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keyvalue = (char *)mallocMagic(strlen(name) + 4); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1894:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keyvalue = (char *)mallocMagic(strlen(name) + strlen((char *)value) + 2); data/magic-8.2.157+ds.1/commands/CmdLQ.c:1894:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). keyvalue = (char *)mallocMagic(strlen(name) + strlen((char *)value) + 2); data/magic-8.2.157+ds.1/commands/CmdRS.c:796:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int arg1len = strlen(cmd->tx_argv[1]); data/magic-8.2.157+ds.1/commands/CmdRS.c:834:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). "cell", strlen(cmd->tx_argv[2]))) data/magic-8.2.157+ds.1/commands/CmdRS.c:2123:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmdlength = cmdlength + strlen(cmd->tx_argv[i]) + 1; data/magic-8.2.157+ds.1/commands/CmdRS.c:2128:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(command, " "); data/magic-8.2.157+ds.1/commands/CmdRS.c:2273:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr = cmdbuf + strlen(cmdbuf); data/magic-8.2.157+ds.1/commands/CmdRS.c:2279:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(strptr, " "); data/magic-8.2.157+ds.1/commands/CmdRS.c:2280:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr += strlen(strptr) + 1; data/magic-8.2.157+ds.1/commands/CmdSubrs.c:721:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (!strcmp(newName + strlen(newName) - 4, ".mag")) data/magic-8.2.157+ds.1/commands/CmdSubrs.c:722:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(newName + strlen(newName) - 4) = '\0'; data/magic-8.2.157+ds.1/commands/CmdTZ.c:1948:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(cmd->tx_argv[i]) > 3) data/magic-8.2.157+ds.1/database/DBcellname.c:332:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newsize = strlen(useID) + 1; data/magic-8.2.157+ds.1/database/DBcellname.c:340:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newsize += strlen(xbuf); data/magic-8.2.157+ds.1/database/DBcellname.c:345:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newsize += strlen(ybuf); data/magic-8.2.157+ds.1/database/DBcellname.c:355:18: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (isx && isy) strcat(newID, ","); data/magic-8.2.157+ds.1/database/DBcellsel.c:282:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(arg->csa_bestpath->tp_next, cpath->tp_first, n); data/magic-8.2.157+ds.1/database/DBcellsel.c:334:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(arg->csa_bestpath->tp_next, cpath->tp_first, n); data/magic-8.2.157+ds.1/database/DBio.c:322:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "tech %49s", tech) != 1) data/magic-8.2.157+ds.1/database/DBio.c:506:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(f)) == 'r') || (c == 't')) data/magic-8.2.157+ds.1/database/DBio.c:728:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *doslash = (tempdir[strlen(tempdir) - 1] == '/') ? "" : "/"; data/magic-8.2.157+ds.1/database/DBio.c:730:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snptr = tempname + strlen(tempdir); data/magic-8.2.157+ds.1/database/DBio.c:857:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(rootname) == 0) return FALSE; data/magic-8.2.157+ds.1/database/DBio.c:1097:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realname = (char *) mallocMagic((unsigned) (strlen(cellDef->cd_name) data/magic-8.2.157+ds.1/database/DBio.c:1098:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(DBSuffix) + 1)); data/magic-8.2.157+ds.1/database/DBio.c:1221:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. nconv = sscanf(line, "use %1023s %1023s %1023s", cellname, useid, path); data/magic-8.2.157+ds.1/database/DBio.c:1406:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(cellDef->cd_file, homedir, strlen(homedir)) || data/magic-8.2.157+ds.1/database/DBio.c:1407:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *(cellDef->cd_file + strlen(homedir)) != '/') data/magic-8.2.157+ds.1/database/DBio.c:1464:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "/"); data/magic-8.2.157+ds.1/database/DBio.c:1581:18: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((ntok = sscanf(line, "string %127s %2047[^\n]", data/magic-8.2.157+ds.1/database/DBio.c:1702:18: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((ntok = sscanf(line, "rectangle %127s %1023s %d %d %d %d %99[^\n]", data/magic-8.2.157+ds.1/database/DBio.c:1728:18: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if ((ntok = sscanf(line, "line %127s %1023s %d %d %d %d %99[^\n]", data/magic-8.2.157+ds.1/database/DBio.c:1756:19: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (((ntok = sscanf(line, "text %127s %1023s %d %d", data/magic-8.2.157+ds.1/database/DBio.c:1881:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "rlabel %*49s %1s", stickyflag) == 1) data/magic-8.2.157+ds.1/database/DBio.c:1887:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "rlabel %49s %c %d %d %d %d %d %99[^\n]", data/magic-8.2.157+ds.1/database/DBio.c:1898:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "rlabel %49s %d %d %d %d %d %99[^\n]", data/magic-8.2.157+ds.1/database/DBio.c:1916:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "flabel %*49s %1s", stickyflag) == 1) data/magic-8.2.157+ds.1/database/DBio.c:1921:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, data/magic-8.2.157+ds.1/database/DBio.c:1934:11: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, data/magic-8.2.157+ds.1/database/DBio.c:1962:14: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. (((ntok = sscanf(line, "port %d %4s %49s %49s", data/magic-8.2.157+ds.1/database/DBio.c:2046:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "label %49s %d %d %d %99[^\n]", data/magic-8.2.157+ds.1/database/DBio.c:2158:25: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (--l > 0 && (c = getc(f)) != EOF) data/magic-8.2.157+ds.1/database/DBio.c:2359:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DBFileOffset += strlen(s);\ data/magic-8.2.157+ds.1/database/DBio.c:2364:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DBFileOffset += strlen(s);\ data/magic-8.2.157+ds.1/database/DBio.c:2446:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lab->lab_text) == 0) continue; // Shouldn't happen data/magic-8.2.157+ds.1/database/DBio.c:2478:40: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (lab->lab_flags & PORT_DIR_NORTH) strcat(ppos, "n"); data/magic-8.2.157+ds.1/database/DBio.c:2479:40: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (lab->lab_flags & PORT_DIR_SOUTH) strcat(ppos, "s"); data/magic-8.2.157+ds.1/database/DBio.c:2480:39: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (lab->lab_flags & PORT_DIR_EAST) strcat(ppos, "e"); data/magic-8.2.157+ds.1/database/DBio.c:2481:39: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (lab->lab_flags & PORT_DIR_WEST) strcat(ppos, "w"); data/magic-8.2.157+ds.1/database/DBio.c:2531:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(lstring, "\n"); data/magic-8.2.157+ds.1/database/DBio.c:2559:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). propscaled = mallocMagic(strlen(propvalue) + 5); data/magic-8.2.157+ds.1/database/DBio.c:2630:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lstring = (char *)mallocMagic(10 + strlen((char *)value) + strlen(key)); data/magic-8.2.157+ds.1/database/DBio.c:2630:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lstring = (char *)mallocMagic(10 + strlen((char *)value) + strlen(key)); data/magic-8.2.157+ds.1/database/DBio.c:2703:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realname = (char *) mallocMagic(strlen(fileName) + strlen(DBSuffix) + 1); data/magic-8.2.157+ds.1/database/DBio.c:2703:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realname = (char *) mallocMagic(strlen(fileName) + strlen(DBSuffix) + 1); data/magic-8.2.157+ds.1/database/DBio.c:2719:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realname = (char *) mallocMagic((unsigned) (strlen(cellDef->cd_name) data/magic-8.2.157+ds.1/database/DBio.c:2720:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(DBSuffix) + 1)); data/magic-8.2.157+ds.1/database/DBio.c:2762:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpname = (char *) mallocMagic((unsigned) (strlen(expandname) data/magic-8.2.157+ds.1/database/DBio.c:2763:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(template) + 1)); data/magic-8.2.157+ds.1/database/DBio.c:3129:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(cellUse->cu_def->cd_file, homedir, strlen(homedir)) data/magic-8.2.157+ds.1/database/DBio.c:3130:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && (*(cellUse->cu_def->cd_file + strlen(homedir)) == '/')) data/magic-8.2.157+ds.1/database/DBio.c:3135:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(homedir)); data/magic-8.2.157+ds.1/database/DBio.c:3273:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). template = (char *)mallocMagic(20 + strlen(tempdir)); data/magic-8.2.157+ds.1/database/DBio.c:3276:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). doslash = (tempdir[strlen(tempdir) - 1] == '/') ? "" : "/"; data/magic-8.2.157+ds.1/database/DBio.c:3295:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(filename) == 0) data/magic-8.2.157+ds.1/database/DBlabel.c:149:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text) + sizeof (Label) - sizeof lab->lab_text + 1; data/magic-8.2.157+ds.1/database/DBlabel2.c:597:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(funcData->nld_name, tpath->tp_first, used); data/magic-8.2.157+ds.1/database/DBtech.c:186:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(DBTechVersion); data/magic-8.2.157+ds.1/database/DBtech.c:187:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). contline = mallocMagic(strlen(argv[n]) + slen + 1); data/magic-8.2.157+ds.1/database/DBtech.c:199:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(DBTechDescription); data/magic-8.2.157+ds.1/database/DBtech.c:200:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). contline = mallocMagic(strlen(argv[n]) + slen + 1); data/magic-8.2.157+ds.1/database/DBtechname.c:459:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(p->sn_name) > strlen(keepname)) data/magic-8.2.157+ds.1/database/DBtechname.c:459:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(p->sn_name) > strlen(keepname)) data/magic-8.2.157+ds.1/database/DBtechname.c:511:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(p->sn_name) > strlen(keepname)) data/magic-8.2.157+ds.1/database/DBtechname.c:511:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(p->sn_name) > strlen(keepname)) data/magic-8.2.157+ds.1/database/DBtechtype.c:767:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(onename); data/magic-8.2.157+ds.1/database/DBtimestmp.c:124:17: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. for (tmpm = mismatch; tmpm; tmpm = tmpm->mm_next) data/magic-8.2.157+ds.1/database/DBtimestmp.c:127:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. while (mismatch != NULL) data/magic-8.2.157+ds.1/database/DBtimestmp.c:136:21: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. freeMagic((char *) mismatch); data/magic-8.2.157+ds.1/database/DBtimestmp.c:298:19: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mm->mm_next = mismatch; data/magic-8.2.157+ds.1/database/DBundo.c:474:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) labelSize(strlen(lab->lab_text))); data/magic-8.2.157+ds.1/database/DBundo.c:517:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) labelSize(strlen(lab->lab_text))); data/magic-8.2.157+ds.1/database/DBundo.c:658:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) cellSize(strlen(use->cu_id))); data/magic-8.2.157+ds.1/database/DBundo.c:931:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) strlen(old->cd_name) + 1); data/magic-8.2.157+ds.1/database/DBundo.c:938:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) strlen(new->cd_name) + 1); data/magic-8.2.157+ds.1/dbwind/DBWbuttons.c:205:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name); data/magic-8.2.157+ds.1/dbwind/DBWdisplay.c:1727:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(styleType, argv[1], 49); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:108:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int nlen = strlen(newstr); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:111:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*oldstr != NULL) olen = strlen(*oldstr); data/magic-8.2.157+ds.1/dbwind/DBWelement.c:112:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (postfix != NULL) plen = strlen(postfix); data/magic-8.2.157+ds.1/dbwind/DBWundo.c:149:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) editSize(strlen(useid))); data/magic-8.2.157+ds.1/dbwind/DBWundo.c:171:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (unsigned) editSize(strlen(useid))); data/magic-8.2.157+ds.1/drc/DRCmain.c:199:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). whylen = strlen(whyptr) + 20 * subscnt; data/magic-8.2.157+ds.1/drc/DRCmain.c:210:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wptr, whyptr, (int)(sptr - whyptr)); data/magic-8.2.157+ds.1/drc/DRCmain.c:219:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wptr += strlen(wptr); data/magic-8.2.157+ds.1/drc/DRCmain.c:225:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wptr += strlen(wptr); data/magic-8.2.157+ds.1/drc/DRCmain.c:231:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wptr += strlen(wptr); data/magic-8.2.157+ds.1/drc/DRCmain.c:241:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wptr, whyptr, strlen(whyptr) + 1); data/magic-8.2.157+ds.1/drc/DRCmain.c:241:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(wptr, whyptr, strlen(whyptr) + 1); data/magic-8.2.157+ds.1/drc/DRCprint.c:60:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(string, DBTypeShortName(layer), 8); data/magic-8.2.157+ds.1/drc/DRCprint.c:180:19: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. if (gotSome) strcat(printchain, ","); data/magic-8.2.157+ds.1/drc/DRCtech.c:225:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name); data/magic-8.2.157+ds.1/drc/DRCtech.c:640:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (argc >= 2) l = strlen(argv[1]); data/magic-8.2.157+ds.1/drc/DRCtech.c:694:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(tptr) + 1); data/magic-8.2.157+ds.1/drc/DRCtech.c:852:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(DRCCurStyle->ds_name) - strlen(tptr); data/magic-8.2.157+ds.1/drc/DRCtech.c:852:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(DRCCurStyle->ds_name) - strlen(tptr); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:892:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fetInfo[ndx].defSubs = (char *) mallocMagic((unsigned) (strlen(subsNode)+1)); data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1211:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(suf) - 1; data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1617:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l1 = strlen(a1); \ data/magic-8.2.157+ds.1/ext2sim/ext2sim.c:1618:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l2 = strlen(a2); \ data/magic-8.2.157+ds.1/ext2sim/finds.c:64:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/magic-8.2.157+ds.1/ext2sim/sim2simp.c:29:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = (char *) malloc(strlen(s)+1); data/magic-8.2.157+ds.1/ext2sim/sim2simp.c:41:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (l=strlen(str)) <= 2 ) { data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:139:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(suf) - 1; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:778:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bangptr = locsubname + strlen(locsubname) - 1; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1250:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). esFetInfo[ndx].defSubs = (char *)mallocMagic((unsigned)(strlen(subsNode)+1)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1403:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars = 1 + strlen(stmp); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1462:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += (1 + strlen(stmp)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1541:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += (1 + strlen(stmp)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1560:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). instname = mallocMagic(2 + strlen(def->def_name)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1571:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += (1 + strlen(pptr->parm_name)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1654:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars = 8 + strlen(subcktname); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1702:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += strlen(pname) + 1; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1742:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += strlen(pname) + 1; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1791:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += strlen(stmp) + 1; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1799:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). instname = mallocMagic(2 + strlen(def->def_name)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:1812:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tchars += strlen(pname) + 1; data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3016:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (1 + strlen(nname)); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3409:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(s); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3442:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 15) data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3446:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 15) data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3667:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l1 = strlen(*a1); data/magic-8.2.157+ds.1/ext2spice/ext2spice.c:3668:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l2 = strlen(*a2); data/magic-8.2.157+ds.1/extflat/EFargs.c:325:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(realIn, inname, cp - inname); data/magic-8.2.157+ds.1/extflat/EFbuild.c:279:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = ATTRSIZE(strlen(text)); data/magic-8.2.157+ds.1/extflat/EFflat.c:447:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). asize = ATTRSIZE(strlen(ap->efa_text)); data/magic-8.2.157+ds.1/extflat/EFflat.c:837:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = HIERNAMESIZE(strlen(hierName->hn_name)); data/magic-8.2.157+ds.1/extflat/EFname.c:98:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return hierName->hn_name[strlen(hierName->hn_name) - 1] == '!'; data/magic-8.2.157+ds.1/extflat/EFname.c:173:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = HIERNAMESIZE(strlen(suffix->hn_name)); data/magic-8.2.157+ds.1/extflat/EFname.c:466:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(hn->hn_name); data/magic-8.2.157+ds.1/extflat/EFname.c:506:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last1 = hierName1->hn_name[strlen(hierName1->hn_name) - 1]; data/magic-8.2.157+ds.1/extflat/EFname.c:507:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last2 = hierName2->hn_name[strlen(hierName2->hn_name) - 1]; data/magic-8.2.157+ds.1/extflat/EFname.c:534:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 += strlen(np1->hn_name); data/magic-8.2.157+ds.1/extflat/EFname.c:536:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 += strlen(np2->hn_name); data/magic-8.2.157+ds.1/extflat/EFname.c:651:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = HIERNAMESIZE(strlen(namePtr)); data/magic-8.2.157+ds.1/extract/ExtBasic.c:716:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(cp) - 1; data/magic-8.2.157+ds.1/extract/ExtBasic.c:3151:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(cp) - 1; data/magic-8.2.157+ds.1/extract/ExtCell.c:180:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(namebuf, def->cd_file, len); data/magic-8.2.157+ds.1/extract/ExtHard.c:307:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(oldlab->lab_text) + prefixlen; data/magic-8.2.157+ds.1/extract/ExtHard.c:426:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(gen) + prefixlen; data/magic-8.2.157+ds.1/extract/ExtHier.c:118:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). childname = mallocMagic(strlen(name2) + strlen(use->cu_id) + 14); data/magic-8.2.157+ds.1/extract/ExtHier.c:118:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). childname = mallocMagic(strlen(name2) + strlen(use->cu_id) + 14); data/magic-8.2.157+ds.1/extract/ExtHier.c:123:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). childname = mallocMagic(strlen(name2) + strlen(use->cu_id) + 9); data/magic-8.2.157+ds.1/extract/ExtHier.c:123:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). childname = mallocMagic(strlen(name2) + strlen(use->cu_id) + 9); data/magic-8.2.157+ds.1/extract/ExtHier.c:129:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). childname = mallocMagic(strlen(name2) + strlen(use->cu_id) + 2); data/magic-8.2.157+ds.1/extract/ExtHier.c:129:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). childname = mallocMagic(strlen(name2) + strlen(use->cu_id) + 2); data/magic-8.2.157+ds.1/extract/ExtHier.c:339:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = sizeof(Label) + strlen(lab->lab_text) data/magic-8.2.157+ds.1/extract/ExtLength.c:504:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tpath->tp_first) + sizeof (Label) data/magic-8.2.157+ds.1/extract/ExtLength.c:582:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text) + sizeof (Label) - sizeof lab->lab_text + 1; data/magic-8.2.157+ds.1/extract/ExtSubtree.c:745:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = sizeof (Label) + strlen(lab->lab_text) data/magic-8.2.157+ds.1/extract/ExtTech.c:546:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name); data/magic-8.2.157+ds.1/extract/ExtTech.c:1640:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (argc >= 2) l = strlen(argv[1]); data/magic-8.2.157+ds.1/extract/ExtTech.c:1693:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(tptr) + 1); data/magic-8.2.157+ds.1/extract/ExtTech.c:1804:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ExtCurStyle->exts_name) - strlen(tptr); data/magic-8.2.157+ds.1/extract/ExtTech.c:1804:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(ExtCurStyle->exts_name) - strlen(tptr); data/magic-8.2.157+ds.1/extract/ExtYank.c:82:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = sizeof (Label) + strlen(lab->lab_text) - sizeof lab->lab_text + 1; data/magic-8.2.157+ds.1/gcr/gcrDebug.c:142:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fp); data/magic-8.2.157+ds.1/graphics/W3Dmain.c:1494:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((argc > 0) && (strlen(argv[0]) > 0)) data/magic-8.2.157+ds.1/graphics/X11Helper.c:298:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(readPipe, (char *)&window, sizeof(Window)) == sizeof(Window)) data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:592:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl = strlen(TxBuffer); data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:650:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(macroDef, macroDef + 1, strlen(macroDef + 1) + 1); data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo1.c:669:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(macroDef); data/magic-8.2.157+ds.1/graphics/cairo_new/grTCairo3.c:216:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = Tk_TextWidth(font, text, strlen(text)); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:582:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl = strlen(TxBuffer); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:640:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(macroDef, macroDef + 1, strlen(macroDef + 1) + 1); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo1.c:659:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(macroDef); data/magic-8.2.157+ds.1/graphics/cairo_orig/grTCairo3.c:215:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = Tk_TextWidth(font, text, strlen(text)); data/magic-8.2.157+ds.1/graphics/grMain.c:276:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(*ptr, type, strlen(*ptr)) == 0) break; data/magic-8.2.157+ds.1/graphics/grMain.c:335:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(*ptr1, disp1, strlen(*ptr1)) == 0) break; data/magic-8.2.157+ds.1/graphics/grMain.c:347:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(*ptr2, disp2, strlen(*ptr2)) == 0) break; data/magic-8.2.157+ds.1/graphics/grMain.c:510:7: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(stream); data/magic-8.2.157+ds.1/graphics/grNull.c:157:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r->r_xtop = strlen(text); data/magic-8.2.157+ds.1/graphics/grNull.c:186:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(stdin); data/magic-8.2.157+ds.1/graphics/grOGL1.c:423:4: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pipeRead, &xevent, sizeof(XEvent)); data/magic-8.2.157+ds.1/graphics/grOGL1.c:437:2: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pipeRead, &key, sizeof(int)); data/magic-8.2.157+ds.1/graphics/grOGL1.c:759:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(stdin); data/magic-8.2.157+ds.1/graphics/grOGL1.c:867:2: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(600); data/magic-8.2.157+ds.1/graphics/grOGL3.c:296:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XTextExtents(font, text, strlen(text), &dir, &fa, &fd, &overall); data/magic-8.2.157+ds.1/graphics/grOGL3.c:817:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). glCallLists(strlen(text), GL_UNSIGNED_BYTE, (unsigned char *)text); data/magic-8.2.157+ds.1/graphics/grTCairo1.c:678:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl = strlen(TxBuffer); data/magic-8.2.157+ds.1/graphics/grTCairo1.c:736:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(macroDef, macroDef + 1, strlen(macroDef + 1) + 1); data/magic-8.2.157+ds.1/graphics/grTCairo1.c:755:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(macroDef); data/magic-8.2.157+ds.1/graphics/grTOGL1.c:699:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl = strlen(TxBuffer); data/magic-8.2.157+ds.1/graphics/grTOGL1.c:757:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(macroDef, macroDef + 1, strlen(macroDef + 1) + 1); data/magic-8.2.157+ds.1/graphics/grTOGL1.c:776:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(macroDef); data/magic-8.2.157+ds.1/graphics/grTOGL3.c:233:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = Tk_TextWidth(font, text, strlen(text)); data/magic-8.2.157+ds.1/graphics/grTOGL3.c:711:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). glCallLists(strlen(text), GL_UNSIGNED_BYTE, (unsigned char *)text); data/magic-8.2.157+ds.1/graphics/grTk1.c:955:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tl = strlen(TxBuffer); data/magic-8.2.157+ds.1/graphics/grTk1.c:1013:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(macroDef, macroDef + 1, strlen(macroDef + 1) + 1); data/magic-8.2.157+ds.1/graphics/grTk1.c:1032:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int sl = strlen(macroDef); data/magic-8.2.157+ds.1/graphics/grTk3.c:204:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). width = Tk_TextWidth(font, text, strlen(text)); data/magic-8.2.157+ds.1/graphics/grTk3.c:520:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). grCurrent.font, text, strlen(text), data/magic-8.2.157+ds.1/graphics/grTkCommon.c:615:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 1) data/magic-8.2.157+ds.1/graphics/grX11su1.c:756:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pipeRead, &xevent, sizeof(XEvent)); data/magic-8.2.157+ds.1/graphics/grX11su1.c:812:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(pipeRead, &c, sizeof(int)); data/magic-8.2.157+ds.1/graphics/grX11su1.c:1107:10: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = getc(stdin); data/magic-8.2.157+ds.1/graphics/grX11su3.c:264:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XTextExtents(font, text, strlen(text), &dir, &fa, &fd, &overall); data/magic-8.2.157+ds.1/graphics/grX11su3.c:818:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text, strlen(text)); data/magic-8.2.157+ds.1/irouter/irCommand.c:868:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%-12.12s ", irRepeatChar(strlen("contact"),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:871:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%8.8s ",irRepeatChar(strlen(cParms[n].cP_name),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:911:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%-12.12s ", irRepeatChar(strlen("contact"),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:914:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%8.8s ",irRepeatChar(strlen(cParms[n].cP_name),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:972:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%-12.12s ", irRepeatChar(strlen("contact"),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:974:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). irRepeatChar(strlen(cParms[which].cP_name),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:1242:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%-12.12s ", irRepeatChar(strlen("layer"),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:1245:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%8.8s ", irRepeatChar(strlen(lParms[n].lP_name),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:1285:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%-12.12s ", irRepeatChar(strlen("layer"),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:1288:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%8.8s ", irRepeatChar(strlen(lParms[n].lP_name),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:1347:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). TxPrintf("%-12.12s ", irRepeatChar(strlen("layer"),'-')); data/magic-8.2.157+ds.1/irouter/irCommand.c:1349:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). irRepeatChar(strlen(lParms[which].lP_name),'-')); data/magic-8.2.157+ds.1/lef/defRead.c:1003:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(token, "%2047s", pinname) != 1) data/magic-8.2.157+ds.1/lef/defRead.c:1207:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(token, "%2047s", vianame) != 1) data/magic-8.2.157+ds.1/lef/defRead.c:1455:7: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(token, "%511s", usename) != 1) data/magic-8.2.157+ds.1/lef/defWrite.c:263:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clast = *(cp + strlen(cp) - 1); data/magic-8.2.157+ds.1/lef/defWrite.c:483:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(numstr) + 1, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:539:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctot += strlen(numstr) + 1; data/magic-8.2.157+ds.1/lef/defWrite.c:551:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctot += strlen(numstr) + 1; data/magic-8.2.157+ds.1/lef/defWrite.c:648:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defdata->outcolumn = 5 + strlen(ndn); data/magic-8.2.157+ds.1/lef/defWrite.c:664:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char endc = *(hierName->hn_name + strlen(hierName->hn_name) - 1); data/magic-8.2.157+ds.1/lef/defWrite.c:668:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(5 + strlen(locndn), defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1107:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(lefName) + strlen(viaName) + 2, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1107:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(lefName) + strlen(viaName) + 2, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1150:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(rName) + 1, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1157:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(lefName) + strlen(viaName) + 2, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1157:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(lefName) + strlen(viaName) + 2, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1162:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defCheckForBreak(strlen(lefName) + 1, defdata); data/magic-8.2.157+ds.1/lef/defWrite.c:1207:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defdata->outcolumn = 10 + strlen(lefName); data/magic-8.2.157+ds.1/lef/defWrite.c:1240:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). defdata->outcolumn = 10 + strlen(lefName); data/magic-8.2.157+ds.1/lef/defWrite.c:1803:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sx) sprintf(idx + strlen(idx), "%d", x); data/magic-8.2.157+ds.1/lef/lefRead.c:1605:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tsave, ""); data/magic-8.2.157+ds.1/lef/lefRead.c:1609:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(tsave + strlen(tsave), " %s", token); data/magic-8.2.157+ds.1/lef/lefWrite.c:116:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(namebuf, name, len); data/magic-8.2.157+ds.1/lisp/lispA-Z.c:1518:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str = (char *) mallocMagic((unsigned) (strlen(LSTR(ARG1(s)))+1)); data/magic-8.2.157+ds.1/lisp/lispEval.c:292:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = k + strlen(argstring+k)+1; data/magic-8.2.157+ds.1/lisp/lispEval.c:297:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = k + strlen(argstring+k)+1; data/magic-8.2.157+ds.1/lisp/lispEval.c:314:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). k = k + strlen(argstring+k)+1; data/magic-8.2.157+ds.1/lisp/lispGC.c:155:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(s) = (char *) mallocMagic((unsigned) (strlen(LSTR(l))+1)); data/magic-8.2.157+ds.1/lisp/lispIO.c:95:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((val = fgetc (fp)) != EOF) { data/magic-8.2.157+ds.1/lisp/lispIO.c:108:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((val = fgetc(fp)) != EOF && val != '\n') data/magic-8.2.157+ds.1/lisp/lispIO.c:174:21: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((val = fgetc (fp)) != EOF && val != '\"') { data/magic-8.2.157+ds.1/lisp/lispIO.c:188:10: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). val = fgetc (fp); data/magic-8.2.157+ds.1/lisp/lispMagic.c:364:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nm = (char *) mallocMagic((unsigned) (strlen(label->lab_text)+1+bad)); data/magic-8.2.157+ds.1/lisp/lispMain.c:187:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen(s)+1)); data/magic-8.2.157+ds.1/lisp/lispMain.c:224:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen(s)+1)); data/magic-8.2.157+ds.1/lisp/lispParse.c:224:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen (q)+1)); data/magic-8.2.157+ds.1/lisp/lispString.c:62:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen(LSTR(ARG1(s)))+strlen(LSTR(ARG2(s)))+1)); data/magic-8.2.157+ds.1/lisp/lispString.c:62:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen(LSTR(ARG1(s)))+strlen(LSTR(ARG2(s)))+1)); data/magic-8.2.157+ds.1/lisp/lispString.c:97:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen(LSYM(ARG1(s)))+1)); data/magic-8.2.157+ds.1/lisp/lispString.c:172:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LSTR(l) = (char *) mallocMagic((unsigned) (strlen(buf)+1)); data/magic-8.2.157+ds.1/lisp/lispString.c:269:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LINTEGER(l) = strlen (LSTR(ARG1(s))); data/magic-8.2.157+ds.1/lisp/lispString.c:340:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (LSTR(ARG1(s))) <= LINTEGER(ARG2(s)) || LINTEGER(ARG2(s)) < 0) { data/magic-8.2.157+ds.1/lisp/lispString.c:381:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (LSTR(ARG1(s))) <= LINTEGER(ARG2(s)) || LINTEGER(ARG2(s)) < 0) { data/magic-8.2.157+ds.1/lisp/lispString.c:423:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LINTEGER(ARG3(s)) <= strlen(LSTR(ARG1(s))))) { data/magic-8.2.157+ds.1/lisp/lispString.c:430:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (LSTR(l), LSTR(ARG1(s))+LINTEGER(ARG2(s)), data/magic-8.2.157+ds.1/netmenu/NMlabel.c:165:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spaceNeeded = strlen(num1String) + strlen(num2String) + strlen(src) + 1; data/magic-8.2.157+ds.1/netmenu/NMlabel.c:165:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spaceNeeded = strlen(num1String) + strlen(num2String) + strlen(src) + 1; data/magic-8.2.157+ds.1/netmenu/NMlabel.c:165:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spaceNeeded = strlen(num1String) + strlen(num2String) + strlen(src) + 1; data/magic-8.2.157+ds.1/netmenu/NMlabel.c:644:12: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(tpath->tp_next, label->lab_text, left); data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:441:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->nl_fileName = mallocMagic((unsigned) (5 + strlen(name))); data/magic-8.2.157+ds.1/netmenu/NMnetlist.c:770:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realName = mallocMagic((unsigned) (5 + strlen(fileName))); data/magic-8.2.157+ds.1/netmenu/NMundo.c:95:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (term != NULL) l1 = strlen(term); data/magic-8.2.157+ds.1/netmenu/NMundo.c:97:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (curNet != NULL) l2 = strlen(curNet); data/magic-8.2.157+ds.1/oa/magicInit.cpp:126:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Tcl_Obj *strResult = Tcl_NewStringObj(uUnit, strlen(uUnit)); data/magic-8.2.157+ds.1/plot/plotGremln.c:615:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(file, "%d %s\n", strlen(label->lab_text), label->lab_text); data/magic-8.2.157+ds.1/plot/plotGremln.c:709:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(file, "3 2\n%d %s\n", strlen(def->cd_name), def->cd_name); data/magic-8.2.157+ds.1/plot/plotGremln.c:724:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(file, "2 2\n%d %s\n", strlen(idName), idName); data/magic-8.2.157+ds.1/plot/plotPNM.c:1375:10: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf (buf, "%d %d %d %d %40s %d %c %126s", data/magic-8.2.157+ds.1/plot/plotPS.c:857:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ls = strlen(label->lab_text); data/magic-8.2.157+ds.1/plot/plotRutils.c:584:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fileno(f), (char *) &new->fo_hdr, sizeof(new->fo_hdr)) data/magic-8.2.157+ds.1/plot/plotRutils.c:608:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fileno(f), (char *) new->fo_chars, sizeof(new->fo_chars)) data/magic-8.2.157+ds.1/plot/plotRutils.c:612:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fileno(f), new->fo_bits, (unsigned) new->fo_hdr.size) data/magic-8.2.157+ds.1/plow/PlowRandom.c:297:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((n1 = read(f1, b1, BUFSIZ)) > 0) data/magic-8.2.157+ds.1/plow/PlowRandom.c:299:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n2 = read(f2, b2, BUFSIZ); data/magic-8.2.157+ds.1/resis/ResPrint.c:218:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = tmpname + strlen(tmpname) - 1; data/magic-8.2.157+ds.1/resis/ResPrint.c:720:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(name + strlen(name), "%d", nodeptr->rn_id); data/magic-8.2.157+ds.1/resis/ResReadSim.c:295:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fp)) != EOF && c != '\n') data/magic-8.2.157+ds.1/resis/ResReadSim.c:399:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(newattr,tmpattr,k); data/magic-8.2.157+ds.1/resis/ResReadSim.c:781:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). thisfix = (ResFixPoint *) mallocMagic((unsigned) (sizeof(ResFixPoint)+strlen(label))); data/magic-8.2.157+ds.1/resis/ResRex.c:650:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(scx->scx_use->cu_id) + strlen(lab->lab_text) + 2; data/magic-8.2.157+ds.1/resis/ResRex.c:650:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(scx->scx_use->cu_id) + strlen(lab->lab_text) + 2; data/magic-8.2.157+ds.1/resis/ResRex.c:890:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last4 = node->name+strlen(node->name)-4; data/magic-8.2.157+ds.1/resis/ResRex.c:891:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last3 = node->name+strlen(node->name)-3; data/magic-8.2.157+ds.1/resis/ResRex.c:1636:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cp = newname+strlen(newname)-1; data/magic-8.2.157+ds.1/resis/ResWrite.c:214:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpname = (char *) mallocMagic((unsigned) (strlen(newname)+1)); data/magic-8.2.157+ds.1/router/rtrFdback.c:100:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(netname) + strlen(msg)) >= 2048) data/magic-8.2.157+ds.1/router/rtrFdback.c:100:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(netname) + strlen(msg)) >= 2048) data/magic-8.2.157+ds.1/sim/SimDBstuff.c:301:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(nodeName); data/magic-8.2.157+ds.1/sim/SimDBstuff.c:904:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text) + sizeof (Label) - sizeof lab->lab_text + 1; data/magic-8.2.157+ds.1/sim/SimRsim.c:334:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(keyBoardBuf, "\n"); data/magic-8.2.157+ds.1/sim/SimRsim.c:349:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(pipeOut, keyBoardBuf, strlen(keyBoardBuf)) < 0) { data/magic-8.2.157+ds.1/sim/SimRsim.c:408:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prompt_len = strlen( rsim_prompt ); data/magic-8.2.157+ds.1/sim/SimRsim.c:585:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(pipeOut, cmdStr, strlen(cmdStr)) < 0) { data/magic-8.2.157+ds.1/sim/SimRsim.c:683:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). charsRead = read(pipeIn, temp, (READBUF_SIZE - 1 - *charCount)); data/magic-8.2.157+ds.1/sim/SimRsim.c:899:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charsInBuff -= (strlen(strptr1) + 1); /* + 1 because of the '\n' */ data/magic-8.2.157+ds.1/sim/SimSelect.c:157:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strptr = buffer + strlen(buffer) - 1; data/magic-8.2.157+ds.1/sim/SimSelect.c:401:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newNodeTile->tl_nodeName = (char *) mallocMagic((unsigned) (strlen(nodeName) + 1)); data/magic-8.2.157+ds.1/sim/SimSelect.c:523:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). current->tl_nodeName = (char *) mallocMagic((unsigned) (strlen(name) + 1)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:130:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). substcmd = (char *)mallocMagic(strlen(postcmd) + 1); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:169:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) + 2); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:171:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) + strlen(tkpath)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:171:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) + strlen(tkpath)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:190:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) data/magic-8.2.157+ds.1/tcltk/tclmagic.c:191:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(sres) + 1); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:205:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) data/magic-8.2.157+ds.1/tcltk/tclmagic.c:206:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(argv[argidx])); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:216:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) + 1); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:227:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newcmd = (char *)mallocMagic(strlen(substcmd) + 1); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:284:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[2]) == 0) data/magic-8.2.157+ds.1/tcltk/tclmagic.c:338:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objv0 = Tcl_NewStringObj(argv0, strlen(argv0)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:350:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objv[0] = Tcl_NewStringObj(resolutions[idx], strlen(resolutions[idx])); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:355:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). objv[i] = Tcl_NewStringObj(argv[i], strlen(argv[i])); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:495:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tclcmdstr = (char *)mallocMagic(52 + 2 * strlen(wname)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:876:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string = Tcl_Alloc(20 + strlen(prefix)); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:906:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, string, length); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:953:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(reply) > 0) data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1031:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(bigstr, outptr, 24); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1051:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(finalstr, outptr, 24); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1156:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(TxBuffer); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1164:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, TxBuffer, toRead); data/magic-8.2.157+ds.1/tcltk/tclmagic.c:1174:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytesRead = read(fsPtr->fd, buf, (size_t) toRead); data/magic-8.2.157+ds.1/textio/txCommands.c:854:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmd->tx_argstring, remainder, TX_MAX_CMDLEN); data/magic-8.2.157+ds.1/textio/txCommands.c:1158:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (asize + strlen(argv[n]) >= TX_MAX_CMDLEN) data/magic-8.2.157+ds.1/textio/txCommands.c:1166:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). asize += (1 + strlen(argv[n])); data/magic-8.2.157+ds.1/textio/txInput.c:463:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(txReprint1); data/magic-8.2.157+ds.1/textio/txInput.c:591:3: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(line, " "); data/magic-8.2.157+ds.1/textio/txInput.c:699:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (nextName(&path, "", dirname, strlen(Path))) data/magic-8.2.157+ds.1/textio/txInput.c:703:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dirname) == 0) data/magic-8.2.157+ds.1/textio/txInput.c:704:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dirname, "."); data/magic-8.2.157+ds.1/textio/txInput.c:715:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). != (char *)NULL && base[strlen(DBSuffix)] == '\0') data/magic-8.2.157+ds.1/textio/txInput.c:718:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dirent->d_name) > 0) data/magic-8.2.157+ds.1/textio/txInput.c:747:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text); data/magic-8.2.157+ds.1/textio/txInput.c:781:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text); data/magic-8.2.157+ds.1/textio/txInput.c:815:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text); data/magic-8.2.157+ds.1/textio/txInput.c:859:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text); data/magic-8.2.157+ds.1/textio/txInput.c:909:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(text); data/magic-8.2.157+ds.1/textio/txInput.c:1045:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (res) >= maxChars) { data/magic-8.2.157+ds.1/textio/txInput.c:1152:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (((i + strlen(txReprint1)) % 8) == 0) break; data/magic-8.2.157+ds.1/textio/txMain.c:145:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(magic_command_list[j], commandTable[i], k); data/magic-8.2.157+ds.1/textio/txMain.c:160:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(magic_command_list[j], commandTable[i], k); data/magic-8.2.157+ds.1/textio/txOutput.c:369:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pagerpath = (char *) mallocMagic((unsigned) (strlen(PAGERDIR) + 1)); data/magic-8.2.157+ds.1/utils/finddisp.c:105:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. i = sscanf(line, "%99s %99s %99s %99s %99s", name1, name2, data/magic-8.2.157+ds.1/utils/getrect.c:70:9: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void) getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:72:28: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (isNegative = ((c = getc(fin)) == '-')) c = getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:72:52: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (isNegative = ((c = getc(fin)) == '-')) c = getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:73:55: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit(c); n = n * 10 + c - '0', c = getc(fin)) data/magic-8.2.157+ds.1/utils/getrect.c:77:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && isspace(c)) /* Nothing */; data/magic-8.2.157+ds.1/utils/getrect.c:79:38: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (isNegative = (c == '-')) c = getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:80:55: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit(c); n = n * 10 + c - '0', c = getc(fin)) data/magic-8.2.157+ds.1/utils/getrect.c:84:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && isspace(c)) /* Nothing */; data/magic-8.2.157+ds.1/utils/getrect.c:86:38: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (isNegative = (c == '-')) c = getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:87:55: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit(c); n = n * 10 + c - '0', c = getc(fin)) data/magic-8.2.157+ds.1/utils/getrect.c:91:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(fin)) != EOF && isspace(c)) /* Nothing */; data/magic-8.2.157+ds.1/utils/getrect.c:93:38: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (isNegative = (c == '-')) c = getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:94:55: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (n = 0; isdigit(c); n = n * 10 + c - '0', c = getc(fin)) data/magic-8.2.157+ds.1/utils/getrect.c:115:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fin); data/magic-8.2.157+ds.1/utils/getrect.c:130:6: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fin); data/magic-8.2.157+ds.1/utils/hash.c:420:66: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = (HashEntry *) mallocMagic((unsigned) (sizeof(HashEntry)+strlen(key)-3)); data/magic-8.2.157+ds.1/utils/macros.c:286:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlength = strlen(macrostr); data/magic-8.2.157+ds.1/utils/macros.c:287:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). srchsize = strlen(searchstr); data/magic-8.2.157+ds.1/utils/macros.c:288:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expand = strlen(replacestr) - srchsize; data/magic-8.2.157+ds.1/utils/macros.c:397:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vis = (char *) mallocMagic( sizeof(char) * (strlen(str) + 32) ); data/magic-8.2.157+ds.1/utils/macros.c:576:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pointerStr = (char *)mallocMagic(9 + strlen(str)); data/magic-8.2.157+ds.1/utils/macros.c:590:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) == 1) data/magic-8.2.157+ds.1/utils/macros.c:594:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strlen(str) == 2 && *str == '^') data/magic-8.2.157+ds.1/utils/main.c:295:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(argv[0]) <= 2) || argv[0][2] == 'e') data/magic-8.2.157+ds.1/utils/main.c:329:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(argv[0]) < 4) data/magic-8.2.157+ds.1/utils/main.c:566:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CellLibPath = (char *)mallocMagic(strlen(MAGIC_LIB_PATH_FORMAT) data/magic-8.2.157+ds.1/utils/main.c:567:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(TechFileName) - 1); data/magic-8.2.157+ds.1/utils/main.c:573:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CellLibPath = (char *)mallocMagic(strlen(MAGIC_LIB_PATH_FORMAT) data/magic-8.2.157+ds.1/utils/main.c:574:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(TechDefault) - 1); data/magic-8.2.157+ds.1/utils/parsetest.c:17:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(str, ""); data/magic-8.2.157+ds.1/utils/path.c:66:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). oldlength = strlen(*pathptr); data/magic-8.2.157+ds.1/utils/path.c:67:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). addlength = strlen(newstring); data/magic-8.2.157+ds.1/utils/path.c:170:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newEntry = (char *) mallocMagic((unsigned) (strlen(string) + 1)); data/magic-8.2.157+ds.1/utils/path.c:183:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gotname: length = strlen(string); data/magic-8.2.157+ds.1/utils/path.c:185:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(*pdest, string, length+1); data/magic-8.2.157+ds.1/utils/path.c:241:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newEntry = (char *) mallocMagic((unsigned) (strlen(string) + 1)); data/magic-8.2.157+ds.1/utils/path.c:245:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gotvar: length = strlen(string); data/magic-8.2.157+ds.1/utils/path.c:247:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(*pdest, string, length+1); data/magic-8.2.157+ds.1/utils/path.c:343:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (size < strlen(file)) strncpy(p, file, size); data/magic-8.2.157+ds.1/utils/path.c:343:30: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (size < strlen(file)) strncpy(p, file, size); data/magic-8.2.157+ds.1/utils/path.c:417:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(file); data/magic-8.2.157+ds.1/utils/path.c:421:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(extendedName, file, length + 1); data/magic-8.2.157+ds.1/utils/path.c:423:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extLength = strlen(ext); data/magic-8.2.157+ds.1/utils/path.c:436:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(&(extendedName[length]), ext, extLength + 1); data/magic-8.2.157+ds.1/utils/path.c:470:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(realName, file, MAXSIZE-1); data/magic-8.2.157+ds.1/utils/strdup.c:62:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newstr = (char *) mallocMagic((unsigned) (strlen(str) + 1)); data/magic-8.2.157+ds.1/utils/tech.c:461:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((dptr != NULL) && !strncmp(dptr, suffix, strlen(suffix))) data/magic-8.2.157+ds.1/windows/windCmdSZ.c:1186:3: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(((clientRec *)w->w_client)->w_clientName))); data/magic-8.2.157+ds.1/windows/windMain.c:307:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(clientName); data/magic-8.2.157+ds.1/windows/windMain.c:536:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(command); ANALYSIS SUMMARY: Hits = 1832 Lines analyzed = 293945 in approximately 7.66 seconds (38361 lines/second) Physical Source Lines of Code (SLOC) = 170293 Hits@level = [0] 1255 [1] 459 [2] 960 [3] 39 [4] 372 [5] 2 Hits@level+ = [0+] 3087 [1+] 1832 [2+] 1373 [3+] 413 [4+] 374 [5+] 2 Hits/KSLOC@level+ = [0+] 18.1276 [1+] 10.7579 [2+] 8.06257 [3+] 2.42523 [4+] 2.19621 [5+] 0.0117445 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.