Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mapserver-7.6.1/apache/mod_mapserver.c
Examining data/mapserver-7.6.1/cgiutil.c
Examining data/mapserver-7.6.1/cgiutil.h
Examining data/mapserver-7.6.1/classobject.c
Examining data/mapserver-7.6.1/dejavu-sans-condensed.h
Examining data/mapserver-7.6.1/dxfcolor.h
Examining data/mapserver-7.6.1/fontcache.c
Examining data/mapserver-7.6.1/fontcache.h
Examining data/mapserver-7.6.1/hittest.c
Examining data/mapserver-7.6.1/hittest.h
Examining data/mapserver-7.6.1/kerneldensity.c
Examining data/mapserver-7.6.1/layerobject.c
Examining data/mapserver-7.6.1/legend.c
Examining data/mapserver-7.6.1/mapagg.cpp
Examining data/mapserver-7.6.1/mapagg.h
Examining data/mapserver-7.6.1/mapaxisorder.h
Examining data/mapserver-7.6.1/mapbits.c
Examining data/mapserver-7.6.1/mapcairo.c
Examining data/mapserver-7.6.1/mapchart.c
Examining data/mapserver-7.6.1/mapcluster.c
Examining data/mapserver-7.6.1/mapcompositingfilter.c
Examining data/mapserver-7.6.1/mapcontext.c
Examining data/mapserver-7.6.1/mapcontour.c
Examining data/mapserver-7.6.1/mapcopy.c
Examining data/mapserver-7.6.1/mapcopy.h
Examining data/mapserver-7.6.1/mapcpl.c
Examining data/mapserver-7.6.1/mapcrypto.c
Examining data/mapserver-7.6.1/mapdebug.c
Examining data/mapserver-7.6.1/mapdraw.c
Examining data/mapserver-7.6.1/mapdrawgdal.c
Examining data/mapserver-7.6.1/mapdummyrenderer.c
Examining data/mapserver-7.6.1/mapentities.h
Examining data/mapserver-7.6.1/maperror.c
Examining data/mapserver-7.6.1/maperror.h
Examining data/mapserver-7.6.1/mapfile.c
Examining data/mapserver-7.6.1/mapfile.h
Examining data/mapserver-7.6.1/mapgdal.c
Examining data/mapserver-7.6.1/mapgeomtransform.c
Examining data/mapserver-7.6.1/mapgeomutil.cpp
Examining data/mapserver-7.6.1/mapgeos.c
Examining data/mapserver-7.6.1/mapgml.c
Examining data/mapserver-7.6.1/mapgml.h
Examining data/mapserver-7.6.1/mapgraticule.c
Examining data/mapserver-7.6.1/maphash.c
Examining data/mapserver-7.6.1/maphash.h
Examining data/mapserver-7.6.1/maphttp.c
Examining data/mapserver-7.6.1/maphttp.h
Examining data/mapserver-7.6.1/mapimageio.c
Examining data/mapserver-7.6.1/mapimagemap.c
Examining data/mapserver-7.6.1/mapio.c
Examining data/mapserver-7.6.1/mapio.h
Examining data/mapserver-7.6.1/mapjoin.c
Examining data/mapserver-7.6.1/mapkml.cpp
Examining data/mapserver-7.6.1/mapkmlrenderer.cpp
Examining data/mapserver-7.6.1/mapkmlrenderer.h
Examining data/mapserver-7.6.1/maplabel.c
Examining data/mapserver-7.6.1/maplayer.c
Examining data/mapserver-7.6.1/maplegend.c
Examining data/mapserver-7.6.1/maplexer.c
Examining data/mapserver-7.6.1/maplibxml2.c
Examining data/mapserver-7.6.1/maplibxml2.h
Examining data/mapserver-7.6.1/mapmetadata.c
Examining data/mapserver-7.6.1/mapmssql2008.c
Examining data/mapserver-7.6.1/mapmvt.c
Examining data/mapserver-7.6.1/mapobject.c
Examining data/mapserver-7.6.1/mapogcfilter.c
Examining data/mapserver-7.6.1/mapogcfilter.h
Examining data/mapserver-7.6.1/mapogcfiltercommon.cpp
Examining data/mapserver-7.6.1/mapogcsld.c
Examining data/mapserver-7.6.1/mapogcsld.h
Examining data/mapserver-7.6.1/mapogcsos.c
Examining data/mapserver-7.6.1/mapogl.cpp
Examining data/mapserver-7.6.1/mapoglcontext.cpp
Examining data/mapserver-7.6.1/mapoglcontext.h
Examining data/mapserver-7.6.1/mapoglrenderer.cpp
Examining data/mapserver-7.6.1/mapoglrenderer.h
Examining data/mapserver-7.6.1/mapogr.cpp
Examining data/mapserver-7.6.1/mapogroutput.cpp
Examining data/mapserver-7.6.1/maporaclespatial.c
Examining data/mapserver-7.6.1/mapoutput.c
Examining data/mapserver-7.6.1/mapows.c
Examining data/mapserver-7.6.1/mapows.h
Examining data/mapserver-7.6.1/mapowscommon.c
Examining data/mapserver-7.6.1/mapowscommon.h
Examining data/mapserver-7.6.1/mapparser.c
Examining data/mapserver-7.6.1/mapparser.h
Examining data/mapserver-7.6.1/mappluginlayer.c
Examining data/mapserver-7.6.1/mappool.c
Examining data/mapserver-7.6.1/mappostgis.c
Examining data/mapserver-7.6.1/mappostgis.h
Examining data/mapserver-7.6.1/mappostgresql.c
Examining data/mapserver-7.6.1/mapprimitive.c
Examining data/mapserver-7.6.1/mapprimitive.h
Examining data/mapserver-7.6.1/mapproject.c
Examining data/mapserver-7.6.1/mapproject.h
Examining data/mapserver-7.6.1/mapquantization.c
Examining data/mapserver-7.6.1/mapquery.c
Examining data/mapserver-7.6.1/mapraster.c
Examining data/mapserver-7.6.1/mapraster.h
Examining data/mapserver-7.6.1/maprasterquery.c
Examining data/mapserver-7.6.1/mapregex.c
Examining data/mapserver-7.6.1/mapregex.h
Examining data/mapserver-7.6.1/maprendering.c
Examining data/mapserver-7.6.1/mapresample.c
Examining data/mapserver-7.6.1/mapresample.h
Examining data/mapserver-7.6.1/mapscale.c
Examining data/mapserver-7.6.1/mapscript/php/class.c
Examining data/mapserver-7.6.1/mapscript/php/cluster.c
Examining data/mapserver-7.6.1/mapscript/php/color.c
Examining data/mapserver-7.6.1/mapscript/php/error.c
Examining data/mapserver-7.6.1/mapscript/php/grid.c
Examining data/mapserver-7.6.1/mapscript/php/hashtable.c
Examining data/mapserver-7.6.1/mapscript/php/image.c
Examining data/mapserver-7.6.1/mapscript/php/label.c
Examining data/mapserver-7.6.1/mapscript/php/labelcache.c
Examining data/mapserver-7.6.1/mapscript/php/labelcachemember.c
Examining data/mapserver-7.6.1/mapscript/php/labelleader.c
Examining data/mapserver-7.6.1/mapscript/php/layer.c
Examining data/mapserver-7.6.1/mapscript/php/legend.c
Examining data/mapserver-7.6.1/mapscript/php/line.c
Examining data/mapserver-7.6.1/mapscript/php/map.c
Examining data/mapserver-7.6.1/mapscript/php/mapscript_error.c
Examining data/mapserver-7.6.1/mapscript/php/mapscript_i.c
Examining data/mapserver-7.6.1/mapscript/php/outputformat.c
Examining data/mapserver-7.6.1/mapscript/php/owsrequest.c
Examining data/mapserver-7.6.1/mapscript/php/php_mapscript.c
Examining data/mapserver-7.6.1/mapscript/php/php_mapscript.h
Examining data/mapserver-7.6.1/mapscript/php/php_mapscript_util.c
Examining data/mapserver-7.6.1/mapscript/php/php_mapscript_util.h
Examining data/mapserver-7.6.1/mapscript/php/php_regex.c
Examining data/mapserver-7.6.1/mapscript/php/point.c
Examining data/mapserver-7.6.1/mapscript/php/projection.c
Examining data/mapserver-7.6.1/mapscript/php/querymap.c
Examining data/mapserver-7.6.1/mapscript/php/rect.c
Examining data/mapserver-7.6.1/mapscript/php/referencemap.c
Examining data/mapserver-7.6.1/mapscript/php/result.c
Examining data/mapserver-7.6.1/mapscript/php/scalebar.c
Examining data/mapserver-7.6.1/mapscript/php/shape.c
Examining data/mapserver-7.6.1/mapscript/php/shapefile.c
Examining data/mapserver-7.6.1/mapscript/php/style.c
Examining data/mapserver-7.6.1/mapscript/php/symbol.c
Examining data/mapserver-7.6.1/mapscript/php/web.c
Examining data/mapserver-7.6.1/mapscript/v8/line.cpp
Examining data/mapserver-7.6.1/mapscript/v8/line.hpp
Examining data/mapserver-7.6.1/mapscript/v8/point.cpp
Examining data/mapserver-7.6.1/mapscript/v8/point.hpp
Examining data/mapserver-7.6.1/mapscript/v8/shape.cpp
Examining data/mapserver-7.6.1/mapscript/v8/shape.hpp
Examining data/mapserver-7.6.1/mapscript/v8/v8_mapscript.cpp
Examining data/mapserver-7.6.1/mapscript/v8/v8_mapscript.h
Examining data/mapserver-7.6.1/mapscript/v8/v8_object_wrap.hpp
Examining data/mapserver-7.6.1/mapsearch.c
Examining data/mapserver-7.6.1/mapserv.c
Examining data/mapserver-7.6.1/mapserv.h
Examining data/mapserver-7.6.1/mapserver-api.c
Examining data/mapserver-7.6.1/mapserver-api.h
Examining data/mapserver-7.6.1/mapserver.h
Examining data/mapserver-7.6.1/mapservutil.c
Examining data/mapserver-7.6.1/mapshape.c
Examining data/mapserver-7.6.1/mapshape.h
Examining data/mapserver-7.6.1/mapsmoothing.c
Examining data/mapserver-7.6.1/mapstring.c
Examining data/mapserver-7.6.1/mapsymbol.c
Examining data/mapserver-7.6.1/mapsymbol.h
Examining data/mapserver-7.6.1/maptclutf.c
Examining data/mapserver-7.6.1/maptemplate.c
Examining data/mapserver-7.6.1/maptemplate.h
Examining data/mapserver-7.6.1/mapthread.c
Examining data/mapserver-7.6.1/mapthread.h
Examining data/mapserver-7.6.1/maptile.c
Examining data/mapserver-7.6.1/maptile.h
Examining data/mapserver-7.6.1/maptime.c
Examining data/mapserver-7.6.1/maptime.h
Examining data/mapserver-7.6.1/maptree.c
Examining data/mapserver-7.6.1/maptree.h
Examining data/mapserver-7.6.1/mapunion.c
Examining data/mapserver-7.6.1/maputfgrid.cpp
Examining data/mapserver-7.6.1/maputfgrid.h
Examining data/mapserver-7.6.1/maputil.c
Examining data/mapserver-7.6.1/mapuvraster.c
Examining data/mapserver-7.6.1/mapv8.cpp
Examining data/mapserver-7.6.1/mapwcs.c
Examining data/mapserver-7.6.1/mapwcs.h
Examining data/mapserver-7.6.1/mapwcs11.c
Examining data/mapserver-7.6.1/mapwcs20.c
Examining data/mapserver-7.6.1/mapwfs.c
Examining data/mapserver-7.6.1/mapwfs11.c
Examining data/mapserver-7.6.1/mapwfs20.c
Examining data/mapserver-7.6.1/mapwfslayer.c
Examining data/mapserver-7.6.1/mapwms.c
Examining data/mapserver-7.6.1/mapwmslayer.c
Examining data/mapserver-7.6.1/mapxbase.c
Examining data/mapserver-7.6.1/mapxml.c
Examining data/mapserver-7.6.1/mapxmp.c
Examining data/mapserver-7.6.1/msencrypt.c
Examining data/mapserver-7.6.1/opengl/glext.h
Examining data/mapserver-7.6.1/opengl/wglext.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_alpha_mask_u8.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_arc.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_array.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_arrowhead.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_basics.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_bezier_arc.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_bitset_iterator.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_blur.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_bounding_rect.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_bspline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_clip_liang_barsky.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_color_gray.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_color_rgba.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_config.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_adaptor_vcgen.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_adaptor_vpgen.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_bspline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_clip_polygon.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_clip_polyline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_clipper.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_close_polygon.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_concat.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_contour.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_curve.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_dash.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_gpc.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_marker.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_marker_adaptor.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_segmentator.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_shorten_path.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_smooth_poly1.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_stroke.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_transform.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_conv_unclose_polygon.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_curves.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_dda_line.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_ellipse.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_ellipse_bresenham.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_embedded_raster_fonts.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_font_cache_manager.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_font_freetype.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_gamma_functions.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_gamma_lut.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_glyph_raster_bin.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_gradient_lut.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_gsv_text.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_image_accessors.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_image_filters.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_line_aa_basics.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_math.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_math_stroke.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_path_length.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_path_storage.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_path_storage_integer.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pattern_filters_rgba.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_amask_adaptor.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_gray.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_rgb.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_rgb_packed.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_rgba.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_transposer.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_cells_aa.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_compound_aa.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_outline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_outline_aa.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_scanline_aa.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_sl_clip.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_base.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_markers.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_mclip.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_outline_aa.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_outline_image.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_primitives.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_raster_text.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_renderer_scanline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rendering_buffer.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rendering_buffer_dynarow.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_rounded_rect.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_scanline_bin.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_scanline_boolean_algebra.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_scanline_p.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_aa.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_bin.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_scanline_u.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_shorten_path.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_simul_eq.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_allocator.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_converter.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_gouraud.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_gouraud_gray.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_gouraud_rgba.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_gradient.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_gradient_alpha.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_image_filter.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_image_filter_gray.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_image_filter_rgb.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_image_filter_rgba.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_interpolator_adaptor.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_interpolator_linear.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_interpolator_persp.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_interpolator_trans.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_pattern_gray.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_pattern_rgb.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_pattern_rgba.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_solid.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_span_subdiv_adaptor.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_svg_exception.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_svg_parser.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_svg_path_renderer.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_svg_path_tokenizer.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_affine.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_bilinear.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_double_path.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_perspective.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_single_path.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_viewport.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_trans_warp_magnifier.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_bspline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_contour.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_dash.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_markers_term.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_smooth_poly1.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_stroke.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vcgen_vertex_sequence.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vertex_sequence.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vpgen_clip_polygon.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vpgen_clip_polyline.h
Examining data/mapserver-7.6.1/renderers/agg/include/agg_vpgen_segmentator.h
Examining data/mapserver-7.6.1/renderers/agg/include/clipper.hpp
Examining data/mapserver-7.6.1/renderers/agg/include/util/agg_color_conv.h
Examining data/mapserver-7.6.1/renderers/agg/include/util/agg_color_conv_rgb16.h
Examining data/mapserver-7.6.1/renderers/agg/include/util/agg_color_conv_rgb8.h
Examining data/mapserver-7.6.1/renderers/agg/src/agg_arc.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_arrowhead.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_bezier_arc.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_bspline.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_curves.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_embedded_raster_fonts.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_gsv_text.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_image_filters.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_line_aa_basics.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_line_profile_aa.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_rounded_rect.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_sqrt_tables.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_renderer.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_tokenizer.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_trans_affine.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_trans_double_path.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_trans_single_path.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_trans_warp_magnifier.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vcgen_bspline.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vcgen_contour.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vcgen_dash.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vcgen_markers_term.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vcgen_smooth_poly1.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vcgen_stroke.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vpgen_clip_polygon.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vpgen_clip_polyline.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/agg_vpgen_segmentator.cpp
Examining data/mapserver-7.6.1/renderers/agg/src/clipper.cpp
Examining data/mapserver-7.6.1/scalebar.c
Examining data/mapserver-7.6.1/shp2img.c
Examining data/mapserver-7.6.1/shptree.c
Examining data/mapserver-7.6.1/shptreetst.c
Examining data/mapserver-7.6.1/shptreevis.c
Examining data/mapserver-7.6.1/sortshp.c
Examining data/mapserver-7.6.1/strptime.c
Examining data/mapserver-7.6.1/sym2img.c
Examining data/mapserver-7.6.1/testcopy.c
Examining data/mapserver-7.6.1/testexpr.c
Examining data/mapserver-7.6.1/textlayout.c
Examining data/mapserver-7.6.1/tile4ms.c
Examining data/mapserver-7.6.1/uthash.h
FINAL RESULTS:
data/mapserver-7.6.1/mapchart.c:297:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
switch(sscanf(chartRangeProcessingKey,"%s %lf %lf %lf %lf",attrib,
data/mapserver-7.6.1/mapcontext.c:242:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszMetadataName, "%s_width", pszMetadataRoot );
data/mapserver-7.6.1/mapcontext.c:245:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszMetadataName, "%s_height", pszMetadataRoot );
data/mapserver-7.6.1/mapcontext.c:248:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszMetadataName, "%s_format", pszMetadataRoot );
data/mapserver-7.6.1/mapcontext.c:251:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszMetadataName, "%s_href", pszMetadataRoot );
data/mapserver-7.6.1/mapcontext.c:288:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszMetadata, "%s%s", pszHash, pszXMLValue );
data/mapserver-7.6.1/mapcontext.c:290:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszMetadata, "%s%s%s", pszHash, pszHashDelimiter,
data/mapserver-7.6.1/mapcontext.c:383:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszValue1, "%s,%s", pszHash, pszValue);
data/mapserver-7.6.1/mapcontext.c:475:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszValue1, "%s,%s", pszHash, pszStyleName);
data/mapserver-7.6.1/mapcontext.c:485:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyle,"wms_style_%s_title",pszStyleName);
data/mapserver-7.6.1/mapcontext.c:495:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyle, "wms_style_%s_sld", pszStyleName);
data/mapserver-7.6.1/mapcontext.c:503:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyle, "wms_style_%s_sld_body", pszStyleName);
data/mapserver-7.6.1/mapcontext.c:531:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszStyle, "wms_style_%s_legendurl",
data/mapserver-7.6.1/mapcontext.c:610:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszValue, "%s,%s", pszHash, pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:619:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszDimension, "wms_dimension_%s_units", pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:624:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszDimension, "wms_dimension_%s_unitsymbol", pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:629:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszDimension, "wms_dimension_%s_uservalue", pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:637:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszDimension, "wms_dimension_%s_default", pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:642:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszDimension, "wms_dimension_%s_multiplevalues", pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:647:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszDimension, "wms_dimension_%s_nearestvalue", pszDimensionName);
data/mapserver-7.6.1/mapcontext.c:682:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszProj, "init=epsg:%s", pszValue+5);
data/mapserver-7.6.1/mapcontext.c:858:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszName, "l%d:%s", layer->index, pszValue);
data/mapserver-7.6.1/mapcontext.c:981:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszProj, "EPSG:%s",
data/mapserver-7.6.1/mapcontext.c:1823:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyleItem, "wms_style_%s_sld", pszStyle);
data/mapserver-7.6.1/mapcontext.c:1837:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyleItem, "wms_style_%s_sld_body", pszStyle);
data/mapserver-7.6.1/mapcontext.c:1856:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyleItem, "wms_style_%s_title",pszStyle);
data/mapserver-7.6.1/mapcontext.c:1868:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszStyleItem, "style_%s_legendurl",
data/mapserver-7.6.1/mapcontour.c:113:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(clinfo->ogrLayer.connection, "__%s_CONTOUR__", clinfo->ogrLayer.name);
data/mapserver-7.6.1/mapcontour.c:438:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(memDSPointer,"MEM:::DATAPOINTER=%s,PIXELS=%d,LINES=%d,BANDS=1,DATATYPE=Float64",
data/mapserver-7.6.1/mapcpl.c:186:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(withUnder, pszSymbolName);
data/mapserver-7.6.1/mapcrypto.c:579:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string_buf2, "string with a {%s} encrypted token", string_buf);
data/mapserver-7.6.1/mapdebug.c:359:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( szMessage, MESSAGELENGTH, pszFormat, args );
data/mapserver-7.6.1/mapdrawgdal.c:1601:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char*)(fullPath + fullPathLen), gdalDesc);
data/mapserver-7.6.1/maperror.c:337:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( message, MESSAGELENGTH, message_fmt, args );
data/mapserver-7.6.1/maperror.c:525:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(version, "MapServer version %s", MS_VERSION);
data/mapserver-7.6.1/mapfile.c:7045:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag,"%%%s%%",key);
data/mapserver-7.6.1/mapfile.c:7065:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag,"%%%s%%",key);
data/mapserver-7.6.1/mapfile.c:7085:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag,"%%%s%%",key);
data/mapserver-7.6.1/mapgdal.c:628:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( pszProj4, projection->args[i] );
data/mapserver-7.6.1/mapgml.c:471:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszGMLId, " gml:id=\"%s.%d\"", pszFID, *p_id);
data/mapserver-7.6.1/mapgml.c:1345:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(itemtab, "%s ", tab);
data/mapserver-7.6.1/mapgml.c:1456:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s_layer", lp->name);
data/mapserver-7.6.1/mapgml.c:1520:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s_feature", lp->name);
data/mapserver-7.6.1/mapgml.c:1554:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s_feature", lp->name);
data/mapserver-7.6.1/mapgml.c:1566:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(value, "%s_layer", lp->name);
data/mapserver-7.6.1/mapgml.c:1739:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(layerName, "%s:%s", namespace_prefix, lp->name);
data/mapserver-7.6.1/mapgml.c:1801:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszFID, "%s.%s", lp->name, shape.values[featureIdIndex]);
data/mapserver-7.6.1/mapgraticule.c:92:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pInfo->labelformat, MAPGRATICULE_FORMAT_STRING_DEFAULT );
data/mapserver-7.6.1/mapgraticule.c:97:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pInfo->labelformat, MAPGRATICULE_FORMAT_STRING_DDMMSS );
data/mapserver-7.6.1/mapgraticule.c:102:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pInfo->labelformat, MAPGRATICULE_FORMAT_STRING_DDMM );
data/mapserver-7.6.1/mapgraticule.c:107:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pInfo->labelformat, MAPGRATICULE_FORMAT_STRING_DD );
data/mapserver-7.6.1/mapgraticule.c:1023:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( cBuffer, pInfo->labelformat, iDegrees, iMinutes, (int) (dDataToFormat * 3600.0) );
data/mapserver-7.6.1/mapgraticule.c:1028:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( cBuffer, pInfo->labelformat, iDegrees, (int) (dDataToFormat * 60.0) );
data/mapserver-7.6.1/mapgraticule.c:1032:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( cBuffer, pInfo->labelformat, iDegrees);
data/mapserver-7.6.1/mapgraticule.c:1036:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf( cBuffer, pInfo->labelformat, dDataToFormat );
data/mapserver-7.6.1/maphttp.c:552:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pasReqInfo[i].pszUserAgent,
data/mapserver-7.6.1/mapimagemap.c:131:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, fmt);
data/mapserver-7.6.1/mapimagemap.c:166:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf((*(ps->string)) + ps->string_len,
data/mapserver-7.6.1/mapimagemap.c:176:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
n = vsprintf((*(ps->string)) + ps->string_len, fmt, ap);
data/mapserver-7.6.1/mapimagemap.c:696:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(workbuffer, "%s", img->img.imagemap+iIndice );
data/mapserver-7.6.1/mapio.c:346:23: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
while( (ret_val = vsnprintf( *workBufPtr, workBufSize,
data/mapserver-7.6.1/mapio.c:367:13: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret_val = vsprintf( *workBufPtr, format, ap );
data/mapserver-7.6.1/mapio.c:424:16: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return_val = vsprintf( workBuf, format, ap);
data/mapserver-7.6.1/mapio.c:439:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
return_val = vsnprintf( workBuf, sizeof(workBuf), format, ap );
data/mapserver-7.6.1/mapkmlrenderer.cpp:967:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iconFileName, "symbol_%s_%.1f.%s", symbol->name, symstyle->scale, "png");
data/mapserver-7.6.1/mapkmlrenderer.cpp:976:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(iconUrl, "%s%s.%s", img->imageurl, msGetBasename(iconFileName), "png");
data/mapserver-7.6.1/mapkmlrenderer.cpp:1017:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lineStyleName, "_line_%s_w%.1f", lineHexColor, LineStyle[i].width);
data/mapserver-7.6.1/mapkmlrenderer.cpp:1041:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(polygonStyleName, "_polygon_%s", polygonHexColor);
data/mapserver-7.6.1/mapkmlrenderer.cpp:1065:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(labelStyleName, "_label_%s", labelHexColor);
data/mapserver-7.6.1/maplabel.c:825:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line,"%s %s", alias, file1);
data/mapserver-7.6.1/maplayer.c:1179:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( directive, "%s=%s", key, value );
data/mapserver-7.6.1/maplexer.c:2325:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext); \
data/mapserver-7.6.1/maplexer.c:4314:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer,msyytext);
data/mapserver-7.6.1/maplexer.c:4326:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer,msyytext);
data/mapserver-7.6.1/maplexer.c:4340:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer,msyytext);
data/mapserver-7.6.1/maplexer.c:4378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4392:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4406:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4416:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer,msyytext);
data/mapserver-7.6.1/maplexer.c:4427:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer,msyytext);
data/mapserver-7.6.1/maplexer.c:4441:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4454:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4467:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4479:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4491:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4614:53: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/maplexer.c:4651:51: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msyystring_buffer, msyytext);
data/mapserver-7.6.1/mapmssql2008.c:986:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maskeddata, layer->connection);
data/mapserver-7.6.1/mapmssql2008.c:1377:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(f_table_name, geom_table);
data/mapserver-7.6.1/mapmssql2008.c:1406:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(box3d, "%s::STGeomFromText('POINT(%.15g %.15g)',%s)", /* %s.STSrid)", */
data/mapserver-7.6.1/mapmssql2008.c:1414:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(box3d, "Geography::STGeomFromText('CURVEPOLYGON((%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g))',%s)", /* %s.STSrid)", */
data/mapserver-7.6.1/mapmssql2008.c:1426:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(box3d, "Geometry::STGeomFromText('POLYGON((%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g,%.15g %.15g))',%s)", /* %s.STSrid)", */
data/mapserver-7.6.1/mapmssql2008.c:1441:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data_source, geom_table);
data/mapserver-7.6.1/mapmssql2008.c:1456:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result + (start - geom_table), box3d);
data/mapserver-7.6.1/mapmssql2008.c:1457:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, end);
data/mapserver-7.6.1/mapmssql2008.c:2735:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(layer->items[item_num], colBuff);
data/mapserver-7.6.1/mapmssql2008.c:2790:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, tmp1);
data/mapserver-7.6.1/mapmssql2008.c:2791:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, sql);
data/mapserver-7.6.1/mapmssql2008.c:3082:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, layerinfo->current_node->tokenval.dblval);
data/mapserver-7.6.1/mapmssql2008.c:3090:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mapmssql2008.c:3162:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mapmssql2008.c:3173:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, layer->map->cellsize);
data/mapserver-7.6.1/mapmssql2008.c:3542:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, filter->string); // TODO: escape filter->string
data/mapserver-7.6.1/mapmssql2008.c:3560:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, filter->string); // TODO: escape filter->string
data/mapserver-7.6.1/mapogcfilter.c:1530:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( psFilterNode->psRightNode->pszValue, pszLowerNode);
data/mapserver-7.6.1/mapogcfilter.c:1718:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(psFilterNode->psRightNode->pszValue, "%s/%s", pszBeginTime, pszEndTime);
data/mapserver-7.6.1/mapogcfilter.c:2313:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszBuffer, "%s", pszTmp);
data/mapserver-7.6.1/mapogcfilter.c:2332:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszBuffer, "%s", pszTmp);
data/mapserver-7.6.1/mapogcfilter.c:2348:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszTmp);
data/mapserver-7.6.1/mapogcfilter.c:2350:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, psFilterNode->pszValue);
data/mapserver-7.6.1/mapogcfilter.c:2364:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszTmp);
data/mapserver-7.6.1/mapogcfilter.c:2380:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszTmp);
data/mapserver-7.6.1/mapogcfiltercommon.cpp:288:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "(\"[");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:290:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s","([");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:295:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s","]\" ");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:297:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "] ");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:303:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "=*");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:305:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "=");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:307:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "!=");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:309:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "<");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:311:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", ">");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:313:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "<=");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:315:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", ">=");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:317:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "~");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:324:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "\"");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:328:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "`");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:339:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "\"");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:343:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", "`");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:347:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szTmp, "%s", ")");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:529:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuffer, "%s", "intersects");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:532:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuffer, "%s", "intersects");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:536:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuffer, "%s", pszTmp);
data/mapserver-7.6.1/mapogcfiltercommon.cpp:544:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuffer, "%s", "[shape]");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:550:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuffer, "%s", "fromText('");
data/mapserver-7.6.1/mapogcfiltercommon.cpp:553:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szBuffer, "%s", "')");
data/mapserver-7.6.1/mapogcsld.c:303:23: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszTmp2,"(%s)",tmpstr1);
data/mapserver-7.6.1/mapogcsos.c:2580:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpstr,"%%%s%%", "procedure");
data/mapserver-7.6.1/mapogcsos.c:2638:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpstr,"%%%s%%", "procedure");
data/mapserver-7.6.1/mapogroutput.cpp:856:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datasource_name, request_dir);
data/mapserver-7.6.1/maporaclespatial.c:2143:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bind_tag, ":%s", bind_key);
data/mapserver-7.6.1/maporaclespatial.c:2292:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shape->values[i], (char *)sthand->items[i][ sthand->row ]);
data/mapserver-7.6.1/maporaclespatial.c:2413:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shape->values[i], (char *)sthand->items[i][ sthand->row ]);
data/mapserver-7.6.1/maporaclespatial.c:2670:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shape->values[i], (char *)sthand->items_query[sthand->row][i]);
data/mapserver-7.6.1/maporaclespatial.c:3115:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(layer->items[count_item], flk);
data/mapserver-7.6.1/maporaclespatial.c:3352:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shape.values[i], (char *)sthand->items_query[sthand->row][i]);
data/mapserver-7.6.1/maporaclespatial.c:3542:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, filter->string); // TODO: escape filter->string (msPostGISEscapeSQLParam)
data/mapserver-7.6.1/maporaclespatial.c:3555:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, filter->string); // TODO: escape filter->string (msPostGISEscapeSQLParam)
data/mapserver-7.6.1/maporaclespatial.c:3602:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, node->tokenval.dblval); // TODO: escape strval
data/mapserver-7.6.1/maporaclespatial.c:3609:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, dfDistance);
data/mapserver-7.6.1/maporaclespatial.c:3622:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, node->tokenval.strval); // TODO: escape strval
data/mapserver-7.6.1/maporaclespatial.c:3649:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, (node->tokenval.tmval.tm_year+1900));
data/mapserver-7.6.1/maporaclespatial.c:3653:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, (node->tokenval.tmval.tm_year+1900), (node->tokenval.tmval.tm_mon+1));
data/mapserver-7.6.1/maporaclespatial.c:3657:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, (node->tokenval.tmval.tm_year+1900), (node->tokenval.tmval.tm_mon+1), node->tokenval.tmval.tm_mday);
data/mapserver-7.6.1/maporaclespatial.c:3661:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, (node->tokenval.tmval.tm_year+1900), (node->tokenval.tmval.tm_mon+1), node->tokenval.tmval.tm_mday, node->tokenval.tmval.tm_hour);
data/mapserver-7.6.1/maporaclespatial.c:3665:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, (node->tokenval.tmval.tm_year+1900), (node->tokenval.tmval.tm_mon+1), node->tokenval.tmval.tm_mday, node->tokenval.tmval.tm_hour, node->tokenval.tmval.tm_min);
data/mapserver-7.6.1/maporaclespatial.c:3669:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, (node->tokenval.tmval.tm_year+1900), (node->tokenval.tmval.tm_mon+1), node->tokenval.tmval.tm_mday, node->tokenval.tmval.tm_hour, node->tokenval.tmval.tm_min, node->tokenval.tmval.tm_sec);
data/mapserver-7.6.1/maporaclespatial.c:3700:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, node->tokenval.strval); // TODO: escape strval (msPostGISEscapeSQLParam)
data/mapserver-7.6.1/maporaclespatial.c:3713:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, layer->map->cellsize);
data/mapserver-7.6.1/mapoutput.c:804:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( newline, "%s=%s", key, value );
data/mapserver-7.6.1/mapows.c:1011:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(newname, "%s_%2.2d", lp->name, count);
data/mapserver-7.6.1/mapows.c:1171:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(online_resource, validated_language);
data/mapserver-7.6.1/mapows.c:1754:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(type, buffer_size_tmp, type_format, encoded);
data/mapserver-7.6.1/mapows.c:1767:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(width, buffer_size_tmp, width_format, encoded);
data/mapserver-7.6.1/mapows.c:1780:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(height, buffer_size_tmp, height_format, encoded);
data/mapserver-7.6.1/mapows.c:1793:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(urlfrmt, buffer_size_tmp, urlfrmt_format, encoded);
data/mapserver-7.6.1/mapows.c:1806:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(href, buffer_size_tmp, href_format, encoded);
data/mapserver-7.6.1/mapows.c:1828:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(type, buffer_size_tmp, type_format, default_type);
data/mapserver-7.6.1/mapows.c:1834:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(width, buffer_size_tmp, width_format, default_width);
data/mapserver-7.6.1/mapows.c:1840:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(height, buffer_size_tmp, height_format, default_height);
data/mapserver-7.6.1/mapows.c:1846:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(urlfrmt, buffer_size_tmp, urlfrmt_format, default_urlfrmt);
data/mapserver-7.6.1/mapows.c:1852:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(href, buffer_size_tmp, href_format, default_href);
data/mapserver-7.6.1/mapows.c:2564:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*epsgCode, "EPSG:%s", value+10);
data/mapserver-7.6.1/mapows.c:2568:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*epsgCode, "CRS:%s", value+9);
data/mapserver-7.6.1/mapows.c:2679:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( result, urn );
data/mapserver-7.6.1/mapowscommon.c:658:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:664:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:671:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:679:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:685:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapparser.c:901:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/mapserver-7.6.1/mapparser.c:2626:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf((yyval.strval), "%s%s", (yyvsp[-2].strval), (yyvsp[0].strval)); free((yyvsp[-2].strval)); free((yyvsp[0].strval));
data/mapserver-7.6.1/mapparser.c:2635:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf((yyval.strval), (yyvsp[-1].strval), (yyvsp[-3].dblval));
data/mapserver-7.6.1/mappostgis.c:1174:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, v72sql, layerinfo->fromsource);
data/mapserver-7.6.1/mappostgis.c:1202:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, v73sql, table, schema);
data/mapserver-7.6.1/mappostgis.c:1206:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, v73sql, layerinfo->fromsource);
data/mapserver-7.6.1/mappostgis.c:1679:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ( sz <= snprintf(strBox, sz, strBoxTemplate,
data/mapserver-7.6.1/mappostgis.c:1694:16: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
if ( sz <= snprintf(strBox, sz, strBoxTemplate,
data/mapserver-7.6.1/mappostgis.c:1780:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strGeom, strGeomTemplate, force2d, layerinfo->geomcolumn, strEndian, layerinfo->uid);
data/mapserver-7.6.1/mappostgis.c:1903:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strSRID, strSRIDTemplate, f_table_name, layerinfo->geomcolumn);
data/mapserver-7.6.1/mappostgis.c:2041:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strLimit, strLimitTemplate, layer->maxfeatures);
data/mapserver-7.6.1/mappostgis.c:2049:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strOffset, strOffsetTemplate, layer->startindex-1);
data/mapserver-7.6.1/mappostgis.c:2080:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strRect, strRectTemplate, layerinfo->geomcolumn, strBox);
data/mapserver-7.6.1/mappostgis.c:2106:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strRectOtherSRID, strRectOtherSRIDTemplate, layerinfo->geomcolumn, otherSRID, strBox);
data/mapserver-7.6.1/mappostgis.c:2145:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strRectOtherSRID, strRectOtherSRIDTemplate, layerinfo->geomcolumn, strBox);
data/mapserver-7.6.1/mappostgis.c:2165:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strFilter1, strFilterTemplate, layer->filter.native_string);
data/mapserver-7.6.1/mappostgis.c:2174:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strFilter2, strFilterTemplate, native_filter);
data/mapserver-7.6.1/mappostgis.c:2182:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strUid, strUidTemplate, layerinfo->uid, *uid);
data/mapserver-7.6.1/mappostgis.c:2307:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strSQL, strSQLTemplate, strItems, strFrom, strWhere);
data/mapserver-7.6.1/mappostgis.c:3375:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(sql, strSQLTemplate, strFrom);
data/mapserver-7.6.1/mappostgis.c:3484:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strFilter1, strFilterTemplate, layer->filter.native_string);
data/mapserver-7.6.1/mappostgis.c:3493:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strFilter2, strFilterTemplate, native_filter);
data/mapserver-7.6.1/mappostgis.c:3500:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(strSQL, buffer_len, sqlExtentTemplate, layerinfo->geomcolumn, f_table_name);
data/mapserver-7.6.1/mappostgis.c:3616:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strFilter1, strFilterTemplate, layer->filter.native_string);
data/mapserver-7.6.1/mappostgis.c:3625:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(strFilter2, strFilterTemplate, native_filter);
data/mapserver-7.6.1/mappostgis.c:3632:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(strSQL, buffer_len, sqlNumFeaturesTemplate, f_table_name);
data/mapserver-7.6.1/mappostgis.c:4050:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mappostgis.c:4070:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mappostgis.c:4134:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mappostgis.c:4150:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mappostgis.c:4205:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, stresc);
data/mapserver-7.6.1/mappostgis.c:4216:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(snippet, strtmpl, layer->map->cellsize);
data/mapserver-7.6.1/mappostgresql.c:129:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maskeddata, join->connection);
data/mapserver-7.6.1/mappostgresql.c:153:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT * FROM %s WHERE false LIMIT 0", join->table);
data/mapserver-7.6.1/mappostgresql.c:180:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(join->items[i + test], column);
data/mapserver-7.6.1/mappostgresql.c:184:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(join->items[0], column);
data/mapserver-7.6.1/mappostgresql.c:323:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(columns, join->items[i]);
data/mapserver-7.6.1/mappostgresql.c:338:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sql, "SELECT %s FROM %s WHERE %s = '%s'", columns, join->table, join->to, joininfo->from_value);
data/mapserver-7.6.1/mapprimitive.c:2301:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, buffer_length, format, rect->minx, rect->miny, rect->maxx, rect->maxy);
data/mapserver-7.6.1/mapprimitive.c:2307:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, buffer_length, format, point->x, point->y, point->z, point->m);
data/mapserver-7.6.1/mapprimitive.c:2309:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, buffer_length, format, point->x, point->y);
data/mapserver-7.6.1/mapproject.c:182:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szPipeline, in_str);
data/mapserver-7.6.1/mapproject.c:184:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szPipeline, out_str);
data/mapserver-7.6.1/mapproject.c:716:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szProjBuf,
data/mapserver-7.6.1/mapproject.c:724:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szProjBuf,
data/mapserver-7.6.1/mapproject.c:732:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szProjBuf,
data/mapserver-7.6.1/mapproject.c:740:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szProjBuf,
data/mapserver-7.6.1/mapproject.c:746:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( szProjBuf,
data/mapserver-7.6.1/mapproject.c:848:11: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szTemp, args[0] + strlen("init=epsg:"));
data/mapserver-7.6.1/mapproject.c:2313:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( last_filename, "%s/%s", ms_proj_lib, filename );
data/mapserver-7.6.1/mapproject.c:2347:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( extended_path, "%s/%s", pszRelToPath, proj_lib );
data/mapserver-7.6.1/mapproject.c:2445:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszProjString, proj->args[i]);
data/mapserver-7.6.1/mapraster.c:286:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszTmp,"(%s)",layer->filter.string);
data/mapserver-7.6.1/mapraster.c:293:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszTmp,"/%s/",layer->filter.string);
data/mapserver-7.6.1/mapraster.c:317:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(requested_fields, "%s,%s", layer->tileitem, layer->tilesrs);
data/mapserver-7.6.1/mapraster.c:319:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(requested_fields, layer->tileitem);
data/mapserver-7.6.1/mapscale.c:303:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "%g %s", j*i, unitText[map->scalebar.units]);
data/mapserver-7.6.1/mapscale.c:346:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(label, "%g %s", j*i, unitText[map->scalebar.units]);
data/mapserver-7.6.1/mapscript/php/mapscript_error.c:50:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, MESSAGELENGTH, format, args);
data/mapserver-7.6.1/mapscript/php/mapscript_error.c:76:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, MESSAGELENGTH, format, args);
data/mapserver-7.6.1/mapscript/php/mapscript_error.c:88:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, MESSAGELENGTH, format, args);
data/mapserver-7.6.1/mapscript/php/owsrequest.c:419:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cookie_tmp, "%s=%s;",string_key,Z_STRVAL_PP(ppzval));
data/mapserver-7.6.1/mapscript/php/owsrequest.c:464:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&result->val[sum], "%s=%s;",ZSTR_VAL(string_key),Z_STRVAL_P(ppzval));
data/mapserver-7.6.1/mapscript/v8/v8_mapscript.cpp:40:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, *string);
data/mapserver-7.6.1/mapscript/v8/v8_mapscript.cpp:44:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, fallback);
data/mapserver-7.6.1/mapserver.h:104:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/mapserver-7.6.1/mapserver.h:169:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/mapserver-7.6.1/mapserver.h:169:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/mapserver-7.6.1/mapshape.c:236:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszLayer );
data/mapserver-7.6.1/mapshape.c:249:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shp", pszBasename );
data/mapserver-7.6.1/mapshape.c:252:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.SHP", pszBasename );
data/mapserver-7.6.1/mapshape.c:262:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shx", pszBasename );
data/mapserver-7.6.1/mapshape.c:265:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.SHX", pszBasename );
data/mapserver-7.6.1/mapshape.c:489:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszLayer );
data/mapserver-7.6.1/mapshape.c:501:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shp", pszBasename );
data/mapserver-7.6.1/mapshape.c:509:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.shx", pszBasename );
data/mapserver-7.6.1/mapshape.c:1734:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbfFilename, filename);
data/mapserver-7.6.1/mapshape.c:1842:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s", sourcename, MS_INDEX_EXTENSION);
data/mapserver-7.6.1/mapstring.c:1315:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszEnd);
data/mapserver-7.6.1/mapstring.c:1319:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszEnd);
data/mapserver-7.6.1/mapstring.c:1323:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszEnd);
data/mapserver-7.6.1/mapstring.c:1327:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszEnd);
data/mapserver-7.6.1/mapstring.c:1331:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszBuffer, pszEnd);
data/mapserver-7.6.1/mapstring.c:1390:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszDest, pszSrc);
data/mapserver-7.6.1/maptemplate.c:485:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszTag1, pszTag);
data/mapserver-7.6.1/maptemplate.c:621:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszEndTag, pszTag);
data/mapserver-7.6.1/maptemplate.c:1302:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(itemValue, 64, numberFormat, atof(shape->values[i]));
data/mapserver-7.6.1/maptemplate.c:1490:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tempExtent.minx);
data/mapserver-7.6.1/maptemplate.c:1492:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tempExtent.miny);
data/mapserver-7.6.1/maptemplate.c:1494:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tempExtent.maxx);
data/mapserver-7.6.1/maptemplate.c:1496:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tempExtent.maxy);
data/mapserver-7.6.1/maptemplate.c:1842:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tShape.line[0].point[0].x);
data/mapserver-7.6.1/maptemplate.c:1846:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tShape.line[0].point[0].y);
data/mapserver-7.6.1/maptemplate.c:1851:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tShape.line[0].point[0].x);
data/mapserver-7.6.1/maptemplate.c:1855:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tShape.line[0].point[0].y);
data/mapserver-7.6.1/maptemplate.c:1859:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tShape.line[0].point[1].x);
data/mapserver-7.6.1/maptemplate.c:1863:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(number, sizeof(number), numberFormat, tShape.line[0].point[1].y);
data/mapserver-7.6.1/maptemplate.c:2264:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(point, sizeof(point), pointFormat1, scale_x*tShape.line[i].point[p].x, scale_y*tShape.line[i].point[p].y);
data/mapserver-7.6.1/maptemplate.c:2267:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(point, sizeof(point), pointFormat2, scale_x*tShape.line[i].point[p].x, scale_y*tShape.line[i].point[p].y);
data/mapserver-7.6.1/maptemplate.c:2278:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(point, sizeof(point), pointFormat1, scale_x*tShape.line[j].point[p].x, scale_y*tShape.line[j].point[p].y);
data/mapserver-7.6.1/maptemplate.c:2281:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(point, sizeof(point), pointFormat2, scale_x*tShape.line[j].point[p].x, scale_y*tShape.line[j].point[p].y);
data/mapserver-7.6.1/maptemplate.c:2302:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(point, sizeof(point), pointFormat1, scale_x*tShape.line[i].point[p].x, scale_y*tShape.line[i].point[p].y);
data/mapserver-7.6.1/maptemplate.c:2305:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(point, sizeof(point), pointFormat2, scale_x*tShape.line[i].point[p].x, scale_y*tShape.line[i].point[p].y);
data/mapserver-7.6.1/maptemplate.c:2540:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pszFullImgFname, map->web.imageurl);
data/mapserver-7.6.1/maptemplate.c:2541:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pszFullImgFname, szImgFname);
data/mapserver-7.6.1/maptemplate.c:2646:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*pszTemp, pszGroupTemplate);
data/mapserver-7.6.1/maptemplate.c:2921:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*pszTemp, pszClassTemplate);
data/mapserver-7.6.1/maptemplate.c:4229:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((*papszBuffer), tmpline);
data/mapserver-7.6.1/maptemplate.c:4242:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((*papszBuffer), line);
data/mapserver-7.6.1/maptemplate.c:4386:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((*papszBuffer), buffer);
data/mapserver-7.6.1/maptree.c:113:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, pszTree );
data/mapserver-7.6.1/maptree.c:127:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s%s", pszBasename, MS_INDEX_EXTENSION);
data/mapserver-7.6.1/maptree.c:130:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s.QIX", pszBasename);
data/mapserver-7.6.1/maptree.c:732:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, filename );
data/mapserver-7.6.1/maptree.c:746:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s%s", pszBasename, MS_INDEX_EXTENSION);
data/mapserver-7.6.1/maputil.c:482:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ltags[i], "[%s]", GET_LAYER(map, i)->name);
data/mapserver-7.6.1/maputil.c:529:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tag, "[%s]", GET_LAYER(map, i)->name);
data/mapserver-7.6.1/maputil.c:773:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(target, "[%s]", node->tokenval.bindval.item);
data/mapserver-7.6.1/mapv8.cpp:81:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err, "Error opening file: %s", path);
data/mapserver-7.6.1/mapwcs.c:65:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmpname,"%s_values", name);
data/mapserver-7.6.1/mapwcs.c:2588:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( cm->srs_urn, srs_urn );
data/mapserver-7.6.1/mapwcs11.c:415:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( identifier_list, layer->name );
data/mapserver-7.6.1/mapwfs.c:247:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( out_list, fname );
data/mapserver-7.6.1/mapwfs.c:1145:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(element_tab, "%s ", tab);
data/mapserver-7.6.1/mapwfs.c:2035:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(*ppszStrList,"%s%s%s",pszTmp,pszSep,pszValue);
data/mapserver-7.6.1/mapwfs.c:2673:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszTmpPropertyName, "(%s)", pszPropertyName);
data/mapserver-7.6.1/mapwfs.c:4742:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszTmp2,"%s,%s",pszTmp, pszValue);
data/mapserver-7.6.1/mapwfs.c:4750:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszTmp2,"(%s)", pszTmp);
data/mapserver-7.6.1/mapwfs.c:4768:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pszSerializedFilter, "(%s)", pszCPLTmp);
data/mapserver-7.6.1/mapwmslayer.c:169:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pszURL, wmsparams->onlineresource);
data/mapserver-7.6.1/mapxbase.c:151:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszDBFFilename, pszFilename );
data/mapserver-7.6.1/opengl/glext.h:3430:73: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERPROC) (GLenum target, GLenum access);
data/mapserver-7.6.1/opengl/glext.h:4031:76: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERARBPROC) (GLenum target, GLenum access);
data/mapserver-7.6.1/renderers/agg/include/agg_font_cache_manager.h:64:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_font_signature, font_signature);
data/mapserver-7.6.1/renderers/agg/include/agg_svg_exception.h:49:17: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(m_msg, fmt, arg);
data/mapserver-7.6.1/renderers/agg/include/agg_svg_exception.h:57:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(m_msg) strcpy(m_msg, exc.m_msg);
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:655:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_face_names[m_num_faces], font_name);
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:853:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(m_signature,
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:879:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_signature, buf);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:232:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Couldn't open file %s", fname);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:243:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg,
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:437:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c.name, str);
data/mapserver-7.6.1/shptree.c:46:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, Filename );
data/mapserver-7.6.1/shptree.c:60:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s%s", pszBasename, Suffix);
data/mapserver-7.6.1/shptreetst.c:57:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, Filename );
data/mapserver-7.6.1/shptreetst.c:71:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s%s", pszBasename, Suffix);
data/mapserver-7.6.1/shptreevis.c:57:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( pszBasename, Filename );
data/mapserver-7.6.1/shptreevis.c:71:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( pszFullname, "%s%s", pszBasename, Suffix);
data/mapserver-7.6.1/sortshp.c:194:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"%s.dbf",argv[2]);
data/mapserver-7.6.1/uthash.h:277:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define UT_HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/mapserver-7.6.1/cgiutil.c:54:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( getenv("CONTENT_LENGTH") != NULL ) {
data/mapserver-7.6.1/cgiutil.c:55:30: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
data_max = (size_t) atoi(getenv("CONTENT_LENGTH"));
data/mapserver-7.6.1/cgiutil.c:113:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv(name);
data/mapserver-7.6.1/fontcache.c:163:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* use_global_cache = getenv("MS_USE_GLOBAL_FT_CACHE");
data/mapserver-7.6.1/mapcpl.c:221:14: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
pLibrary = LoadLibrary(pszLibrary);
data/mapserver-7.6.1/mapcrypto.c:193:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand( (unsigned int) time( NULL ));
data/mapserver-7.6.1/mapcrypto.c:272:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
keyfile = getenv("MS_ENCRYPTION_KEY");
data/mapserver-7.6.1/mapdebug.c:265:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( (val=getenv( "MS_ERRORFILE" )) != NULL ) {
data/mapserver-7.6.1/mapdebug.c:270:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( (val=getenv( "MS_DEBUGLEVEL" )) != NULL )
data/mapserver-7.6.1/mapfile.c:6519:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("MS_MAPFILE_PATTERN")) { /* user override */
data/mapserver-7.6.1/mapfile.c:6520:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(msEvalRegex(getenv("MS_MAPFILE_PATTERN"), filename) != MS_TRUE) {
data/mapserver-7.6.1/mapfile.c:6546:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((getenv("MS_XMLMAPFILE_XSLT")) &&
data/mapserver-7.6.1/mapfile.c:6555:31: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (msTransformXmlMapfile(getenv("MS_XMLMAPFILE_XSLT"), filename, msyyin) != MS_SUCCESS) {
data/mapserver-7.6.1/mapfile.c:7015:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(key)) { /* envirronment override */
data/mapserver-7.6.1/mapfile.c:7016:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return getenv(key);
data/mapserver-7.6.1/mapfile.c:7120:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("MS_MAPFILE_PATTERN")) { /* user override */
data/mapserver-7.6.1/mapfile.c:7121:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(msEvalRegex(getenv("MS_MAPFILE_PATTERN"), filename) != MS_TRUE) {
data/mapserver-7.6.1/maphttp.c:474:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pszCurlCABundle = getenv("CURL_CA_BUNDLE");
data/mapserver-7.6.1/mapoglcontext.cpp:409:36: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* const display_name = getenv("DISPLAY");
data/mapserver-7.6.1/mapows.c:587:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
remote_ip = getenv("REMOTE_ADDR");
data/mapserver-7.6.1/mapows.c:695:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
remote_ip = getenv("REMOTE_ADDR");
data/mapserver-7.6.1/mapproject.c:2326:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( (val=getenv( "PROJ_LIB" )) != NULL ) {
data/mapserver-7.6.1/mapservutil.c:67:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("REMOTE_ADDR") != NULL)
data/mapserver-7.6.1/mapservutil.c:68:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
fprintf(stream,"%s,",getenv("REMOTE_ADDR"));
data/mapserver-7.6.1/mapservutil.c:204:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *ms_mapfile = getenv("MS_MAPFILE");
data/mapserver-7.6.1/mapservutil.c:212:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(mapserv->request->ParamValues[i])) /* an environment variable references the actual file to use */
data/mapserver-7.6.1/mapservutil.c:213:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
map = msLoadMap(getenv(mapserv->request->ParamValues[i]), NULL);
data/mapserver-7.6.1/mapservutil.c:216:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("MS_MAP_NO_PATH")) {
data/mapserver-7.6.1/mapservutil.c:221:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("MS_MAP_PATTERN") && msEvalRegex(getenv("MS_MAP_PATTERN"), mapserv->request->ParamValues[i]) != MS_TRUE) {
data/mapserver-7.6.1/mapservutil.c:221:50: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("MS_MAP_PATTERN") && msEvalRegex(getenv("MS_MAP_PATTERN"), mapserv->request->ParamValues[i]) != MS_TRUE) {
data/mapserver-7.6.1/mapservutil.c:310:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
mode = getenv("MS_MODE");
data/mapserver-7.6.1/maptemplate.c:3072:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if( getenv("MS_MAPFILE"))
data/mapserver-7.6.1/maptemplate.c:3073:54: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pszMapFname = msStringConcatenate(pszMapFname, getenv("MS_MAPFILE"));
data/mapserver-7.6.1/maptemplate.c:3075:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(mapserv->request->ParamValues[i])) /* an environment references the actual file to use */
data/mapserver-7.6.1/maptemplate.c:3076:54: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pszMapFname = msStringConcatenate(pszMapFname, getenv(mapserv->request->ParamValues[i]));
data/mapserver-7.6.1/maptemplate.c:3722:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("HTTP_HOST")) {
data/mapserver-7.6.1/maptemplate.c:3723:48: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(repstr, PROCESSLINE_BUFLEN, "%s", getenv("HTTP_HOST"));
data/mapserver-7.6.1/maptemplate.c:3726:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv("SERVER_PORT")) {
data/mapserver-7.6.1/maptemplate.c:3727:48: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
snprintf(repstr, PROCESSLINE_BUFLEN, "%s", getenv("SERVER_PORT"));
data/mapserver-7.6.1/maptemplate.c:4503:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("MS_OPENLAYERS_JS_URL"))
data/mapserver-7.6.1/maptemplate.c:4504:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
openlayersUrl = getenv("MS_OPENLAYERS_JS_URL");
data/mapserver-7.6.1/maputil.c:1613:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("MS_TEMPPATH"))
data/mapserver-7.6.1/maputil.c:1614:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmpBase = getenv("MS_TEMPPATH");
data/mapserver-7.6.1/maputil.c:2049:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* maxfiles = getenv("MS_MAX_OPEN_FILES");
data/mapserver-7.6.1/maputil.c:2548:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
hostname = getenv("HTTP_X_FORWARDED_HOST");
data/mapserver-7.6.1/maputil.c:2550:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
hostname = getenv("SERVER_NAME");
data/mapserver-7.6.1/maputil.c:2558:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
port = getenv("HTTP_X_FORWARDED_PORT");
data/mapserver-7.6.1/maputil.c:2560:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
port = getenv("SERVER_PORT");
data/mapserver-7.6.1/maputil.c:2562:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
script = getenv("SCRIPT_NAME");
data/mapserver-7.6.1/maputil.c:2566:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( ((value=getenv("HTTPS")) && strcasecmp(value, "on") == 0) ||
data/mapserver-7.6.1/maputil.c:2567:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
((value=getenv("SERVER_PORT")) && atoi(value) == 443) ) {
data/mapserver-7.6.1/maputil.c:2570:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ( (value=getenv("HTTP_X_FORWARDED_PROTO")) ) {
data/mapserver-7.6.1/apache/mod_mapserver.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [512];
data/mapserver-7.6.1/apache/mod_mapserver.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char*) buffer + rpos, buf, rsize);
data/mapserver-7.6.1/cgiutil.c:55:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data_max = (size_t) atoi(getenv("CONTENT_LENGTH"));
data/mapserver-7.6.1/fontcache.c:165:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
use_global_ft_cache = atoi(use_global_cache);
data/mapserver-7.6.1/kerneldensity.c:107:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
radius = atoi(pszProcessing);
data/mapserver-7.6.1/kerneldensity.c:318:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pointer[64];
data/mapserver-7.6.1/kerneldensity.c:319:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ds_string [1024];
data/mapserver-7.6.1/mapagg.cpp:788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rb->data.rgba.pixels,r->buffer, nBytes);
data/mapserver-7.6.1/mapcairo.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dummydata[4];
data/mapserver-7.6.1/mapcairo.c:603:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(adfGeoTransform, map->gt.geotransform, 6 * sizeof(double));
data/mapserver-7.6.1/mapcairo.c:669:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,r->outputStream->data,r->outputStream->size);
data/mapserver-7.6.1/mapcairo.c:763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pb,cairo_image_surface_get_data(r->surface),rb->height * rb->data.rgba.row_step);
data/mapserver-7.6.1/mapcairo.c:1068:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(svg_cache->pixmap_buffer->data.rgba.pixels, pb, surface_w * surface_h * 4 * sizeof (unsigned char));
data/mapserver-7.6.1/mapcluster.c:250:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out1, in, sizeof(rectObj));
data/mapserver-7.6.1/mapcluster.c:251:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out2, in, sizeof(rectObj));
data/mapserver-7.6.1/mapcluster.c:608:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(base->shape.values[i]) + 1;
data/mapserver-7.6.1/mapcluster.c:1250:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pszBuffer[TREE_MAX_DEPTH + 1];
data/mapserver-7.6.1/mapcompositingfilter.c:31:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rb->data.rgba.pixels+dsty*rb->data.rgba.row_step+dstx*4,\
data/mapserver-7.6.1/mapcompositingfilter.c:176:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
irad = atoi(rad);
data/mapserver-7.6.1/mapcompositingfilter.c:193:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xtrans = atoi(num);
data/mapserver-7.6.1/mapcompositingfilter.c:198:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ytrans = atoi(num);
data/mapserver-7.6.1/mapcontext.c:458:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pszStyleName, "Style{%d}", nStyle);
data/mapserver-7.6.1/mapcontext.c:770:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->width = atoi(pszValue1);
data/mapserver-7.6.1/mapcontext.c:771:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->height = atoi(pszValue2);
data/mapserver-7.6.1/mapcontext.c:839:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((pszValue != NULL) && (atoi(pszValue) == 0 &&
data/mapserver-7.6.1/mapcontext.c:847:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(pszValue !=NULL && (atoi(pszValue) == 1 ||
data/mapserver-7.6.1/mapcontext.c:865:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pszName, "l%d:", layer->index);
data/mapserver-7.6.1/mapcontext.c:1114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapcontext.c:1116:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersionBuf[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapcontext.c:1281:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapcontext.c:1286:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(msBuildPath(szPath, map->mappath, filename), "wb");
data/mapserver-7.6.1/mapcontour.c:122:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapcontour.c:149:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pointer[64], memDSPointer[128];
data/mapserver-7.6.1/mapcontour.c:175:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
band = atoi(bands[0]);
data/mapserver-7.6.1/mapcontour.c:203:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MESSAGELENGTH*2];
data/mapserver-7.6.1/mapcontour.c:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/mapserver-7.6.1/mapcontour.c:459:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lf", clinfo->cellsize);
data/mapserver-7.6.1/mapcontour.c:642:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapcontour.c:663:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTilename[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapcontour.c:669:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilesrsname[1];
data/mapserver-7.6.1/mapcopy.c:1309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->data.rgba.pixels, src->data.rgba.pixels, src->data.rgba.row_step*src->height);
data/mapserver-7.6.1/mapcpl.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szStaticResult[MS_PATH_BUF_SIZE];
data/mapserver-7.6.1/mapcpl.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char withUnder[strlen(pszSymbolName) + 2];
data/mapserver-7.6.1/mapcrypto.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[100];
data/mapserver-7.6.1/mapcrypto.c:217:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(keyfile, "rt")) == NULL) {
data/mapserver-7.6.1/mapcrypto.c:498:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes_out[8], encryption_key[MS_ENCRYPTION_KEY_SIZE*2+1];
data/mapserver-7.6.1/mapcrypto.c:499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string_buf[256], string_buf2[256];
data/mapserver-7.6.1/mapdebug.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extended_path[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapdebug.c:176:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debuginfo->fp = fopen(pszErrorFile, "a");
data/mapserver-7.6.1/mapdebug.c:271:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msSetGlobalDebugLevel(atoi(val));
data/mapserver-7.6.1/mapdebug.c:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMessage[MESSAGELENGTH];
data/mapserver-7.6.1/mapdraw.c:3021:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->labelcache.gutter = MS_ABS(atoi(value));
data/mapserver-7.6.1/mapdrawgdal.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rb_cmap[4][MAXCOLORS];
data/mapserver-7.6.1/mapdrawgdal.c:161:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
src_xoff = atoi(papszTokens[0]);
data/mapserver-7.6.1/mapdrawgdal.c:162:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
src_yoff = atoi(papszTokens[1]);
data/mapserver-7.6.1/mapdrawgdal.c:163:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
src_xsize = atoi(papszTokens[2]);
data/mapserver-7.6.1/mapdrawgdal.c:164:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
src_ysize = atoi(papszTokens[3]);
data/mapserver-7.6.1/mapdrawgdal.c:501:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &sEntry,
data/mapserver-7.6.1/mapdrawgdal.c:895:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_in = atoi(lut_read);
data/mapserver-7.6.1/mapdrawgdal.c:902:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
this_out = atoi(lut_read);
data/mapserver-7.6.1/mapdrawgdal.c:941:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wrkLUTDef[1000];
data/mapserver-7.6.1/mapdrawgdal.c:966:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( atoi(tokens[i*2]) >= 0 ) {
data/mapserver-7.6.1/mapdrawgdal.c:1037:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[20], lut_def_fromfile[2500];
data/mapserver-7.6.1/mapdrawgdal.c:1045:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( key, "LUT_%d", iColorIndex );
data/mapserver-7.6.1/mapdrawgdal.c:1057:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapdrawgdal.c:1060:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen( path, "rb" );
data/mapserver-7.6.1/mapdrawgdal.c:1157:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLastInValue = atoi(pszLastTuple);
data/mapserver-7.6.1/mapdrawgdal.c:1425:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBandScalingName[20];
data/mapserver-7.6.1/mapdrawgdal.c:1427:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( szBandScalingName, "SCALE_%d", iColorIndex+1 );
data/mapserver-7.6.1/mapdrawgdal.c:1565:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapdrawgdal.c:1882:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if( ( b_nodatas && ((unsigned char *) pBuffer)[k] == b_nodatas[band] )
data/mapserver-7.6.1/mapdrawgdal.c:1888:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
image->img.raw_byte[off] = ((unsigned char *) pBuffer)[k++];
data/mapserver-7.6.1/mapdrawgdal.c:1929:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *rb_cmap[4];
data/mapserver-7.6.1/mapdrawgdal.c:2072:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nBucketCount = atoi(pszBuckets);
data/mapserver-7.6.1/mapdrawgdal.c:2318:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
band_list[i] = atoi(papszItems[i]);
data/mapserver-7.6.1/maperror.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *ms_errorCodes[MS_NUMERRORCODES] = {"",
data/mapserver-7.6.1/maperror.c:331:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MESSAGELENGTH];
data/mapserver-7.6.1/maperror.c:523:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version[1024];
data/mapserver-7.6.1/maperror.c:528:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " OUTPUT=PNG");
data/mapserver-7.6.1/maperror.c:531:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " OUTPUT=JPEG");
data/mapserver-7.6.1/maperror.c:534:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " OUTPUT=KML");
data/mapserver-7.6.1/maperror.c:536:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=PROJ");
data/mapserver-7.6.1/maperror.c:537:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=AGG");
data/mapserver-7.6.1/maperror.c:538:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=FREETYPE");
data/mapserver-7.6.1/maperror.c:540:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=CAIRO");
data/mapserver-7.6.1/maperror.c:543:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=SVG_SYMBOLS");
data/mapserver-7.6.1/maperror.c:545:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=SVGCAIRO");
data/mapserver-7.6.1/maperror.c:547:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=RSVG");
data/mapserver-7.6.1/maperror.c:551:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=OPENGL");
data/mapserver-7.6.1/maperror.c:554:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=ICONV");
data/mapserver-7.6.1/maperror.c:557:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=XMP");
data/mapserver-7.6.1/maperror.c:560:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=FRIBIDI");
data/mapserver-7.6.1/maperror.c:563:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=WMS_SERVER");
data/mapserver-7.6.1/maperror.c:566:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=WMS_CLIENT");
data/mapserver-7.6.1/maperror.c:569:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=WFS_SERVER");
data/mapserver-7.6.1/maperror.c:572:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=WFS_CLIENT");
data/mapserver-7.6.1/maperror.c:575:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=WCS_SERVER");
data/mapserver-7.6.1/maperror.c:578:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=SOS_SERVER");
data/mapserver-7.6.1/maperror.c:581:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=FASTCGI");
data/mapserver-7.6.1/maperror.c:584:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=THREADS");
data/mapserver-7.6.1/maperror.c:587:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=GEOS");
data/mapserver-7.6.1/maperror.c:590:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=POINT_Z_M");
data/mapserver-7.6.1/maperror.c:593:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=V8");
data/mapserver-7.6.1/maperror.c:596:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " SUPPORTS=PBF");
data/mapserver-7.6.1/maperror.c:599:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=JPEG");
data/mapserver-7.6.1/maperror.c:602:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=SDE");
data/mapserver-7.6.1/maperror.c:605:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=POSTGIS");
data/mapserver-7.6.1/maperror.c:608:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=ORACLESPATIAL");
data/mapserver-7.6.1/maperror.c:610:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=OGR");
data/mapserver-7.6.1/maperror.c:611:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=GDAL");
data/mapserver-7.6.1/maperror.c:612:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(version, " INPUT=SHAPEFILE");
data/mapserver-7.6.1/maperror.h:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char routine[ROUTINELENGTH];
data/mapserver-7.6.1/maperror.h:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MESSAGELENGTH];
data/mapserver-7.6.1/mapfile.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *msPositionsText[MS_POSITIONS_LENGTH] = {"UL", "LR", "UR", "LL", "CR", "CL", "UC", "LC", "CC", "AUTO", "XY", "FOLLOW"}; /* msLabelPositions[] also used in mapsymbols.c (not static) */
data/mapserver-7.6.1/mapfile.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLibPath[MS_MAXPATHLEN] = { '\0' };
data/mapserver-7.6.1/mapfile.c:300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLibPathExt[MS_MAXPATHLEN] = { '\0' };
data/mapserver-7.6.1/mapfile.c:386:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[2];
data/mapserver-7.6.1/mapfile.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[2];
data/mapserver-7.6.1/mapfile.c:650:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[9];
data/mapserver-7.6.1/mapfile.c:651:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%02x", color->red);
data/mapserver-7.6.1/mapfile.c:652:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer+2, "%02x", color->green);
data/mapserver-7.6.1/mapfile.c:653:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer+4, "%02x", color->blue);
data/mapserver-7.6.1/mapfile.c:654:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer+6, "%02x", color->alpha);
data/mapserver-7.6.1/mapfile.c:788:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char minscale[32];
data/mapserver-7.6.1/mapfile.c:789:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(minscale,"%g",token->tokens[i].minscale);
data/mapserver-7.6.1/mapfile.c:1191:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( bFollowEPSGAxisOrder && msIsAxisInverted(atoi(code))) {
data/mapserver-7.6.1/mapfile.c:1206:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init_string[100];
data/mapserver-7.6.1/mapfile.c:4960:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *formatoptions[MAX_FORMATOPTIONS];
data/mapserver-7.6.1/mapfile.c:6186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapfile.c:6198:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(msBuildPath(szPath, map->mappath, filename), "w");
data/mapserver-7.6.1/mapfile.c:6423:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN], szCWDPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapfile.c:6504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN], szCWDPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapfile.c:6549:14: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
msyyin = tmpfile();
data/mapserver-7.6.1/mapfile.c:6562:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((msyyin = fopen(filename,"r")) == NULL) {
data/mapserver-7.6.1/mapfile.c:7132:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((msyyin = fopen(filename,"r")) == NULL) {
data/mapserver-7.6.1/mapgdal.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[30];
data/mapserver-7.6.1/mapgdal.c:426:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( res, "%lf", image->resolution );
data/mapserver-7.6.1/mapgdal.c:444:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( papszOptions, format->formatoptions,
data/mapserver-7.6.1/mapgdal.c:489:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[4000];
data/mapserver-7.6.1/mapgdal.c:614:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nEpsgCode = atoi(pszInitEpsg + strlen("init=epsg:"));
data/mapserver-7.6.1/mapgml.c:920:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[64];
data/mapserver-7.6.1/mapgml.c:1013:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gmlid[256];
data/mapserver-7.6.1/mapgml.c:1097:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[64];
data/mapserver-7.6.1/mapgml.c:1166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[64];
data/mapserver-7.6.1/mapgml.c:1257:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[64];
data/mapserver-7.6.1/mapgml.c:1396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapgml.c:1410:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(msBuildPath(szPath, map->mappath, filename), "w");
data/mapserver-7.6.1/mapgml.c:2110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[64];
data/mapserver-7.6.1/mapgml.c:2232:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item->width = atoi(value);
data/mapserver-7.6.1/mapgml.c:2236:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item->precision = atoi(value);
data/mapserver-7.6.1/mapgraticule.c:496:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( *ppItemName, "Graticule" );
data/mapserver-7.6.1/mapgraticule.c:1014:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cBuffer[32];
data/mapserver-7.6.1/maphttp.c:256:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psReq->result_data + psReq->result_size,
data/mapserver-7.6.1/maphttp.c:325:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nProxyPort = atol(pszTmp);
data/mapserver-7.6.1/maphttp.c:515:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pasReqInfo[i].pszOutputFile, "r");
data/mapserver-7.6.1/maphttp.c:605:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szUsernamePasswd[128];
data/mapserver-7.6.1/maphttp.c:630:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szUsernamePasswd[128];
data/mapserver-7.6.1/maphttp.c:653:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (fp = fopen(pasReqInfo[i].pszOutputFile, "wb")) == NULL) {
data/mapserver-7.6.1/maphttp.c:676:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[100];
data/mapserver-7.6.1/maphttp.c:857:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(psReq->pszErrBuf,
data/mapserver-7.6.1/mapimageio.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[JMSG_LENGTH_MAX];
data/mapserver-7.6.1/mapimageio.c:165:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quality = atoi(msGetOutputFormatOption( format, "QUALITY", "75"));
data/mapserver-7.6.1/mapimageio.c:324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char a[256];
data/mapserver-7.6.1/mapimageio.c:390:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapimageio.c:393:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(palette, "r");
data/mapserver-7.6.1/mapimageio.c:476:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
qrb.data.palette.num_entries = atoi(msGetOutputFormatOption( format, "QUANTIZE_COLORS", "256"));
data/mapserver-7.6.1/mapimageio.c:481:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int colorsWanted = atoi(msGetOutputFormatOption( format, "QUANTIZE_COLORS", "0"));
data/mapserver-7.6.1/mapimageio.c:483:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapimageio.c:627:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *stream = fopen(path,"rb");
data/mapserver-7.6.1/mapimageio.c:773:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[80];
data/mapserver-7.6.1/mapimageio.c:849:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Unknown giflib error code %d", code);
data/mapserver-7.6.1/mapimageio.c:1099:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[8];
data/mapserver-7.6.1/mapimageio.c:1101:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(path,"rb");
data/mapserver-7.6.1/mapimagemap.c:148:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cp, "%.s"); /* print using zero-length precision */
data/mapserver-7.6.1/mapimagemap.c:648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workbuffer[5000];
data/mapserver-7.6.1/mapimagemap.c:654:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "wb");
data/mapserver-7.6.1/mapio.c:220:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r->status = atoi (fullvalue);
data/mapserver-7.6.1/mapio.c:421:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workBuf[8000], *largerBuf = NULL;
data/mapserver-7.6.1/mapio.c:708:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_context, &group->stdout_context, sizeof(msIOContext));
data/mapserver-7.6.1/mapio.c:828:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( key, buf->data+start_of_mime_header, pos_of_column - start_of_mime_header);
data/mapserver-7.6.1/mapio.c:832:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( value, buf->data+pos_of_column+2, current_pos - (pos_of_column+2));
data/mapserver-7.6.1/mapio.c:1079:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buf->data + buf->data_offset, data, byteCount );
data/mapserver-7.6.1/mapjoin.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapjoin.c:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapjoin.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapjoin.c:352:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen( msBuildPath3(szPath, layer->map->mappath, layer->map->shapepath, join->table), "r" )) == NULL) {
data/mapserver-7.6.1/mapjoin.c:353:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen( msBuildPath(szPath, layer->map->mappath, join->table), "r" )) == NULL) {
data/mapserver-7.6.1/mapjoin.c:393:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
joininfo->toindex = atoi(join->to) - 1;
data/mapserver-7.6.1/mapjoin.c:406:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(join->items[i], "%d", i+1);
data/mapserver-7.6.1/mapjoin.c:552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qbuf[4000];
data/mapserver-7.6.1/mapjoin.c:611:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4000];
data/mapserver-7.6.1/mapjoin.c:637:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
joininfo->rows = atoi(row[0]);
data/mapserver-7.6.1/mapjoin.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char qbuf[4000];
data/mapserver-7.6.1/mapkmlrenderer.cpp:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/mapkmlrenderer.cpp:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[10];
data/mapserver-7.6.1/mapkmlrenderer.cpp:243:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxFeatures = atoi(pszTmp);
data/mapserver-7.6.1/mapkmlrenderer.cpp:247:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxFeatures = atoi(pszTmp);
data/mapserver-7.6.1/mapkmlrenderer.cpp:250:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxFeatures = atoi(msGetOutputFormatOption( format, "maxfeaturestodraw", "-1"));
data/mapserver-7.6.1/mapkmlrenderer.cpp:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmp[20];
data/mapserver-7.6.1/mapkmlrenderer.cpp:280:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "Layer%d",layer->index);
data/mapserver-7.6.1/mapkmlrenderer.cpp:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapkmlrenderer.cpp:456:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile = fopen(tmpFileName,"wb");
data/mapserver-7.6.1/mapkmlrenderer.cpp:496:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Extrude = atoi(extrudeVal);
data/mapserver-7.6.1/mapkmlrenderer.cpp:501:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Tessellate = atoi(tessellateVal);
data/mapserver-7.6.1/mapkmlrenderer.cpp:512:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char epsg_string[100];
data/mapserver-7.6.1/mapkmlrenderer.cpp:533:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(epsg_string, "epsg:4326" );
data/mapserver-7.6.1/mapkmlrenderer.cpp:559:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpid[100];
data/mapserver-7.6.1/mapkmlrenderer.cpp:564:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmpid, ".%d", CurrentShapeIndex);
data/mapserver-7.6.1/mapkmlrenderer.cpp:622:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&PolygonColor, color, sizeof(colorObj));
data/mapserver-7.6.1/mapkmlrenderer.cpp:651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuf[128];
data/mapserver-7.6.1/mapkmlrenderer.cpp:658:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lineBuf, "\t%.8f,%.8f,%.8f\n", pts[i].x, pts[i].y, mCurrentElevationValue);
data/mapserver-7.6.1/mapkmlrenderer.cpp:661:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lineBuf, "\t%.8f,%.8f,%.8f\n", pts[i].x, pts[i].y, pts[i].z);
data/mapserver-7.6.1/mapkmlrenderer.cpp:666:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lineBuf, "\t%.8f,%.8f\n", pts[i].x, pts[i].y);
data/mapserver-7.6.1/mapkmlrenderer.cpp:683:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&LabelColor, clr, sizeof(colorObj));
data/mapserver-7.6.1/mapkmlrenderer.cpp:829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layerHexColor[32];
data/mapserver-7.6.1/mapkmlrenderer.cpp:834:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(layerHexColor, "%02xffffff", (unsigned int)MS_NINT(layer->compositer->opacity*2.55));
data/mapserver-7.6.1/mapkmlrenderer.cpp:838:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stmp[20];
data/mapserver-7.6.1/mapkmlrenderer.cpp:839:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(stmp, "%d",layer->index);
data/mapserver-7.6.1/mapkmlrenderer.cpp:847:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crdStr[64];
data/mapserver-7.6.1/mapkmlrenderer.cpp:855:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(crdStr, "%.8f", mapextent.maxy);
data/mapserver-7.6.1/mapkmlrenderer.cpp:858:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(crdStr, "%.8f", mapextent.miny);
data/mapserver-7.6.1/mapkmlrenderer.cpp:861:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(crdStr, "%.8f", mapextent.minx);
data/mapserver-7.6.1/mapkmlrenderer.cpp:864:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(crdStr, "%.8f", mapextent.maxx);
data/mapserver-7.6.1/mapkmlrenderer.cpp:939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symbolHexColor[32];
data/mapserver-7.6.1/mapkmlrenderer.cpp:953:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(symbolHexColor,"%02x%02x%02x%02x", symstyle->style->color.alpha, symstyle->style->color.blue,
data/mapserver-7.6.1/mapkmlrenderer.cpp:959:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconFileName[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapkmlrenderer.cpp:960:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconUrl[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapkmlrenderer.cpp:989:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineHexColor[32];
data/mapserver-7.6.1/mapkmlrenderer.cpp:990:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char polygonHexColor[32];
data/mapserver-7.6.1/mapkmlrenderer.cpp:991:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labelHexColor[32];
data/mapserver-7.6.1/mapkmlrenderer.cpp:1013:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lineHexColor,"%02x%02x%02x%02x", LineStyle[i].color->alpha, LineStyle[0].color->blue,
data/mapserver-7.6.1/mapkmlrenderer.cpp:1016:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineStyleName[32];
data/mapserver-7.6.1/mapkmlrenderer.cpp:1038:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(polygonHexColor,"%02x%02x%02x%02x", PolygonColor.alpha, PolygonColor.blue, PolygonColor.green, PolygonColor.red);
data/mapserver-7.6.1/mapkmlrenderer.cpp:1040:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char polygonStyleName[64];
data/mapserver-7.6.1/mapkmlrenderer.cpp:1060:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(labelHexColor,"%02x%02x%02x%02x", LabelColor.alpha, LabelColor.blue, LabelColor.green, LabelColor.red);
data/mapserver-7.6.1/mapkmlrenderer.cpp:1064:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labelStyleName[64];
data/mapserver-7.6.1/mapkmlrenderer.cpp:1110:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lineHexColor,"%02x%02x%02x%02x", LineStyle[i].color->alpha, LineStyle[i].color->blue,
data/mapserver-7.6.1/mapkmlrenderer.cpp:1114:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[16];
data/mapserver-7.6.1/mapkmlrenderer.cpp:1115:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(width, "%.1f", LineStyle[i].width);
data/mapserver-7.6.1/mapkmlrenderer.cpp:1279:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&LineStyle[numLineStyle-1], style, sizeof(strokeStyleObj));
data/mapserver-7.6.1/mapkmlrenderer.h:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MapPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapkmlrenderer.h:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SymbolName[128];
data/mapserver-7.6.1/mapkmlrenderer.h:86:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SymbolUrl[128];
data/mapserver-7.6.1/mapkmlrenderer.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SymbologyFlag[NumSymbologyFlag];
data/mapserver-7.6.1/maplabel.c:790:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alias[64], file1[MS_PATH_LENGTH], file2[MS_PATH_LENGTH];
data/mapserver-7.6.1/maplabel.c:792:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maplayer.c:1268:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxFeatures = atoi(pszTmp);
data/mapserver-7.6.1/maplayer.c:1272:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxFeatures = atoi(pszTmp);
data/mapserver-7.6.1/maplayer.c:1277:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxFeatures = atoi(msGetOutputFormatOption( format, "maxfeaturestodraw", "-1"));
data/mapserver-7.6.1/maplegend.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maplexer.c:2332:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MS_MAXPATHLEN];
data/mapserver-7.6.1/maplexer.c:4584:59: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
msyyin = fopen(msBuildPath(path, msyybasepath, msyytext), "r");
data/mapserver-7.6.1/mapmetadata.c:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/mapserver-7.6.1/mapmetadata.c:133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%f", rect.miny);
data/mapserver-7.6.1/mapmetadata.c:136:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%f", rect.minx);
data/mapserver-7.6.1/mapmetadata.c:139:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%f", rect.maxy);
data/mapserver-7.6.1/mapmetadata.c:142:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%f", rect.maxx);
data/mapserver-7.6.1/mapmetadata.c:181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/mapserver-7.6.1/mapmetadata.c:185:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", value);
data/mapserver-7.6.1/mapmetadata.c:208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/mapserver-7.6.1/mapmetadata.c:212:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%f", value);
data/mapserver-7.6.1/mapmssql2008.c:242:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMessage[1024]; /* Last error message if any */
data/mapserver-7.6.1/mapmssql2008.c:839:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapmssql2008.c:840:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gml_width[32], gml_precision[32];
data/mapserver-7.6.1/mapmssql2008.c:864:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_precision, "%d", decimalDigits );
data/mapserver-7.6.1/mapmssql2008.c:887:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%u", (unsigned int)columnSize );
data/mapserver-7.6.1/mapmssql2008.c:1100:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
layerinfo->mssqlversion_major = atoi(mssqlversion_major);
data/mapserver-7.6.1/mapmssql2008.c:1108:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_data[256];
data/mapserver-7.6.1/mapmssql2008.c:1115:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
layerinfo->mssqlversion_major = atoi(result_data);
data/mapserver-7.6.1/mapmssql2008.c:1149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_data[256];
data/mapserver-7.6.1/mapmssql2008.c:1280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_data[256];
data/mapserver-7.6.1/mapmssql2008.c:1328:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(result_data);
data/mapserver-7.6.1/mapmssql2008.c:1352:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char box3d[46 + 18 * 22 + 11];
data/mapserver-7.6.1/mapmssql2008.c:1622:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colBuff[256];
data/mapserver-7.6.1/mapmssql2008.c:1787:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ngeoms, &wkb[5], 4);
data/mapserver-7.6.1/mapmssql2008.c:1790:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, &wkb[offset + 1], 4); /* type of this geometry */
data/mapserver-7.6.1/mapmssql2008.c:1798:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[0].x, &wkb[offset + 5], 8);
data/mapserver-7.6.1/mapmssql2008.c:1799:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[0].y, &wkb[offset + 5 + 8], 8);
data/mapserver-7.6.1/mapmssql2008.c:1807:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.numpoints, &wkb[offset+5], 4); /* num points */
data/mapserver-7.6.1/mapmssql2008.c:1810:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &line.point[u].x, &wkb[offset+9 + (16 * u)], 8);
data/mapserver-7.6.1/mapmssql2008.c:1811:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &line.point[u].y, &wkb[offset+9 + (16 * u)+8], 8);
data/mapserver-7.6.1/mapmssql2008.c:1820:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nrings, &wkb[offset+5],4); /* num rings */
data/mapserver-7.6.1/mapmssql2008.c:1825:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npoints, &wkb[offset], 4); /* num points */
data/mapserver-7.6.1/mapmssql2008.c:1830:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].x, &wkb[offset + 4 + (16 * v)], 8);
data/mapserver-7.6.1/mapmssql2008.c:1831:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].y, &wkb[offset + 4 + (16 * v) + 8], 8);
data/mapserver-7.6.1/mapmssql2008.c:1860:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ngeoms, &wkb[5], 4);
data/mapserver-7.6.1/mapmssql2008.c:1863:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, &wkb[offset + 1], 4); /* type of this geometry */
data/mapserver-7.6.1/mapmssql2008.c:1871:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.numpoints, &wkb[offset + 5], 4);
data/mapserver-7.6.1/mapmssql2008.c:1874:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[u].x, &wkb[offset + 9 + (16 * u)], 8);
data/mapserver-7.6.1/mapmssql2008.c:1875:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[u].y, &wkb[offset + 9 + (16 * u)+8], 8);
data/mapserver-7.6.1/mapmssql2008.c:1884:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nrings, &wkb[offset + 5], 4); /* num rings */
data/mapserver-7.6.1/mapmssql2008.c:1889:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npoints, &wkb[offset], 4);
data/mapserver-7.6.1/mapmssql2008.c:1894:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].x, &wkb[offset + 4 + (16 * v)], 8);
data/mapserver-7.6.1/mapmssql2008.c:1895:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].y, &wkb[offset + 4 + (16 * v) + 8], 8);
data/mapserver-7.6.1/mapmssql2008.c:1921:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ngeoms, &wkb[5], 4);
data/mapserver-7.6.1/mapmssql2008.c:1924:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, &wkb[offset + 1], 4); /* type of this geometry */
data/mapserver-7.6.1/mapmssql2008.c:1930:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nrings, &wkb[offset + 5], 4); /* num rings */
data/mapserver-7.6.1/mapmssql2008.c:1935:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npoints, &wkb[offset], 4); /* num points */
data/mapserver-7.6.1/mapmssql2008.c:1939:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].x, &wkb[offset + 4 + (16 * v)], 8);
data/mapserver-7.6.1/mapmssql2008.c:1940:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].y, &wkb[offset + 4 + (16 * v) + 8], 8);
data/mapserver-7.6.1/mapmssql2008.c:1966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ngeoms, &wkb[5], 4);
data/mapserver-7.6.1/mapmssql2008.c:1969:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, &wkb[offset + 1], 4); /* type of this geometry */
data/mapserver-7.6.1/mapmssql2008.c:2015:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&type, &wkb[offset + 1], 4); /* type of this geometry */
data/mapserver-7.6.1/mapmssql2008.c:2023:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[0].x, &wkb[offset + 5], 8);
data/mapserver-7.6.1/mapmssql2008.c:2024:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[0].y, &wkb[offset + 5 + 8], 8);
data/mapserver-7.6.1/mapmssql2008.c:2036:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.numpoints, &wkb[offset+5], 4); /* num points */
data/mapserver-7.6.1/mapmssql2008.c:2039:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &line.point[u].x, &wkb[offset+9 + (16 * u)], 8);
data/mapserver-7.6.1/mapmssql2008.c:2040:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &line.point[u].y, &wkb[offset+9 + (16 * u)+8], 8);
data/mapserver-7.6.1/mapmssql2008.c:2053:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nrings, &wkb[offset+5],4); /* num rings */
data/mapserver-7.6.1/mapmssql2008.c:2058:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&npoints, &wkb[offset], 4); /* num points */
data/mapserver-7.6.1/mapmssql2008.c:2063:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].x, &wkb[offset + 4 + (16 * v)], 8);
data/mapserver-7.6.1/mapmssql2008.c:2064:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&line.point[v].y, &wkb[offset + 4 + (16 * v) + 8], 8);
data/mapserver-7.6.1/mapmssql2008.c:2076:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cnt, &wkb[offset], 4);
data/mapserver-7.6.1/mapmssql2008.c:2196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummyBuffer[1];
data/mapserver-7.6.1/mapmssql2008.c:2199:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oidBuffer[ 16 ]; /* assuming the OID will always be a long this should be enough */
data/mapserver-7.6.1/mapmssql2008.c:2321:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&geomType, wkbBuffer + 1, 4);
data/mapserver-7.6.1/mapmssql2008.c:2445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32000] = "";
data/mapserver-7.6.1/mapmssql2008.c:2544:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result_data[256];
data/mapserver-7.6.1/mapmssql2008.c:2545:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char box3d[40 + 10 * 22 + 11];
data/mapserver-7.6.1/mapmssql2008.c:2658:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(result_data);
data/mapserver-7.6.1/mapmssql2008.c:2727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colBuff[256];
data/mapserver-7.6.1/mapmssql2008.c:2755:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sql[1024];
data/mapserver-7.6.1/mapmssql2008.c:2808:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100];
data/mapserver-7.6.1/mapmssql2008.c:3101:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "'%d'", (layerinfo->current_node->tokenval.tmval.tm_year+1900));
data/mapserver-7.6.1/mapmssql2008.c:3104:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "'%d-%02d-01'", (layerinfo->current_node->tokenval.tmval.tm_year+1900),
data/mapserver-7.6.1/mapmssql2008.c:3108:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "'%d-%02d-%02d'", (layerinfo->current_node->tokenval.tmval.tm_year+1900),
data/mapserver-7.6.1/mapmssql2008.c:3113:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "'%d-%02d-%02d %02d:00'", (layerinfo->current_node->tokenval.tmval.tm_year+1900),
data/mapserver-7.6.1/mapmssql2008.c:3119:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "%d-%02d-%02d %02d:%02d'", (layerinfo->current_node->tokenval.tmval.tm_year+1900),
data/mapserver-7.6.1/mapmssql2008.c:3126:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "'%d-%02d-%02d %02d:%02d:%02d'", (layerinfo->current_node->tokenval.tmval.tm_year+1900),
data/mapserver-7.6.1/mapmvt.c:291:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mvt_value->int_value = atoi(value->value);
data/mapserver-7.6.1/mapmvt.c:294:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mvt_value->sint_value = atol(value->value);
data/mapserver-7.6.1/mapmvt.c:377:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int buffer = MS_ABS(atoi(mvt_buffer));
data/mapserver-7.6.1/mapmvt.c:444:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mvt_layer->extent = MS_ABS(atoi(mvt_extent));
data/mapserver-7.6.1/mapogcfilter.c:2180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcfilter.c:2347:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pszBuffer, " (");
data/mapserver-7.6.1/mapogcfilter.c:2365:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pszBuffer, ") ");
data/mapserver-7.6.1/mapogcfilter.c:2379:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pszBuffer, " (NOT ");
data/mapserver-7.6.1/mapogcfilter.c:2381:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pszBuffer, ") ");
data/mapserver-7.6.1/mapogcfilter.c:2404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[1024];
data/mapserver-7.6.1/mapogcfilter.c:2406:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcfilter.c:2527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[1024];
data/mapserver-7.6.1/mapogcfilter.c:2531:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcfilter.c:2629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[1024];
data/mapserver-7.6.1/mapogcfilter.c:2635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[4];
data/mapserver-7.6.1/mapogcfilter.c:3132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcfiltercommon.cpp:255:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[1024];
data/mapserver-7.6.1/mapogcfiltercommon.cpp:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[256];
data/mapserver-7.6.1/mapogcfiltercommon.cpp:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPolygon[512];
data/mapserver-7.6.1/mapogcfiltercommon.cpp:560:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szBuffer, ",%g", dfDistance);
data/mapserver-7.6.1/mapogcsld.c:88:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMaxRemoteSLDBytes = atoi(pszMaxRemoteSLDBytes);
data/mapserver-7.6.1/mapogcsld.c:91:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pszSLDTmpFile, "rb")) != NULL) {
data/mapserver-7.6.1/mapogcsld.c:144:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpId[128];
data/mapserver-7.6.1/mapogcsld.c:293:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[512];
data/mapserver-7.6.1/mapogcsld.c:396:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[512];
data/mapserver-7.6.1/mapogcsld.c:1119:59: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psLayer->class[nClassId]->styles[iStyle]->offsetx = atoi(psOffset->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:1276:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psStyle->offsetx = atoi(psRoot->pszValue);
data/mapserver-7.6.1/mapogcsld.c:1280:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psStyle->offsety = atoi(psRoot->pszValue);
data/mapserver-7.6.1/mapogcsld.c:1401:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char operator[2] = { *(strstr(ops, psRoot->pszValue)+3), '\0' };
data/mapserver-7.6.1/mapogcsld.c:1545:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nOffsetX = atoi(psDisplacementX->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:1546:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nOffsetY = atoi(psDisplacementY->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:2561:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szExpression[100];
data/mapserver-7.6.1/mapogcsld.c:2614:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(pszPreviousQuality),
data/mapserver-7.6.1/mapogcsld.c:2615:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(pszQuantity));
data/mapserver-7.6.1/mapogcsld.c:2620:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(pszQuantity));
data/mapserver-7.6.1/mapogcsld.c:2624:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(pszPreviousQuality),
data/mapserver-7.6.1/mapogcsld.c:2695:76: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(szExpression, sizeof(szExpression), "([pixel] = %d)", atoi(pszQuantity));
data/mapserver-7.6.1/mapogcsld.c:2780:80: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(szExpression, sizeof(szExpression), "([pixel] < %d)", atoi(papszThresholds[i]));
data/mapserver-7.6.1/mapogcsld.c:2791:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(papszThresholds[i-1]),
data/mapserver-7.6.1/mapogcsld.c:2792:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(papszThresholds[i]));
data/mapserver-7.6.1/mapogcsld.c:2797:81: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
snprintf(szExpression, sizeof(szExpression), "([pixel] >= %d)", atoi(papszThresholds[i-1]));
data/mapserver-7.6.1/mapogcsld.c:2844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFontName[100];
data/mapserver-7.6.1/mapogcsld.c:2854:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:3004:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psLabelObj->outlinewidth = atoi(psHaloRadius->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:3148:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psLabelObj->offsetx = atoi(psDisplacementX->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:3149:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psLabelObj->offsety = atoi(psDisplacementY->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:3199:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psLabelObj->offsetx = atoi(psOffset->psChild->pszValue);
data/mapserver-7.6.1/mapogcsld.c:3256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[500];
data/mapserver-7.6.1/mapogcsld.c:3323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[512];
data/mapserver-7.6.1/mapogcsld.c:3324:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFormat[4];
data/mapserver-7.6.1/mapogcsld.c:3329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNameSpace[10];
data/mapserver-7.6.1/mapogcsld.c:3330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCssParam[30];
data/mapserver-7.6.1/mapogcsld.c:3334:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sCssParam, "se:SvgParameter");
data/mapserver-7.6.1/mapogcsld.c:3336:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sCssParam, "CssParameter");
data/mapserver-7.6.1/mapogcsld.c:3340:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sNameSpace, "se:");
data/mapserver-7.6.1/mapogcsld.c:3651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:3652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHexColor[7];
data/mapserver-7.6.1/mapogcsld.c:3658:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCssParam[30];
data/mapserver-7.6.1/mapogcsld.c:3659:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNameSpace[10];
data/mapserver-7.6.1/mapogcsld.c:3666:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( sCssParam, "se:SvgParameter");
data/mapserver-7.6.1/mapogcsld.c:3668:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( sCssParam, "CssParameter");
data/mapserver-7.6.1/mapogcsld.c:3672:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sNameSpace, "se:");
data/mapserver-7.6.1/mapogcsld.c:3710:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szHexColor,"%02x%02x%02x",psStyle->color.red,
data/mapserver-7.6.1/mapogcsld.c:3713:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szHexColor,"%02x%02x%02x",psStyle->outlinecolor.red,
data/mapserver-7.6.1/mapogcsld.c:3795:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:3797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHexColor[7];
data/mapserver-7.6.1/mapogcsld.c:3800:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCssParam[30];
data/mapserver-7.6.1/mapogcsld.c:3801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNameSpace[10];
data/mapserver-7.6.1/mapogcsld.c:3805:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sCssParam, "se:SvgParameter");
data/mapserver-7.6.1/mapogcsld.c:3807:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sCssParam, "CssParameter");
data/mapserver-7.6.1/mapogcsld.c:3811:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sNameSpace, "se:");
data/mapserver-7.6.1/mapogcsld.c:3840:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szHexColor,"%02x%02x%02x",psStyle->color.red,
data/mapserver-7.6.1/mapogcsld.c:3887:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szHexColor,"%02x%02x%02x",psStyle->outlinecolor.red,
data/mapserver-7.6.1/mapogcsld.c:3931:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:3932:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNameSpace[10];
data/mapserver-7.6.1/mapogcsld.c:3936:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sNameSpace, "se:");
data/mapserver-7.6.1/mapogcsld.c:3971:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:3974:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHexColor[7];
data/mapserver-7.6.1/mapogcsld.c:3978:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sCssParam[30];
data/mapserver-7.6.1/mapogcsld.c:3979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sNameSpace[10];
data/mapserver-7.6.1/mapogcsld.c:3984:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sCssParam, "se:SvgParameter");
data/mapserver-7.6.1/mapogcsld.c:3986:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sCssParam, "CssParameter");
data/mapserver-7.6.1/mapogcsld.c:3990:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sNameSpace, "se:");
data/mapserver-7.6.1/mapogcsld.c:4150:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szHexColor,"%02hhx%02hhx%02hhx",(unsigned char)nColorRed,
data/mapserver-7.6.1/mapogcsld.c:4253:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:4272:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsld.c:4619:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCompare[3] = {0};
data/mapserver-7.6.1/mapogcsld.c:4620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCompare2[3] = {0};
data/mapserver-7.6.1/mapogcsld.c:5015:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[200];
data/mapserver-7.6.1/mapogcsld.c:5101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[500];
data/mapserver-7.6.1/mapogcsld.c:5102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFinalAtt[40];
data/mapserver-7.6.1/mapogcsld.c:5103:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFinalValue[40];
data/mapserver-7.6.1/mapogcsld.c:5104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szAttribute[40];
data/mapserver-7.6.1/mapogcsld.c:5105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szValue[40];
data/mapserver-7.6.1/mapogcsld.c:5208:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[1024];
data/mapserver-7.6.1/mapogcsld.c:5247:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[500];
data/mapserver-7.6.1/mapogcsos.c:264:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcsos.c:537:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsos.c:646:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcsos.c:888:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapogcsos.c:1132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapogcsos.c:2125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srsbuffer[100];
data/mapserver-7.6.1/mapogcsos.c:2388:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n1 = atoi(pszTmp);
data/mapserver-7.6.1/mapogr.cpp:968:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szInitStr[32];
data/mapserver-7.6.1/mapogr.cpp:969:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szInitStr, "init=epsg:%d", atoi(pszAuthCode));
data/mapserver-7.6.1/mapogr.cpp:969:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(szInitStr, "init=epsg:%d", atoi(pszAuthCode));
data/mapserver-7.6.1/mapogr.cpp:1162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN] = "";
data/mapserver-7.6.1/mapogr.cpp:1249:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( hLayer == NULL && (atoi(pszLayerDef) > 0 || EQUAL(pszLayerDef,"0")) ) {
data/mapserver-7.6.1/mapogr.cpp:1250:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLayerIndex = atoi(pszLayerDef);
data/mapserver-7.6.1/mapogr.cpp:1338:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(GDALVersionInfo("VERSION_NUM")) >= 2000000) {
data/mapserver-7.6.1/mapogr.cpp:1976:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapogr.cpp:2005:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapogr.cpp:2029:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapogr.cpp:2092:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(out, "%c", c);
data/mapserver-7.6.1/mapogr.cpp:2282:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSpatialIndexName[256];
data/mapserver-7.6.1/mapogr.cpp:2315:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCond[256];
data/mapserver-7.6.1/mapogr.cpp:2446:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLimit[50];
data/mapserver-7.6.1/mapogr.cpp:2452:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOffset[50];
data/mapserver-7.6.1/mapogr.cpp:2631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapogr.cpp:2632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gml_width[32], gml_precision[32];
data/mapserver-7.6.1/mapogr.cpp:2643:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", OGR_Fld_GetWidth( hField) );
data/mapserver-7.6.1/mapogr.cpp:2650:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", OGR_Fld_GetWidth( hField) );
data/mapserver-7.6.1/mapogr.cpp:2657:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", OGR_Fld_GetWidth( hField) );
data/mapserver-7.6.1/mapogr.cpp:2659:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_precision, "%d", OGR_Fld_GetPrecision( hField) );
data/mapserver-7.6.1/mapogr.cpp:2665:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", OGR_Fld_GetWidth( hField) );
data/mapserver-7.6.1/mapogr.cpp:3598:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapogr.cpp:3668:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mapogr.cpp:4301:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
+ atoi(layer->items[i] + MSOGR_LABELPARAMNAMELEN);
data/mapserver-7.6.1/mapogr.cpp:4304:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
+ atoi(layer->items[i] + MSOGR_BRUSHPARAMNAMELEN);
data/mapserver-7.6.1/mapogr.cpp:4307:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
+ atoi(layer->items[i] + MSOGR_PENPARAMNAMELEN);
data/mapserver-7.6.1/mapogr.cpp:4310:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
+ atoi(layer->items[i] + MSOGR_SYMBOLPARAMNAMELEN);
data/mapserver-7.6.1/mapogr.cpp:4740:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( ppsStyleTmp, c->styles + iBaseStyleIndex, iSortStruct * sizeof(styleObj*) );
data/mapserver-7.6.1/mapogr.cpp:5050:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->pattern, pattern, sizeof(double) * patternlength);
data/mapserver-7.6.1/mapogroutput.cpp:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_filename[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:172:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_filename[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:601:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datasource_name[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:676:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_dir[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:690:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nMatchingFeatures = atoi(pszMatchingFeatures);
data/mapserver-7.6.1/mapogroutput.cpp:761:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( base_dir, "/vsimem/ogr_out/" );
data/mapserver-7.6.1/mapogroutput.cpp:846:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(datasource_name, ".dat");
data/mapserver-7.6.1/mapogroutput.cpp:860:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( datasource_name, "/vsistdout/" );
data/mapserver-7.6.1/mapogroutput.cpp:1200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datasource_path[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapogroutput.cpp:1223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/mapogroutput.cpp:1275:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/mapogroutput.cpp:1314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/maporaclespatial.c:355:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_version[4] = "";
data/mapserver-7.6.1/maporaclespatial.c:356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tok_function[11] = "";
data/mapserver-7.6.1/maporaclespatial.c:1061:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str2[6000];
data/mapserver-7.6.1/maporaclespatial.c:1080:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str2[6000];
data/mapserver-7.6.1/maporaclespatial.c:1895:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str[6000];
data/mapserver-7.6.1/maporaclespatial.c:1896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str2[256];
data/mapserver-7.6.1/maporaclespatial.c:1959:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( unique, "rownum" );
data/mapserver-7.6.1/maporaclespatial.c:1977:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(srid,"-1");
data/mapserver-7.6.1/maporaclespatial.c:2047:10: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((((atol(srid) >= 8192) && (atol(srid) <= 8330)) || (atol(srid) == 2) || (atol(srid) == 5242888) || (atol(srid) == 2000001)) && (version == VERSION_9i))
data/mapserver-7.6.1/maporaclespatial.c:2047:34: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((((atol(srid) >= 8192) && (atol(srid) <= 8330)) || (atol(srid) == 2) || (atol(srid) == 5242888) || (atol(srid) == 2000001)) && (version == VERSION_9i))
data/mapserver-7.6.1/maporaclespatial.c:2047:59: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((((atol(srid) >= 8192) && (atol(srid) <= 8330)) || (atol(srid) == 2) || (atol(srid) == 5242888) || (atol(srid) == 2000001)) && (version == VERSION_9i))
data/mapserver-7.6.1/maporaclespatial.c:2047:80: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((((atol(srid) >= 8192) && (atol(srid) <= 8330)) || (atol(srid) == 2) || (atol(srid) == 5242888) || (atol(srid) == 2000001)) && (version == VERSION_9i))
data/mapserver-7.6.1/maporaclespatial.c:2047:107: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((((atol(srid) >= 8192) && (atol(srid) <= 8330)) || (atol(srid) == 2) || (atol(srid) == 5242888) || (atol(srid) == 2000001)) && (version == VERSION_9i))
data/mapserver-7.6.1/maporaclespatial.c:2276:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
shape->index = atol( (char *)(sthand->items[sthand->uniqueidindex][ sthand->row ])); /* Primary Key */
data/mapserver-7.6.1/maporaclespatial.c:2435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str[6000], *geom_column_name = NULL, *unique = NULL, *srid = NULL, *indexfield = NULL;
data/mapserver-7.6.1/maporaclespatial.c:2760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wktext[4000];
data/mapserver-7.6.1/maporaclespatial.c:2872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/maporaclespatial.c:2873:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gml_width[32], gml_precision[32];
data/mapserver-7.6.1/maporaclespatial.c:2899:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", nOCILen );
data/mapserver-7.6.1/maporaclespatial.c:2924:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", byPrecision );
data/mapserver-7.6.1/maporaclespatial.c:2925:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_precision, "%d", nScale );
data/mapserver-7.6.1/maporaclespatial.c:2931:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", byPrecision );
data/mapserver-7.6.1/maporaclespatial.c:2979:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str[6000], *geom_column_name = NULL, *unique = NULL, *srid = NULL, *indexfield=NULL;
data/mapserver-7.6.1/maporaclespatial.c:3154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_str[6000], *geom_column_name = NULL, *unique = NULL, *srid = NULL, *indexfield=NULL;
data/mapserver-7.6.1/mapoutput.c:670:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
old_imagequality = atoi(msGetOutputFormatOption( format, "QUALITY", "75"));
data/mapserver-7.6.1/mapoutput.c:681:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_value[128];
data/mapserver-7.6.1/mapoutput.c:834:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
format->bands = atoi(value);
data/mapserver-7.6.1/mapoutput.c:985:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
format->bands = atoi(msGetOutputFormatOption( format, "BAND_COUNT", "1" ));
data/mapserver-7.6.1/mapows.c:359:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
masklen = atoi(ip+1);
data/mapserver-7.6.1/mapows.c:419:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
masklen = atoi(ip+1);
data/mapserver-7.6.1/mapows.c:463:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip1[16];
data/mapserver-7.6.1/mapows.c:464:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ip2[16];
data/mapserver-7.6.1/mapows.c:465:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mask[16];
data/mapserver-7.6.1/mapows.c:504:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapows.c:508:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(ip_list + 5, "r");
data/mapserver-7.6.1/mapows.c:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char requestBuffer[32];
data/mapserver-7.6.1/mapows.c:829:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100] = "ows_";
data/mapserver-7.6.1/mapows.c:966:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nVersion = atoi(digits[0])*0x010000;
data/mapserver-7.6.1/mapows.c:967:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nVersion += atoi(digits[1])*0x0100;
data/mapserver-7.6.1/mapows.c:969:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nVersion += atoi(digits[2]);
data/mapserver-7.6.1/mapows.c:1170:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(online_resource, "language=");
data/mapserver-7.6.1/mapows.c:1461:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(default_language,"_exclude");
data/mapserver-7.6.1/mapows.c:2206:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ext, extent, sizeof(rectObj));
data/mapserver-7.6.1/mapows.c:2423:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pszFname, "r")) != NULL) {
data/mapserver-7.6.1/mapows.c:2603:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urn[100];
data/mapserver-7.6.1/mapows.c:2663:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char urn[100];
data/mapserver-7.6.1/mapows.c:2835:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(requested_updatesequence) < atoi(updatesequence))
data/mapserver-7.6.1/mapows.c:2835:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(requested_updatesequence) < atoi(updatesequence))
data/mapserver-7.6.1/mapows.c:2838:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(requested_updatesequence) > atoi(updatesequence))
data/mapserver-7.6.1/mapows.c:2838:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(requested_updatesequence) > atoi(updatesequence))
data/mapserver-7.6.1/mapows.c:2841:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(requested_updatesequence) == atoi(updatesequence))
data/mapserver-7.6.1/mapows.c:2841:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(requested_updatesequence) == atoi(updatesequence))
data/mapserver-7.6.1/mapowscommon.c:451:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersionBuf[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapowscommon.c:520:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LowerCorner[100];
data/mapserver-7.6.1/mapowscommon.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char UpperCorner[100];
data/mapserver-7.6.1/mapowscommon.c:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dim_string[100];
data/mapserver-7.6.1/mapowscommon.c:577:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LowerCorner[100];
data/mapserver-7.6.1/mapowscommon.c:578:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char UpperCorner[100];
data/mapserver-7.6.1/mapowscommon.c:579:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dim_string[100];
data/mapserver-7.6.1/mapowscommon.c:615:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namespace_prefix[10];
data/mapserver-7.6.1/mapowscommon.c:649:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szInMemSchema[2048];
data/mapserver-7.6.1/mapowscommon.c:650:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBaseLocation[256];
data/mapserver-7.6.1/mapowscommon.c:655:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szInMemSchema, "<schema elementFormDefault=\"qualified\" version=\"1.0.0\" "
data/mapserver-7.6.1/mapowscommon.c:691:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szInMemSchema, "</schema>\n");
data/mapserver-7.6.1/mapparser.c:1148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/mapserver-7.6.1/mapparser.c:1340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/mapserver-7.6.1/mapparser.c:2625:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(yyval.strval) = (char *)malloc(strlen((yyvsp[-2].strval)) + strlen((yyvsp[0].strval)) + 1);
data/mapserver-7.6.1/mapparser.c:2634:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(yyval.strval) = (char *) malloc(strlen((yyvsp[-1].strval)) + 64); /* Plenty big? Should use snprintf below... */
data/mapserver-7.6.1/mappool.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( connections + conn_index,
data/mapserver-7.6.1/mappostgis.c:267:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, (w->ptr + 1), sizeof(int));
data/mapserver-7.6.1/mappostgis.c:279:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, (w->ptr + 1 + 4 + 4 + 1), sizeof(int));
data/mapserver-7.6.1/mappostgis.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c, w->ptr, sizeof(char));
data/mapserver-7.6.1/mappostgis.c:303:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&i, w->ptr, sizeof(int));
data/mapserver-7.6.1/mappostgis.c:315:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(p->x), w->ptr, sizeof(double));
data/mapserver-7.6.1/mappostgis.c:317:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(p->y), w->ptr, sizeof(double));
data/mapserver-7.6.1/mappostgis.c:322:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(p->z), w->ptr, sizeof(double));
data/mapserver-7.6.1/mappostgis.c:335:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(p->m), w->ptr, sizeof(double));
data/mapserver-7.6.1/mappostgis.c:951:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line->point, pa->data, line->numpoints * sizeof(pointObj));
data/mapserver-7.6.1/mappostgis.c:1015:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strParts[3] = { NULL, NULL, NULL };
data/mapserver-7.6.1/mappostgis.c:1050:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pgVersion += factor * atoi(strParts[j]);
data/mapserver-7.6.1/mappostgis.c:1072:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strParts[3] = { NULL, NULL, NULL };
data/mapserver-7.6.1/mappostgis.c:1116:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
version += factor * atoi(strParts[i]);
data/mapserver-7.6.1/mappostgis.c:1506:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char msPostGISHexDecodeChar[256] = {
data/mapserver-7.6.1/mappostgis.c:1568:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char msPostGISBase64DecodeChar[256] = {
data/mapserver-7.6.1/mappostgis.c:2090:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSRID[32];
data/mapserver-7.6.1/mappostgis.c:2093:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szSRID, "%d", otherSRID);
data/mapserver-7.6.1/mappostgis.c:2321:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wkbstatic[wkbstaticsize];
data/mapserver-7.6.1/mappostgis.c:2354:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wkb, wkbstr, wkbstrlen);
data/mapserver-7.6.1/mappostgis.c:2445:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shape->values[t], val, size);
data/mapserver-7.6.1/mappostgis.c:2767:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bind_key[20];
data/mapserver-7.6.1/mappostgis.c:2777:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bind_key, "%d", num_bind_values+1);
data/mapserver-7.6.1/mappostgis.c:2986:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rectSRID = atoi(rectProjection->args[0] + strlen("init=epsg:"));
data/mapserver-7.6.1/mappostgis.c:3041:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nCount = atoi(PQgetvalue(pgresult, 0, 0 ));
data/mapserver-7.6.1/mappostgis.c:3256:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[256];
data/mapserver-7.6.1/mappostgis.c:3257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gml_width[32], gml_precision[32];
data/mapserver-7.6.1/mappostgis.c:3270:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", fmod-4 );
data/mapserver-7.6.1/mappostgis.c:3274:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", 1 );
data/mapserver-7.6.1/mappostgis.c:3278:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", 5 );
data/mapserver-7.6.1/mappostgis.c:3294:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", (fmod - 4) >> 16 );
data/mapserver-7.6.1/mappostgis.c:3296:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", (fmod - 4) >> 16 );
data/mapserver-7.6.1/mappostgis.c:3297:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_precision, "%d", ((fmod-4) & 0xFFFF) );
data/mapserver-7.6.1/mappostgis.c:3794:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[100];
data/mapserver-7.6.1/mappostgis.c:3829:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[100];
data/mapserver-7.6.1/mappostgis.c:3882:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestamp[100];
data/mapserver-7.6.1/mappostgis.c:4114:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "%d", (int)node->tokenval.dblval);
data/mapserver-7.6.1/mappostgis.c:4116:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(snippet, "%.18g", node->tokenval.dblval);
data/mapserver-7.6.1/mappostgresql.c:324:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(columns, "\"::text");
data/mapserver-7.6.1/mappostgresql.c:326:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(columns, ", ");
data/mapserver-7.6.1/mapprimitive.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( lineCopy.point, new_line->point, sizeof(pointObj) * new_line->numpoints );
data/mapserver-7.6.1/mapproject.c:146:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, &pj_cache[i], sizeof(pjCacheEntry));
data/mapserver-7.6.1/mapproject.c:148:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pj_cache[0], &tmp, sizeof(pjCacheEntry));
data/mapserver-7.6.1/mapproject.c:175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPipeline[1024];
data/mapserver-7.6.1/mapproject.c:176:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szPipeline, "+proj=pipeline");
data/mapserver-7.6.1/mapproject.c:179:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szPipeline, " +step +proj=unitconvert +xy_in=deg +xy_out=rad");
data/mapserver-7.6.1/mapproject.c:181:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szPipeline, " +step +inv ");
data/mapserver-7.6.1/mapproject.c:183:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szPipeline, " +step ");
data/mapserver-7.6.1/mapproject.c:187:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szPipeline, " +step +proj=unitconvert +xy_in=rad +xy_out=deg");
data/mapserver-7.6.1/mapproject.c:197:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, " +ellps=GRS80", 13);
data/mapserver-7.6.1/mapproject.c:206:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, " ", 16);
data/mapserver-7.6.1/mapproject.c:664:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szProjBuf[512]="";
data/mapserver-7.6.1/mapproject.c:679:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nProjId = atoi(args[0]+5);
data/mapserver-7.6.1/mapproject.c:681:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nProjId = atoi(args[0]+6);
data/mapserver-7.6.1/mapproject.c:683:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nUnitsId = atoi(args[1]);
data/mapserver-7.6.1/mapproject.c:837:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(args, p->args, sizeof(char*) * p->numargs);
data/mapserver-7.6.1/mapproject.c:843:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[24];
data/mapserver-7.6.1/mapproject.c:847:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szTemp, "init=EPSG:");
data/mapserver-7.6.1/mapproject.c:1328:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line_out->point, diff->line[0].point, sizeof(pointObj) * line_out->numpoints);
data/mapserver-7.6.1/mapproject.c:1848:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *wkt = fopen("/tmp/www-before.wkt","w");
data/mapserver-7.6.1/mapproject.c:1867:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wkt = fopen("/tmp/www-after.wkt","w");
data/mapserver-7.6.1/mapproject.c:2441:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pszProjString, " +");
data/mapserver-7.6.1/mapproject.c:2639:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char units[32];
data/mapserver-7.6.1/mapproject.c:2658:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char to_meter_str[32];
data/mapserver-7.6.1/mapquery.c:262:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "w");
data/mapserver-7.6.1/mapquery.c:367:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "w");
data/mapserver-7.6.1/mapquery.c:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapquery.c:502:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapquery.c:521:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "r");
data/mapserver-7.6.1/mapraster.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item_names[4] = { "pixel", "red", "green", "blue" };
data/mapserver-7.6.1/mapraster.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *item_values[4];
data/mapserver-7.6.1/mapraster.c:69:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char red_value[8], green_value[8], blue_value[8];
data/mapserver-7.6.1/mapraster.c:83:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(red_value, "-1");
data/mapserver-7.6.1/mapraster.c:84:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(green_value, "-1");
data/mapserver-7.6.1/mapraster.c:85:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(blue_value, "-1");
data/mapserver-7.6.1/mapraster.c:89:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( red_value, "%d", color->red );
data/mapserver-7.6.1/mapraster.c:90:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( green_value, "%d", color->green );
data/mapserver-7.6.1/mapraster.c:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( blue_value, "%d", color->blue );
data/mapserver-7.6.1/mapraster.c:191:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixel_value[12];
data/mapserver-7.6.1/mapraster.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pixel_value[100];
data/mapserver-7.6.1/mapraster.c:436:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN] /* output */)
data/mapserver-7.6.1/mapraster.c:442:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiAbsFilePath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapraster.c:510:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLongMsg[MESSAGELENGTH*2];
data/mapserver-7.6.1/mapraster.c:539:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szLongMsg[MESSAGELENGTH*2];
data/mapserver-7.6.1/mapraster.c:612:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN],
data/mapserver-7.6.1/mapraster.c:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN] = { 0 };
data/mapserver-7.6.1/mapraster.c:984:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapraster.h:56:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN]);
data/mapserver-7.6.1/maprasterquery.c:203:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(CSLFetchNameValue( layer->processing, "RASTER_QUERY_MAX_RESULT" ));
data/mapserver-7.6.1/maprasterquery.c:388:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( rlinfo->qc_values + rlinfo->query_results * rlinfo->band_count,
data/mapserver-7.6.1/maprasterquery.c:688:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilename[MS_PATH_LENGTH], tilesrsname[1024];
data/mapserver-7.6.1/maprasterquery.c:691:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maprasterquery.c:1216:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWork[1000];
data/mapserver-7.6.1/maprasterquery.c:1236:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iValue = atoi(layer->items[i]+6);
data/mapserver-7.6.1/maprasterquery.c:1289:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szName[100];
data/mapserver-7.6.1/maprasterquery.c:1318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapresample.c:737:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psPTInfo->adfDstGeoTransform, padfDstGeoTransform,
data/mapserver-7.6.1/mapresample.c:1399:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( adfDstGeoTransform, map->gt.geotransform, sizeof(double)*6 );
data/mapserver-7.6.1/mapresample.c:1430:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &sOrigSrcExtent, &sSrcExtent, sizeof(sSrcExtent) );
data/mapserver-7.6.1/mapresample.c:1440:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( adfDstGeoTransform, map->gt.geotransform, sizeof(double)*6 );
data/mapserver-7.6.1/mapresample.c:1453:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &sSrcExtent, &sOrigSrcExtent, sizeof(sOrigSrcExtent) );
data/mapserver-7.6.1/mapresample.c:1537:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &sOrigSrcExtent, &sSrcExtent, sizeof(sSrcExtent) );
data/mapserver-7.6.1/mapscale.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *unitText[9]= {"in", "ft", "mi", "m", "km", "dd", "??", "??", "NM"}; /* MS_PIXEL and MS_PERCENTAGE not used */
data/mapserver-7.6.1/mapscale.c:153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[32];
data/mapserver-7.6.1/mapscale.c:291:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "%g", j*i);
data/mapserver-7.6.1/mapscale.c:301:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "%g", j*i);
data/mapserver-7.6.1/mapscale.c:341:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(label, "%g", j*i);
data/mapserver-7.6.1/mapscript/php/class.c:1064:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_class_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/image.c:140:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapscript/php/label.c:885:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_label_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/layer.c:1139:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PHP_METHOD(layerObj, open)
data/mapserver-7.6.1/mapscript/php/layer.c:2210:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
PHP_ME(layerObj, open, NULL, ZEND_ACC_PUBLIC)
data/mapserver-7.6.1/mapscript/php/layer.c:2426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_layer_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/line.c:492:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_line_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/map.c:3767:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_map_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/mapscript_error.c:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MESSAGELENGTH];
data/mapserver-7.6.1/mapscript/php/mapscript_error.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MESSAGELENGTH];
data/mapserver-7.6.1/mapscript/php/mapscript_error.c:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MESSAGELENGTH];
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1706:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pszFieldName[1000];
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1715:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pszFieldName[1000];
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1724:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pszFieldName[1000];
data/mapserver-7.6.1/mapscript/php/php_mapscript.c:809:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[PATH_MAX];
data/mapserver-7.6.1/mapscript/php/php_mapscript.c:997:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_std_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/point.c:476:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(php_point_new->point, php_point_old->point, sizeof(pointObj));
data/mapserver-7.6.1/mapscript/php/projection.c:262:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_projection_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapscript/php/rect.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(php_rect_new->rect, php_rect_old->rect, sizeof(rectObj));
data/mapserver-7.6.1/mapscript/php/style.c:798:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mapscript_style_object_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/mapserver-7.6.1/mapserv.c:77:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp_out = fopen( "D:\\temp\\mapserv.log", "w" );
data/mapserver-7.6.1/mapserv.c:226:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msSetGlobalDebugLevel( atoi(argv[iArg] + 14) );
data/mapserver-7.6.1/mapserver.h:1966:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char encryption_key[MS_ENCRYPTION_KEY_SIZE]; /* 128bits encryption key */
data/mapserver-7.6.1/mapserver.h:2137:97: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
MS_DLL_EXPORT int msTransformXmlMapfile(const char *stylesheet, const char *xmlMapfile, FILE *tmpfile);
data/mapserver-7.6.1/mapserver.h:2645:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN],
data/mapserver-7.6.1/mapservutil.c:40:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *modeStrings[23] = {"BROWSE","ZOOMIN","ZOOMOUT","MAP","LEGEND","LEGENDICON","REFERENCE","SCALEBAR","COORDINATE",
data/mapserver-7.6.1/mapservutil.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapservutil.c:57:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(msBuildPath(szPath, mapserv->map->mappath,
data/mapserver-7.6.1/mapservutil.c:1196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/mapservutil.c:1622:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
classindex = atoi(tokens[1]);
data/mapserver-7.6.1/mapshape.c:51:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define ByteCopy( a, b, c ) memcpy( b, a, c )
data/mapserver-7.6.1/mapshape.c:335:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+36, 8 );
data/mapserver-7.6.1/mapshape.c:339:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+44, 8 );
data/mapserver-7.6.1/mapshape.c:343:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+52, 8 );
data/mapserver-7.6.1/mapshape.c:347:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+60, 8 );
data/mapserver-7.6.1/mapshape.c:351:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+68, 8 );
data/mapserver-7.6.1/mapshape.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+76, 8 );
data/mapserver-7.6.1/mapshape.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+84, 8 );
data/mapserver-7.6.1/mapshape.c:363:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &dValue, pabyBuf+92, 8 );
data/mapserver-7.6.1/mapshape.c:1095:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(point->x), psSHP->pabyRec + 12, 8 );
data/mapserver-7.6.1/mapshape.c:1096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(point->y), psSHP->pabyRec + 20, 8 );
data/mapserver-7.6.1/mapshape.c:1119:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SHX_BUFFER_PAGE * 8];
data/mapserver-7.6.1/mapshape.c:1146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &tmpOffset, (buffer + (8*i)), 4);
data/mapserver-7.6.1/mapshape.c:1147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &tmpSize, (buffer + (8*i) + 4), 4);
data/mapserver-7.6.1/mapshape.c:1186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nOffset, pabyBuf + i * 8, 4 );
data/mapserver-7.6.1/mapshape.c:1187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nLength, pabyBuf + i * 8 + 4, 4 );
data/mapserver-7.6.1/mapshape.c:1298:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.minx, psSHP->pabyRec + 8 + 4, 8 );
data/mapserver-7.6.1/mapshape.c:1299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.miny, psSHP->pabyRec + 8 + 12, 8 );
data/mapserver-7.6.1/mapshape.c:1300:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.maxx, psSHP->pabyRec + 8 + 20, 8 );
data/mapserver-7.6.1/mapshape.c:1301:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.maxy, psSHP->pabyRec + 8 + 28, 8 );
data/mapserver-7.6.1/mapshape.c:1310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nPoints, psSHP->pabyRec + 40 + 8, 4 );
data/mapserver-7.6.1/mapshape.c:1311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nParts, psSHP->pabyRec + 36 + 8, 4 );
data/mapserver-7.6.1/mapshape.c:1358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( psSHP->panParts, psSHP->pabyRec + 44 + 8, 4 * nParts );
data/mapserver-7.6.1/mapshape.c:1403:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[i].point[j].x), psSHP->pabyRec + 44 + 4*nParts + 8 + k * 16, 8 );
data/mapserver-7.6.1/mapshape.c:1404:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[i].point[j].y), psSHP->pabyRec + 44 + 4*nParts + 8 + k * 16 + 8, 8 );
data/mapserver-7.6.1/mapshape.c:1419:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[i].point[j].z), psSHP->pabyRec + nOffset + 16 + k*8, 8 );
data/mapserver-7.6.1/mapshape.c:1431:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[i].point[j].m), psSHP->pabyRec + nOffset + 16 + k*8, 8 );
data/mapserver-7.6.1/mapshape.c:1464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.minx, psSHP->pabyRec + 8 + 4, 8 );
data/mapserver-7.6.1/mapshape.c:1465:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.miny, psSHP->pabyRec + 8 + 12, 8 );
data/mapserver-7.6.1/mapshape.c:1466:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.maxx, psSHP->pabyRec + 8 + 20, 8 );
data/mapserver-7.6.1/mapshape.c:1467:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &shape->bounds.maxy, psSHP->pabyRec + 8 + 28, 8 );
data/mapserver-7.6.1/mapshape.c:1476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &nPoints, psSHP->pabyRec + 44, 4 );
data/mapserver-7.6.1/mapshape.c:1519:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[0].point[i].x), psSHP->pabyRec + 48 + 16 * i, 8 );
data/mapserver-7.6.1/mapshape.c:1520:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[0].point[i].y), psSHP->pabyRec + 48 + 16 * i + 8, 8 );
data/mapserver-7.6.1/mapshape.c:1534:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[0].point[i].z), psSHP->pabyRec + nOffset + 16 + i*8, 8 );
data/mapserver-7.6.1/mapshape.c:1544:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[0].point[i].m), psSHP->pabyRec + nOffset + 16 + i*8, 8 );
data/mapserver-7.6.1/mapshape.c:1576:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(shape->line[0].point[0].x), psSHP->pabyRec + 12, 8 );
data/mapserver-7.6.1/mapshape.c:1577:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &(shape->line[0].point[0].y), psSHP->pabyRec + 20, 8 );
data/mapserver-7.6.1/mapshape.c:1592:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[0].point[0].z), psSHP->pabyRec + nOffset, 8 );
data/mapserver-7.6.1/mapshape.c:1604:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(shape->line[0].point[0].m), psSHP->pabyRec + nOffset, 8 );
data/mapserver-7.6.1/mapshape.c:1872:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiFileAbsPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:1895:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:1959:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilename[MS_MAXPATHLEN], szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:1960:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiFileAbsDir[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilename[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2079:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiFileAbsDir[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilename[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiFileAbsDir[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilename[MS_MAXPATHLEN], szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiFileAbsDir[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item[16];
data/mapserver-7.6.1/mapshape.c:2497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char md_item_name[64];
data/mapserver-7.6.1/mapshape.c:2498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gml_width[32], gml_precision[32];
data/mapserver-7.6.1/mapshape.c:2510:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", nWidth );
data/mapserver-7.6.1/mapshape.c:2515:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", nWidth );
data/mapserver-7.6.1/mapshape.c:2516:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_precision, "%d", nPrecision );
data/mapserver-7.6.1/mapshape.c:2522:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( gml_width, "%d", nWidth );
data/mapserver-7.6.1/mapshape.c:2653:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapshape.c:2684:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPRJ[2048];
data/mapserver-7.6.1/mapshape.h:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[MS_PATH_LENGTH]; /* full path to this file data */
data/mapserver-7.6.1/mapstring.c:602:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_ptr, new, new_len);
data/mapserver-7.6.1/mapstring.c:748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapstring.c:1245:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newstring+i, "&");
data/mapserver-7.6.1/mapstring.c:1249:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newstring+i, "<");
data/mapserver-7.6.1/mapstring.c:1253:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newstring+i, ">");
data/mapserver-7.6.1/mapstring.c:1257:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newstring+i, """);
data/mapserver-7.6.1/mapstring.c:1261:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newstring+i, "'"); /* changed from ' and i += 6 (bug 1040) */
data/mapserver-7.6.1/mapstring.c:1435:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sums[HASH_SIZE] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
data/mapserver-7.6.1/mapstring.c:1557:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp_ptr, new, new_len);
data/mapserver-7.6.1/mapstring.c:1636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outstring[MAX_STR_LEN];
data/mapserver-7.6.1/mapstring.c:2049:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entity_name_buf[MAP_ENTITY_NAME_LENGTH_MAX+1];
data/mapserver-7.6.1/mapstring.c:2124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pszReturn, pszString, nStringLength);
data/mapserver-7.6.1/mapstring.c:2311:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sb->str + sb->length, pszAppendedString, nAppendLen + 1);
data/mapserver-7.6.1/mapsymbol.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapsymbol.c:351:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapsymbol.c:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapsymbol.c:554:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN], *pszSymbolPath=NULL;
data/mapserver-7.6.1/mapsymbol.c:572:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((msyyin = fopen(msBuildPath(szPath, symbolset->map->mappath, symbolset->filename), "r")) == NULL) {
data/mapserver-7.6.1/mapsymbol.c:869:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "w");
data/mapserver-7.6.1/maptclutf.c:171:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char totalBytes[256] = {
data/mapserver-7.6.1/maptemplate.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/maptemplate.c:448:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLegendOrder1 = atoi(pszLegendOrder1);
data/mapserver-7.6.1/maptemplate.c:449:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLegendOrder2 = atoi(pszLegendOrder2);
data/mapserver-7.6.1/maptemplate.c:620:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pszEndTag, "[/");
data/mapserver-7.6.1/maptemplate.c:762:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pszIfTag, "[/if]");
data/mapserver-7.6.1/maptemplate.c:882:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argValue) limit = atoi(argValue);
data/mapserver-7.6.1/maptemplate.c:998:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/maptemplate.c:1122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MS_BUFFER_LENGTH], path[MS_MAXPATHLEN];
data/mapserver-7.6.1/maptemplate.c:1145:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((includeStream = fopen(msBuildPath(path, mapserv->map->mappath, src), "r")) == NULL) {
data/mapserver-7.6.1/maptemplate.c:1244:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argValue) precision = atoi(argValue);
data/mapserver-7.6.1/maptemplate.c:1247:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argValue) padding = atoi(argValue);
data/mapserver-7.6.1/maptemplate.c:1298:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numberFormat[16];
data/mapserver-7.6.1/maptemplate.c:1395:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[64]; /* holds a single number in the extent */
data/mapserver-7.6.1/maptemplate.c:1396:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numberFormat[16];
data/mapserver-7.6.1/maptemplate.c:1448:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argValue) precision = atoi(argValue);
data/mapserver-7.6.1/maptemplate.c:1562:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[64]; /* holds a single number in the extent */
data/mapserver-7.6.1/maptemplate.c:1563:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numberFormat[16];
data/mapserver-7.6.1/maptemplate.c:1600:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argValue) precision = atoi(argValue);
data/mapserver-7.6.1/maptemplate.c:1911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datestr[DATE_BUFLEN];
data/mapserver-7.6.1/maptemplate.c:2108:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argValue) precision = atoi(argValue);
data/mapserver-7.6.1/maptemplate.c:2426:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szImgFname[1024], *pszFullImgFname=NULL, *pszImgTag;
data/mapserver-7.6.1/maptemplate.c:2427:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maptemplate.c:2443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szStyleCode[512] = "";
data/mapserver-7.6.1/maptemplate.c:2458:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nWidth = atoi(msLookupHashTable(myHashTable, "width"));
data/mapserver-7.6.1/maptemplate.c:2459:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nHeight = atoi(msLookupHashTable(myHashTable, "height"));
data/mapserver-7.6.1/maptemplate.c:2488:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fIcon = fopen(pszFullImgFname, "r")) != NULL) {
data/mapserver-7.6.1/maptemplate.c:2576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pszStatus[3];
data/mapserver-7.6.1/maptemplate.c:2597:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nOptFlag = atoi(pszOptFlag);
data/mapserver-7.6.1/maptemplate.c:2728:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szStatus[10];
data/mapserver-7.6.1/maptemplate.c:2729:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szType[10];
data/mapserver-7.6.1/maptemplate.c:2735:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmpstr[128]; /* easily big enough for the couple of instances we need */
data/mapserver-7.6.1/maptemplate.c:2751:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nOptFlag = atoi(pszOptFlag);
data/mapserver-7.6.1/maptemplate.c:2864:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szStatus[10];
data/mapserver-7.6.1/maptemplate.c:2865:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szType[10];
data/mapserver-7.6.1/maptemplate.c:2871:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmpstr[128]; /* easily big enough for the couple of instances we need */
data/mapserver-7.6.1/maptemplate.c:2890:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nOptFlag = atoi(pszOptFlag);
data/mapserver-7.6.1/maptemplate.c:3034:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maptemplate.c:3101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pszTime[20];
data/mapserver-7.6.1/maptemplate.c:3108:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(msBuildPath(szPath, mapserv->map->mappath, mapserv->map->legend.template), "r")) == NULL) {
data/mapserver-7.6.1/maptemplate.c:3272:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLegendOrder = atoi(pszOrderValue);
data/mapserver-7.6.1/maptemplate.c:3339:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLegendOrder = atoi(pszOrderValue);
data/mapserver-7.6.1/maptemplate.c:3392:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLegendOrder = atoi(pszOrderValue);
data/mapserver-7.6.1/maptemplate.c:3457:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nLegendOrder = atoi(pszOrderValue);
data/mapserver-7.6.1/maptemplate.c:3555:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MS_BUFFER_LENGTH], *tmpline;
data/mapserver-7.6.1/maptemplate.c:3556:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maptemplate.c:3567:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(msBuildPath(szPath, mapserv->map->mappath, join->header), "r")) == NULL) {
data/mapserver-7.6.1/maptemplate.c:3586:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(msBuildPath(szPath, mapserv->map->mappath, join->template), "r")) == NULL) {
data/mapserver-7.6.1/maptemplate.c:3621:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(msBuildPath(szPath, mapserv->map->mappath, join->footer), "r")) == NULL) {
data/mapserver-7.6.1/maptemplate.c:3654:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char repstr[PROCESSLINE_BUFLEN], substr[PROCESSLINE_BUFLEN], *outstr; /* repstr = replace string, substr = sub string */
data/mapserver-7.6.1/maptemplate.c:4167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MS_BUFFER_LENGTH], *tmpline;
data/mapserver-7.6.1/maptemplate.c:4173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maptemplate.c:4192:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(msBuildPath(szPath, mapserv->map->mappath, html), "r")) == NULL) {
data/mapserver-7.6.1/maptemplate.c:4283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/maptemplate.c:4567:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mapserv->Id, "%ld%d", (long)time(NULL), (int)getpid());
data/mapserver-7.6.1/maptemplate.c:4704:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/maptemplate.h:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Id[IDSIZE]; /* big enough for time + pid */
data/mapserver-7.6.1/maptile.c:98:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->map_edge_buffer = atoi(value);
data/mapserver-7.6.1/maptile.c:106:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->metatile_level = atoi(value);
data/mapserver-7.6.1/maptile.c:475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tilebufferstr[64];
data/mapserver-7.6.1/maptile.c:483:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( params.map_edge_buffer > abs(atoi(value)) ) {
data/mapserver-7.6.1/maptime.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pattern[64];
data/mapserver-7.6.1/maptime.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[32];
data/mapserver-7.6.1/maptime.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userformat[32];
data/mapserver-7.6.1/maptree.c:79:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(node->rect), &(rect), sizeof(rectObj));
data/mapserver-7.6.1/maptree.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pabyBuf[16];
data/mapserver-7.6.1/maptree.c:128:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psTree->fp = fopen(pszFullname, "rb" );
data/mapserver-7.6.1/maptree.c:131:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
psTree->fp = fopen(pszFullname, "rb" );
data/mapserver-7.6.1/maptree.c:147:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &psTree->signature, pabyBuf, 3 );
data/mapserver-7.6.1/maptree.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &psTree->version, pabyBuf+4, 1 );
data/mapserver-7.6.1/maptree.c:179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &psTree->flags, pabyBuf+5, 3 );
data/mapserver-7.6.1/maptree.c:189:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &psTree->nShapes, pabyBuf, 4 );
data/mapserver-7.6.1/maptree.c:192:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &psTree->nDepth, pabyBuf+4, 4 );
data/mapserver-7.6.1/maptree.c:276:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out1, in, sizeof(rectObj));
data/mapserver-7.6.1/maptree.c:277:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out2, in, sizeof(rectObj));
data/mapserver-7.6.1/maptree.c:447:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&node->rect, &psSubNode->rect,
data/mapserver-7.6.1/maptree.c:681:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyRec, &offset, 4);
data/mapserver-7.6.1/maptree.c:684:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyRec+4, &node->rect, sizeof(rectObj));
data/mapserver-7.6.1/maptree.c:688:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyRec+36, &node->numshapes, 4);
data/mapserver-7.6.1/maptree.c:692:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyRec+40, node->ids, j);
data/mapserver-7.6.1/maptree.c:696:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyRec+j+40, &node->numsubnodes, 4);
data/mapserver-7.6.1/maptree.c:714:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[3] = "SQT";
data/mapserver-7.6.1/maptree.c:716:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved[3] = {0,0,0};
data/mapserver-7.6.1/maptree.c:720:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pabyBuf[32];
data/mapserver-7.6.1/maptree.c:747:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
disktree->fp = fopen(pszFullname, "wb");
data/mapserver-7.6.1/maptree.c:781:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyBuf, &signature, 3 );
data/mapserver-7.6.1/maptree.c:782:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&disktree->signature, &signature, 3);
data/mapserver-7.6.1/maptree.c:785:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyBuf+4, &version, 1);
data/mapserver-7.6.1/maptree.c:786:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyBuf+5, &reserved, 3);
data/mapserver-7.6.1/maptree.c:788:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &disktree->version, &version, 1);
data/mapserver-7.6.1/maptree.c:789:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &disktree->flags, &reserved, 3);
data/mapserver-7.6.1/maptree.c:794:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyBuf, &tree->numshapes, 4 );
data/mapserver-7.6.1/maptree.c:797:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pabyBuf+4, &tree->maxdepth, 4 );
data/mapserver-7.6.1/maptree.h:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[3];
data/mapserver-7.6.1/maptree.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[3];
data/mapserver-7.6.1/maputil.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[2];
data/mapserver-7.6.1/maputil.c:124:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attribute->red = atoi(tokens[0]);
data/mapserver-7.6.1/maputil.c:125:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attribute->green = atoi(tokens[1]);
data/mapserver-7.6.1/maputil.c:126:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attribute->blue = atoi(tokens[2]);
data/mapserver-7.6.1/maputil.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maputil.c:1007:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(msBuildPath(szPath, map->mappath, filename),"wb");
data/mapserver-7.6.1/maputil.c:1009:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename,"wb");
data/mapserver-7.6.1/maputil.c:1573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maputil.c:1601:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/maputil.c:1606:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lpTempPathBuffer[MAX_PATH];
data/mapserver-7.6.1/maputil.c:1647:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpId[128]; /* big enough for time + pid + ext */
data/mapserver-7.6.1/maputil.c:1757:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
short nv = atoi(nullvalue);
data/mapserver-7.6.1/maputil.c:1765:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned char nv = (unsigned char) atoi(nullvalue);
data/mapserver-7.6.1/maputil.c:2053:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res = _setmaxstdio(atoi(maxfiles));
data/mapserver-7.6.1/maputil.c:2375:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(buffer->data[buffer->size]),data,length);
data/mapserver-7.6.1/maputil.c:2567:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
((value=getenv("SERVER_PORT")) && atoi(value) == 443) ) {
data/mapserver-7.6.1/maputil.c:2591:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((atoi(port) == 80 && strcmp(protocol, "http") == 0) ||
data/mapserver-7.6.1/maputil.c:2592:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(atoi(port) == 443 && strcmp(protocol, "https") == 0) )
data/mapserver-7.6.1/mapuvraster.c:192:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[100];
data/mapserver-7.6.1/mapuvraster.c:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/mapserver-7.6.1/mapuvraster.c:511:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(CSLFetchNameValue( layer->processing, "UV_SPACING" ));
data/mapserver-7.6.1/mapuvraster.c:584:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapuvraster.c:916:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapv8.cpp:78:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(path, "rb");
data/mapserver-7.6.1/mapv8.cpp:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MS_MAXPATHLEN+21];
data/mapserver-7.6.1/mapv8.cpp:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapwcs.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[128], *buf2=NULL;
data/mapserver-7.6.1/mapwcs.c:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwcs.c:413:15: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( params->crs, "imageCRS" );
data/mapserver-7.6.1/mapwcs.c:541:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->width = atoi(request->ParamValues[i]);
data/mapserver-7.6.1/mapwcs.c:543:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
params->height = atoi(request->ParamValues[i]);
data/mapserver-7.6.1/mapwcs.c:583:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( params->crs, "imageCRS" );
data/mapserver-7.6.1/mapwcs.c:927:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpString[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwcs.c:1042:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[100]; /* should be plenty of space */
data/mapserver-7.6.1/mapwcs.c:1447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tag[100];
data/mapserver-7.6.1/mapwcs.c:1576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szKeyBeginning[256];
data/mapserver-7.6.1/mapwcs.c:1597:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nKeyOriBandNumber = atoi(pszGDALKey + strlen("BAND_"));
data/mapserver-7.6.1/mapwcs.c:1602:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( nKeyOriBandNumber == atoi(papszBandNumbers[i]) )
data/mapserver-7.6.1/mapwcs.c:1610:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szModKey[256];
data/mapserver-7.6.1/mapwcs.c:1660:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szKeyBeginning[256];
data/mapserver-7.6.1/mapwcs.c:1685:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int nSrcBand = atoi(papszBandNumbers[i]);
data/mapserver-7.6.1/mapwcs.c:1695:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szKey[256];
data/mapserver-7.6.1/mapwcs.c:1696:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szKey, "BAND_%d_IDS", nDstBand);
data/mapserver-7.6.1/mapwcs.c:1699:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szKey, "BAND_%d_DISCIPLINE", nDstBand);
data/mapserver-7.6.1/mapwcs.c:1703:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szKey, "BAND_%d_PDS_PDTN", nDstBand);
data/mapserver-7.6.1/mapwcs.c:1707:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szKey, "BAND_%d_PDS_TEMPLATE_NUMBERS",
data/mapserver-7.6.1/mapwcs.c:1734:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbands[12]; /* should be large enough to hold the number of bands in the bandlist */
data/mapserver-7.6.1/mapwcs.c:2133:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapwcs.c:2389:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwcs.c:2435:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwcs.c:2642:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cm->xsize = atoi(tokens[0]);
data/mapserver-7.6.1/mapwcs.c:2643:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cm->ysize = atoi(tokens[1]);
data/mapserver-7.6.1/mapwcs.c:2676:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cm->bandcount = atoi(value);
data/mapserver-7.6.1/mapwcs.c:2704:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapwcs.c:2807:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char projstring[32];
data/mapserver-7.6.1/mapwcs.h:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srs_urn[500];
data/mapserver-7.6.1/mapwcs.h:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *bandinterpretation[10];
data/mapserver-7.6.1/mapwcs.h:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *values[5];
data/mapserver-7.6.1/mapwcs.h:223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srs_uri[200];
data/mapserver-7.6.1/mapwcs11.c:723:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_buf[500];
data/mapserver-7.6.1/mapwcs11.c:744:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format_buf, "%.15g %.15g", x0, y0 );
data/mapserver-7.6.1/mapwcs11.c:747:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( format_buf, "%.15g %.15g", resx, resy );
data/mapserver-7.6.1/mapwcs11.c:836:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBandName[32];
data/mapserver-7.6.1/mapwcs11.c:1308:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[4000];
data/mapserver-7.6.1/mapwcs20.c:1584:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisName[500];
data/mapserver-7.6.1/mapwcs20.c:1615:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisName[500];
data/mapserver-7.6.1/mapwcs20.c:1647:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisName[500];
data/mapserver-7.6.1/mapwcs20.c:1679:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisName[500];
data/mapserver-7.6.1/mapwcs20.c:1704:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char axisName[500];
data/mapserver-7.6.1/mapwcs20.c:1790:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **validAxisNames[2];
data/mapserver-7.6.1/mapwcs20.c:2038:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowerCorner[100], upperCorner[100], axisLabels[100], uomLabels[100];
data/mapserver-7.6.1/mapwcs20.c:2090:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char low[100], high[100], id[100], point[100];
data/mapserver-7.6.1/mapwcs20.c:2091:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offsetVector1[100], offsetVector2[100], axisLabels[100];
data/mapserver-7.6.1/mapwcs20.c:2241:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char interval[100], significant_figures[100];
data/mapserver-7.6.1/mapwcs20.c:2450:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[4000];
data/mapserver-7.6.1/mapwcs20.c:2521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[500];
data/mapserver-7.6.1/mapwcs20.c:2641:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cm->xsize = atoi(tokens[0]);
data/mapserver-7.6.1/mapwcs20.c:2642:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cm->ysize = atoi(tokens[1]);
data/mapserver-7.6.1/mapwcs20.c:2773:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szName[30];
data/mapserver-7.6.1/mapwcs20.c:2925:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapwcs20.c:2984:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bandname[32];
data/mapserver-7.6.1/mapwcs20.c:3079:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_string[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwcs20.c:3180:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *available_mime_types[MAX_MIMES];
data/mapserver-7.6.1/mapwcs20.c:3966:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strnumber[12];
data/mapserver-7.6.1/mapwcs20.c:3993:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szName[30];
data/mapserver-7.6.1/mapwcs20.c:4788:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapwfs.c:189:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out_list,"GML2");
data/mapserver-7.6.1/mapwfs.c:191:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out_list,"text/xml; subtype=gml/3.1.1");
data/mapserver-7.6.1/mapwfs.c:193:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(out_list,"application/gml+xml; version=3.2,"
data/mapserver-7.6.1/mapwfs.c:315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char epsg_string[100];
data/mapserver-7.6.1/mapwfs.c:678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpString[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwfs.c:1543:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mdname[256];
data/mapserver-7.6.1/mapwfs.c:1723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring[100];
data/mapserver-7.6.1/mapwfs.c:2087:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bDefaultSRSNeedsAxisSwapping = msIsAxisInverted(atoi(srs+5));
data/mapserver-7.6.1/mapwfs.c:2841:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxfeatures = atoi(tmpmaxfeatures);
data/mapserver-7.6.1/mapwfs.c:3134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapwfs.c:3290:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->query.max_cached_shape_count = atoi(pszFeaturesCacheCount);
data/mapserver-7.6.1/mapwfs.c:3297:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->query.max_cached_shape_ram_amount = atoi(pszFeaturesCacheSize);
data/mapserver-7.6.1/mapwfs.c:3882:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestring[100];
data/mapserver-7.6.1/mapwfs.c:3963:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMatchingFeatures[12];
data/mapserver-7.6.1/mapwfs.c:3964:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szMatchingFeatures, "%d", nMatchingFeatures);
data/mapserver-7.6.1/mapwfs.c:5051:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nMaxFeatures = atoi(request->ParamValues[i]);
data/mapserver-7.6.1/mapwfs.c:5055:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nMaxFeatures = atoi(request->ParamValues[i]);
data/mapserver-7.6.1/mapwfs.c:5058:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nStartIndex = atoi(request->ParamValues[i]);
data/mapserver-7.6.1/mapwfs.c:5222:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nMaxFeatures = atoi(pszValue);
data/mapserver-7.6.1/mapwfs.c:5229:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nMaxFeatures = atoi(pszValue);
data/mapserver-7.6.1/mapwfs.c:5235:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nStartIndex = atoi(pszValue);
data/mapserver-7.6.1/mapwfs.c:5297:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nMaxFeatures = atoi(pszValue);
data/mapserver-7.6.1/mapwfs.c:5302:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wfsparams->nStartIndex = atoi(pszValue);
data/mapserver-7.6.1/mapwfs11.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[512];
data/mapserver-7.6.1/mapwfs20.c:813:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szKey[256];
data/mapserver-7.6.1/mapwfs20.c:824:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(value, "rb");
data/mapserver-7.6.1/mapwfs20.c:922:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[256];
data/mapserver-7.6.1/mapwfs20.c:1013:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMsg[256];
data/mapserver-7.6.1/mapwfs20.c:1048:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szValue[256];
data/mapserver-7.6.1/mapwfs20.c:1104:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMsg[256];
data/mapserver-7.6.1/mapwfs20.c:1220:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMsg[256];
data/mapserver-7.6.1/mapwfs20.c:1266:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szValue[256];
data/mapserver-7.6.1/mapwfs20.c:1331:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMsg[256];
data/mapserver-7.6.1/mapwfslayer.c:165:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
psParams->nMaxFeatures = atoi(pszTmp);
data/mapserver-7.6.1/mapwfslayer.c:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szProj[20];
data/mapserver-7.6.1/mapwfslayer.c:440:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msIsAxisInverted(atoi(projEpsg + 5))) {
data/mapserver-7.6.1/mapwfslayer.c:587:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nTimeout = atoi(pszTmp);
data/mapserver-7.6.1/mapwfslayer.c:1130:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(psInfo->pszGMLFilename, "r")) != NULL) {
data/mapserver-7.6.1/mapwfslayer.c:1131:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHeader[2000];
data/mapserver-7.6.1/mapwms.c:985:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char epsgbuf[100];
data/mapserver-7.6.1/mapwms.c:986:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srsbuffer[100];
data/mapserver-7.6.1/mapwms.c:1071:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (numwmslayerargs > atoi(layerlimit)) {
data/mapserver-7.6.1/mapwms.c:1253:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->width = atoi(values[i]);
data/mapserver-7.6.1/mapwms.c:1256:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->height = atoi(values[i]);
data/mapserver-7.6.1/mapwms.c:1668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_tmp[32];
data/mapserver-7.6.1/mapwms.c:1753:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_tmp[32];
data/mapserver-7.6.1/mapwms.c:1768:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpId[128];
data/mapserver-7.6.1/mapwms.c:2159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[28]; /* max. rootlayer_keywordlist_items */
data/mapserver-7.6.1/mapwms.c:2160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vocname[33]; /* max. rootlayer_keywordlist_vocabulary */
data/mapserver-7.6.1/mapwms.c:2250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersionBuf[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwms.c:2266:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opaque = atoi(value);
data/mapserver-7.6.1/mapwms.c:2573:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[10], height[10];
data/mapserver-7.6.1/mapwms.c:2919:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersionBuf[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwms.c:3152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *mime_list[20];
data/mapserver-7.6.1/mapwms.c:3514:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[10], height[10];
data/mapserver-7.6.1/mapwms.c:3703:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char width[10], height[10];
data/mapserver-7.6.1/mapwms.c:4218:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
feature_count = atoi(values[i]);
data/mapserver-7.6.1/mapwms.c:4236:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GET_LAYER(map, j)->tolerance = atoi(values[i]);
data/mapserver-7.6.1/mapwms.c:4678:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nWidth = atoi(values[i]);
data/mapserver-7.6.1/mapwms.c:4680:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nHeight = atoi(values[i]);
data/mapserver-7.6.1/mapwms.c:5192:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szVersion[OWS_VERSION_MAXLEN];
data/mapserver-7.6.1/mapwms.c:5199:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (getcontext_enabled==NULL || atoi(getcontext_enabled) == 0) {
data/mapserver-7.6.1/mapwms.c:5278:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_tmp[32];
data/mapserver-7.6.1/mapwmslayer.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[100];
data/mapserver-7.6.1/mapwmslayer.c:323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[100];
data/mapserver-7.6.1/mapwmslayer.c:610:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msIsAxisInverted(atoi(pszEPSG + 5))) {
data/mapserver-7.6.1/mapwmslayer.c:631:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szProj[20];
data/mapserver-7.6.1/mapwmslayer.c:795:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bIsEssential = atoi(pszTmp);
data/mapserver-7.6.1/mapwmslayer.c:799:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[100] = "";
data/mapserver-7.6.1/mapwmslayer.c:854:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[20] = "";
data/mapserver-7.6.1/mapwmslayer.c:884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[100] = "";
data/mapserver-7.6.1/mapwmslayer.c:1082:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nTimeout = atoi(pszTmp);
data/mapserver-7.6.1/mapwmslayer.c:1095:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bCacheToDisk = atoi(pszTmp);
data/mapserver-7.6.1/mapwmslayer.c:1117:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bForceSeparateRequest = atoi(pszTmp);
data/mapserver-7.6.1/mapwmslayer.c:1300:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPath[MS_MAXPATHLEN];
data/mapserver-7.6.1/mapwmslayer.c:1319:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bIsEssential = atoi(pszTmp);
data/mapserver-7.6.1/mapwmslayer.c:1367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapwmslayer.c:1370:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pasReqInfo[iReq].pszOutputFile, "r");
data/mapserver-7.6.1/mapwmslayer.c:1476:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(wldfile+strlen(wldfile)-3, "wld");
data/mapserver-7.6.1/mapwmslayer.c:1484:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char world_text[5000];
data/mapserver-7.6.1/mapwmslayer.c:1486:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( world_text, "%.12f\n0\n0\n%.12f\n%.12f\n%.12f\n",
data/mapserver-7.6.1/mapwmslayer.c:1598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuf[MS_BUFFER_LENGTH];
data/mapserver-7.6.1/mapwmslayer.c:1600:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(pasReqInfo[0].pszOutputFile, "r");
data/mapserver-7.6.1/mapxbase.c:155:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pszDBFFilename+strlen(pszDBFFilename)-4, ".dbf");
data/mapserver-7.6.1/mapxbase.c:158:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pszDBFFilename+strlen(pszDBFFilename)-4, ".DBF");
data/mapserver-7.6.1/mapxbase.c:170:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( pszDBFFilename+strlen(pszDBFFilename)-4, ".DBF");
data/mapserver-7.6.1/mapxbase.c:596:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return(atoi(msDBFReadAttribute( psDBF, iRecord, iField )));
data/mapserver-7.6.1/mapxbase.c:686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSField[40];
data/mapserver-7.6.1/mapxbase.c:737:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pabyRec+psDBF->panFieldOffset[iField], szSField, MS_MIN(len, psDBF->panFieldSize[iField]));
data/mapserver-7.6.1/mapxbase.c:742:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pabyRec+psDBF->panFieldOffset[iField], pValue, MS_MIN(len, psDBF->panFieldSize[iField]));
data/mapserver-7.6.1/mapxbase.c:792:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[32]; /* field name */
data/mapserver-7.6.1/mapxbase.c:817:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[32];
data/mapserver-7.6.1/mapxml.c:42:81: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
int msTransformXmlMapfile(const char *stylesheet, const char *xmlMapfile, FILE *tmpfile)
data/mapserver-7.6.1/mapxml.c:72:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if ( xsltSaveResultToFile(tmpfile, res, cur) != -1 )
data/mapserver-7.6.1/mapxmp.c:192:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns_name, key + matches[1].rm_so, ns_size);
data/mapserver-7.6.1/mapxmp.c:229:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns_name, key + matches[1].rm_so, ns_name_size);
data/mapserver-7.6.1/mapxmp.c:230:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns_tag, key + matches[2].rm_so, ns_tag_size);
data/mapserver-7.6.1/msencrypt.c:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pabyKey[16];
data/mapserver-7.6.1/msencrypt.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szKeyEncoded[50];
data/mapserver-7.6.1/msencrypt.c:51:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(argv[2], "wt")) != NULL) {
data/mapserver-7.6.1/msencrypt.c:59:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[16];
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:56:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_array, c, sizeof(T) * Size);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:61:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_array, c, sizeof(T) * Size);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:124:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_array, v.m_array, sizeof(T) * m_size);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:138:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_array, v.m_array, sizeof(T) * m_size);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:249:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, m_array, m_size * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:272:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_array, v.m_array, sizeof(T) * v.m_size);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:280:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(v.m_size) memcpy(m_array, v.m_array, sizeof(T) * v.m_size);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:287:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(m_size) memcpy(ptr, m_array, m_size * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:296:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(byte_size) memcpy(m_array, data, byte_size * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:589:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:606:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:623:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_blocks,
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:723:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &(*this)[i], sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:737:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data, sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:760:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((*this)[start + i]), data, sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:765:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data, sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:868:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_blocks,
data/mapserver-7.6.1/renderers/agg/include/agg_font_cache_manager.h:175:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_fonts,
data/mapserver-7.6.1/renderers/agg/include/agg_gsv_text.h:91:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_chr[2];
data/mapserver-7.6.1/renderers/agg/include/agg_path_storage.h:311:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_coords,
data/mapserver-7.6.1/renderers/agg/include/agg_path_storage.h:315:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_cmds,
data/mapserver-7.6.1/renderers/agg/include/agg_path_storage_integer.h:125:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &m_storage[i], sizeof(vertex_integer_type));
data/mapserver-7.6.1/renderers/agg/include/agg_path_storage_integer.h:267:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, m_ptr, sizeof(vertex_integer_type));
data/mapserver-7.6.1/renderers/agg/include/agg_pixfmt_amask_adaptor.h:57:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_span[0], covers, len * sizeof(cover_type));
data/mapserver-7.6.1/renderers/agg/include/agg_rasterizer_cells_aa.h:483:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_cells, m_cells, m_max_blocks * sizeof(cell_type*));
data/mapserver-7.6.1/renderers/agg/include/agg_rendering_buffer.h:108:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row_ptr(0, y, w), src.row_ptr(y), l);
data/mapserver-7.6.1/renderers/agg/include/agg_rendering_buffer.h:238:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row_ptr(0, y, w), src.row_ptr(y), l);
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_p.h:106:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_cover_ptr, covers, len * sizeof(cover_type));
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_p.h:262:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_cover_ptr, covers, len * sizeof(cover_type));
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_aa.h:100:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, cells, sizeof(T) * num_cells);
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_aa.h:106:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s.ptr, cells, sizeof(T) * num_cells);
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_aa.h:147:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst.ptr, src.ptr, dst.len * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_aa.h:482:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, covers, sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_storage_aa.h:487:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, covers, unsigned(sp.len) * sizeof(T));
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_u.h:171:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_covers[x], covers, len * sizeof(cover_type));
data/mapserver-7.6.1/renderers/agg/include/agg_scanline_u.h:386:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_covers[x], covers, len * sizeof(cover_type));
data/mapserver-7.6.1/renderers/agg/include/agg_svg_path_tokenizer.h:97:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_separators_mask[256/8];
data/mapserver-7.6.1/renderers/agg/include/agg_svg_path_tokenizer.h:98:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_commands_mask[256/8];
data/mapserver-7.6.1/renderers/agg/include/agg_svg_path_tokenizer.h:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_numeric_mask[256/8];
data/mapserver-7.6.1/renderers/agg/include/agg_trans_viewport.h:205:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, this, sizeof(*this));
data/mapserver-7.6.1/renderers/agg/include/agg_trans_viewport.h:210:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this, ptr, sizeof(*this));
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:627:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_faces,
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:630:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_face_names,
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:844:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_table[rasterizer_scanline_aa<>::aa_scale];
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:870:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:872:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, ",%08X%08X%08X%08X%08X%08X",
data/mapserver-7.6.1/renderers/agg/src/agg_gsv_text.cpp:547:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(file, "rb");
data/mapserver-7.6.1/renderers/agg/src/agg_gsv_text.cpp:579:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m_text_buf[0], text, new_size);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:32:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[22];
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:218:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:229:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(fname, "r");
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:357:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self.m_title + self.m_title_len, s, len);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:554:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(len) memcpy(m_attr_name, start, len);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:570:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(len) memcpy(m_attr_value, start, len);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_renderer.cpp:348:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_renderer.cpp:349:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "parse_path: Invalid Command %c", cmd);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_tokenizer.cpp:77:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_tokenizer.cpp:78:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "path_tokenizer::next : Invalid Character %c", *m_path);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_tokenizer.cpp:108:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_tokenizer.cpp:109:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "parse_path: Command %c: bad or missing parameters", cmd);
data/mapserver-7.6.1/renderers/agg/src/agg_svg_path_tokenizer.cpp:119:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256]; // Should be enough for any number
data/mapserver-7.6.1/shp2img.c:54:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iterations = atoi(argv[i+1]);
data/mapserver-7.6.1/shp2img.c:60:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int debug_level = atoi(argv[++i]);
data/mapserver-7.6.1/shp2img.c:153:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pause_length = atoi(argv[i+1]);
data/mapserver-7.6.1/shp2img.c:197:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int debug_level = atoi(argv[++i]);
data/mapserver-7.6.1/shp2img.c:210:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map->debug = atoi(argv[++i]);
data/mapserver-7.6.1/shp2img.c:219:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int debug_level = atoi(argv[++i]);
data/mapserver-7.6.1/shp2img.c:253:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msMapSetSize(map, atoi(argv[i+1]), atoi(argv[i+2]));
data/mapserver-7.6.1/shp2img.c:253:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
msMapSetSize(map, atoi(argv[i+1]), atoi(argv[i+2]));
data/mapserver-7.6.1/shptree.c:112:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi(argv[2]);
data/mapserver-7.6.1/sortshp.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[255];
data/mapserver-7.6.1/sortshp.c:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fName[20];
data/mapserver-7.6.1/sortshp.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/mapserver-7.6.1/sym2img.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/mapserver-7.6.1/sym2img.c:163:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((stream = fopen(argv[2],"wb")) == NULL) { /* open the file */
data/mapserver-7.6.1/tile4ms.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[12];
data/mapserver-7.6.1/tile4ms.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fldname[256];
data/mapserver-7.6.1/tile4ms.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tileshapeName[256];
data/mapserver-7.6.1/tile4ms.c:76:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tiledbfName[256];
data/mapserver-7.6.1/tile4ms.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shapeFileName[256];
data/mapserver-7.6.1/tile4ms.c:89:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL==(metaFP=fopen(metaFileNameP, "r"))) {
data/mapserver-7.6.1/apache/mod_mapserver.c:44:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen ((char*) data);
data/mapserver-7.6.1/apache/mod_mapserver.c:211:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(mapserv->request->ParamValues[i] && strlen(mapserv->request->ParamValues[i]) > 0) {
data/mapserver-7.6.1/apache/mod_mapserver.c:271:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (uri);
data/mapserver-7.6.1/apache/mod_mapserver.c:272:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int conf_uri_len = strlen (conf->uri);
data/mapserver-7.6.1/apache/mod_mapserver.c:424:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (dir);
data/mapserver-7.6.1/cgiutil.c:158:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_len = strlen(post_data);
data/mapserver-7.6.1/cgiutil.c:163:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(request->contenttype, "application/x-www-form-urlencoded", strlen("application/x-www-form-urlencoded")) == 0) {
data/mapserver-7.6.1/cgiutil.c:219:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s)==0) {
data/mapserver-7.6.1/cgiutil.c:292:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *word = (char *) msSmallMalloc(sizeof(char) * (strlen(line) + 1));
data/mapserver-7.6.1/cgiutil.c:311:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *word = (char *) msSmallMalloc(sizeof(char) * (strlen(line) + 1));
data/mapserver-7.6.1/cgiutil.c:335:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
word[ll] = (char)fgetc(f);
data/mapserver-7.6.1/cgiutil.c:385:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(x=strlen(s) - 1; x != -1; x--)
data/mapserver-7.6.1/cgiutil.c:395:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(f);
data/mapserver-7.6.1/cgiutil.c:419:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(cmd);
data/mapserver-7.6.1/fontcache.c:255:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UT_HASH_ADD_KEYPTR(hh,cache->face_cache,fc->font, strlen(key), fc);
data/mapserver-7.6.1/mapchart.c:296:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
attrib = msSmallMalloc(strlen(chartRangeProcessingKey)+1);
data/mapserver-7.6.1/mapcompositingfilter.c:173:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rad,filter->filter+pmatch[1].rm_so,pmatch[1].rm_eo-pmatch[1].rm_so);
data/mapserver-7.6.1/mapcompositingfilter.c:191:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(num,filter->filter+pmatch[1].rm_so,pmatch[1].rm_eo-pmatch[1].rm_so);
data/mapserver-7.6.1/mapcompositingfilter.c:196:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(num,filter->filter+pmatch[2].rm_so,pmatch[2].rm_eo-pmatch[2].rm_so);
data/mapserver-7.6.1/mapcompositingfilter.c:208:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(filter->filter,"grayscale()",strlen("grayscale()"))) {
data/mapserver-7.6.1/mapcompositingfilter.c:212:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(filter->filter,"blacken()",strlen("blacken()"))) {
data/mapserver-7.6.1/mapcompositingfilter.c:216:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(filter->filter,"whiten()",strlen("whiten()"))) {
data/mapserver-7.6.1/mapcontext.c:56:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename != NULL && strlen(filename) > 0) {
data/mapserver-7.6.1/mapcontext.c:240:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszMetadataName = (char*) malloc( strlen(pszMetadataRoot) + 10 );
data/mapserver-7.6.1/mapcontext.c:285:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszMetadata = (char*)malloc(strlen(pszHash)+
data/mapserver-7.6.1/mapcontext.c:286:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszXMLValue)+2);
data/mapserver-7.6.1/mapcontext.c:381:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszValue1 = (char*)malloc(strlen(pszHash)+
data/mapserver-7.6.1/mapcontext.c:382:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszValue)+2);
data/mapserver-7.6.1/mapcontext.c:473:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszValue1 = (char*)malloc(strlen(pszHash)+
data/mapserver-7.6.1/mapcontext.c:474:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszStyleName)+2);
data/mapserver-7.6.1/mapcontext.c:484:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyle = (char*)malloc(strlen(pszStyleName)+20);
data/mapserver-7.6.1/mapcontext.c:494:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyle = (char*)malloc(strlen(pszStyleName)+15);
data/mapserver-7.6.1/mapcontext.c:502:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyle = (char*)malloc(strlen(pszStyleName)+20);
data/mapserver-7.6.1/mapcontext.c:529:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyle = (char*) malloc(strlen(pszStyleName) + 25);
data/mapserver-7.6.1/mapcontext.c:596:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszDimension = (char*)malloc(strlen(pszDimensionName)+50);
data/mapserver-7.6.1/mapcontext.c:608:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszValue = (char*)malloc(strlen(pszHash)+
data/mapserver-7.6.1/mapcontext.c:609:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszDimensionName)+2);
data/mapserver-7.6.1/mapcontext.c:681:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszProj = (char*) malloc(sizeof(char)*(strlen(pszValue)+10));
data/mapserver-7.6.1/mapcontext.c:857:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszName = (char*)malloc(sizeof(char)*(strlen(pszValue)+15));
data/mapserver-7.6.1/mapcontext.c:979:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pszProj) > 10) {
data/mapserver-7.6.1/mapcontext.c:980:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszProj = (char*) malloc(sizeof(char) * (strlen(pszProj)));
data/mapserver-7.6.1/mapcontext.c:1285:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename != NULL && strlen(filename) > 0) {
data/mapserver-7.6.1/mapcontext.c:1715:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pszValue == NULL || strlen(pszValue) < 1) {
data/mapserver-7.6.1/mapcontext.c:1822:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyleItem = (char*)malloc(strlen(pszStyle)+10+10);
data/mapserver-7.6.1/mapcontext.c:1855:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyleItem = (char*)malloc(strlen(pszStyle)+10+8);
data/mapserver-7.6.1/mapcontext.c:1867:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStyleItem = (char*)malloc(strlen(pszStyle)+10+20);
data/mapserver-7.6.1/mapcontour.c:112:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clinfo->ogrLayer.connection = (char*)msSmallMalloc(strlen(clinfo->ogrLayer.name)+13);
data/mapserver-7.6.1/mapcontour.c:121:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (elevItem && strlen(elevItem) > 0) {
data/mapserver-7.6.1/mapcontour.c:200:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wkt != NULL && strlen(wkt) > 0) {
data/mapserver-7.6.1/mapcontour.c:587:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (elevItem && strlen(elevItem) > 0) {
data/mapserver-7.6.1/mapcontour.c:810:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (elevItem && strlen(elevItem) > 0) {
data/mapserver-7.6.1/mapcpl.c:60:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( iFileStart = strlen(pszFilename);
data/mapserver-7.6.1/mapcpl.c:99:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( iExtStart = strlen(pszFullFilename);
data/mapserver-7.6.1/mapcpl.c:104:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
iExtStart = strlen(pszFullFilename);
data/mapserver-7.6.1/mapcpl.c:183:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char withUnder[strlen(pszSymbolName) + 2];
data/mapserver-7.6.1/mapcrypto.c:423:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((outbuf = (char *)malloc((strlen(in)+1)*sizeof(char))) == NULL) {
data/mapserver-7.6.1/mapcrypto.c:467:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out += strlen(out);
data/mapserver-7.6.1/mapdrawgdal.c:946:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(lut_line) - 1;
data/mapserver-7.6.1/mapdrawgdal.c:970:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( wrkLUTDef + strlen(wrkLUTDef), sizeof(wrkLUTDef)-strlen(wrkLUTDef),
data/mapserver-7.6.1/mapdrawgdal.c:970:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( wrkLUTDef + strlen(wrkLUTDef), sizeof(wrkLUTDef)-strlen(wrkLUTDef),
data/mapserver-7.6.1/mapdrawgdal.c:1055:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strspn(lut_def,"0123456789:, ") != strlen(lut_def) ) {
data/mapserver-7.6.1/mapdrawgdal.c:1597:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullPathLen = strlen(fullPath);
data/mapserver-7.6.1/mapdrawgdal.c:1600:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( (fullPathLen + strlen(gdalDesc)) < MS_MAXPATHLEN ) {
data/mapserver-7.6.1/mapdrawgdal.c:2230:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( EQUAL(pszNODATAOpt,"OFF") || strlen(pszNODATAOpt) == 0 )
data/mapserver-7.6.1/maperror.c:334:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(message, "");
data/mapserver-7.6.1/maperror.c:348:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ms_error->routine, "");
data/mapserver-7.6.1/maperror.c:445:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nTextLength = strlen(errormsg);
data/mapserver-7.6.1/maperror.c:469:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(papszLines[i], errormsg+nStart, nLength);
data/mapserver-7.6.1/mapfile.c:309:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(lib_str);
data/mapserver-7.6.1/mapfile.c:400:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(msyystring_buffer);
data/mapserver-7.6.1/mapfile.c:435:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(msyystring_buffer[0] == '#' && strlen(msyystring_buffer) == 7) { /* got a hex color */
data/mapserver-7.6.1/mapfile.c:448:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(msyystring_buffer[0] == '#' && strlen(msyystring_buffer) == 9) { /* got a hex color with alpha */
data/mapserver-7.6.1/mapfile.c:1172:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(pszPrefix);
data/mapserver-7.6.1/mapfile.c:1181:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = 10 + strlen(code) + 1;
data/mapserver-7.6.1/mapfile.c:1211:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix_len = strlen(pszPrefix);
data/mapserver-7.6.1/mapfile.c:1223:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( init_string, "init=epsg:4326", sizeof(init_string) );
data/mapserver-7.6.1/mapfile.c:1225:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( init_string, "init=epsg:4269", sizeof(init_string) );
data/mapserver-7.6.1/mapfile.c:1227:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( init_string, "init=epsg:4267", sizeof(init_string) );
data/mapserver-7.6.1/mapfile.c:1500:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:1781:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:2062:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(value) - strlen(msyystring_buffer)) == 2)
data/mapserver-7.6.1/mapfile.c:2062:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((strlen(value) - strlen(msyystring_buffer)) == 2)
data/mapserver-7.6.1/mapfile.c:2089:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(exp->string)+4;
data/mapserver-7.6.1/mapfile.c:2255:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:2653:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:3364:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:4510:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:4868:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:5241:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:5417:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:5539:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:5818:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(msyystring_buffer) > 0) {
data/mapserver-7.6.1/mapfile.c:6903:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename && strlen(filename)>0) {
data/mapserver-7.6.1/mapfile.c:6909:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buffer_size = (strlen(default_key)-5);
data/mapserver-7.6.1/mapfile.c:6932:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buffer_size = (strlen(default_key)-5);
data/mapserver-7.6.1/mapfile.c:6951:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buffer_size = (strlen(default_key)-5);
data/mapserver-7.6.1/mapfile.c:6972:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buffer_size = (strlen(default_key) - 5);
data/mapserver-7.6.1/mapfile.c:7044:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag = msSmallMalloc(strlen(key)+3);
data/mapserver-7.6.1/mapfile.c:7064:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag = msSmallMalloc(strlen(key)+3);
data/mapserver-7.6.1/mapfile.c:7084:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag = msSmallMalloc(strlen(key)+3);
data/mapserver-7.6.1/mapfile.c:7172:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(msyystring_buffer)+2+1;
data/mapserver-7.6.1/mapfile.c:7177:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(msyystring_buffer)+2+1;
data/mapserver-7.6.1/mapfile.c:7182:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(msyystring_buffer)+2+1;
data/mapserver-7.6.1/mapgdal.c:614:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nEpsgCode = atoi(pszInitEpsg + strlen("init=epsg:"));
data/mapserver-7.6.1/mapgdal.c:621:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength += strlen(projection->args[i]) + 2;
data/mapserver-7.6.1/mapgdal.c:627:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( pszProj4, "+" );
data/mapserver-7.6.1/mapgdal.c:629:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( pszProj4, " " );
data/mapserver-7.6.1/mapgml.c:470:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszGMLId = (char*) msSmallMalloc( strlen(pszFID) + 1 + strlen(" gml:id=\"\"") + 10 );
data/mapserver-7.6.1/mapgml.c:470:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszGMLId = (char*) msSmallMalloc( strlen(pszFID) + 1 + strlen(" gml:id=\"\"") + 10 );
data/mapserver-7.6.1/mapgml.c:1343:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
itemtab = (char *) msSmallMalloc(sizeof(char)*strlen(tab)+3);
data/mapserver-7.6.1/mapgml.c:1409:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename && strlen(filename) > 0) { /* deal with the filename if present */
data/mapserver-7.6.1/mapgml.c:1455:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = (char*) msSmallMalloc(strlen(lp->name)+7);
data/mapserver-7.6.1/mapgml.c:1519:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = (char*) msSmallMalloc(strlen(lp->name)+9);
data/mapserver-7.6.1/mapgml.c:1553:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = (char*) msSmallMalloc(strlen(lp->name)+9);
data/mapserver-7.6.1/mapgml.c:1565:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = (char*) msSmallMalloc(strlen(lp->name)+7);
data/mapserver-7.6.1/mapgml.c:1585:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename && strlen(filename) > 0) fclose(stream);
data/mapserver-7.6.1/mapgml.c:1738:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
layerName = (char *) msSmallMalloc(strlen(namespace_prefix)+strlen(lp->name)+2);
data/mapserver-7.6.1/mapgml.c:1738:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
layerName = (char *) msSmallMalloc(strlen(namespace_prefix)+strlen(lp->name)+2);
data/mapserver-7.6.1/mapgml.c:1800:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFID = (char*) msSmallMalloc( strlen(lp->name) + 1 + strlen(shape.values[featureIdIndex]) + 1 );
data/mapserver-7.6.1/mapgml.c:1800:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFID = (char*) msSmallMalloc( strlen(lp->name) + 1 + strlen(shape.values[featureIdIndex]) + 1 );
data/mapserver-7.6.1/mapgml.c:1941:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(psEpsg)+1;
data/mapserver-7.6.1/mapgml.c:2005:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(psSrsName)+1;
data/mapserver-7.6.1/mapgraticule.c:90:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pInfo->labelformat = (char *) msSmallMalloc( strlen( MAPGRATICULE_FORMAT_STRING_DEFAULT ) + 1 );
data/mapserver-7.6.1/mapgraticule.c:95:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pInfo->labelformat = (char *) msSmallMalloc( strlen( MAPGRATICULE_FORMAT_STRING_DDMMSS ) + 1 );
data/mapserver-7.6.1/mapgraticule.c:100:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pInfo->labelformat = (char *) msSmallMalloc( strlen( MAPGRATICULE_FORMAT_STRING_DDMM ) + 1 );
data/mapserver-7.6.1/mapgraticule.c:105:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pInfo->labelformat = (char *) msSmallMalloc( strlen( MAPGRATICULE_FORMAT_STRING_DD ) + 1 );
data/mapserver-7.6.1/maphttp.c:578:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(pasReqInfo[i].pszProxyAddress) > 0) {
data/mapserver-7.6.1/maphttp.c:603:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(pasReqInfo[i].pszProxyUsername) > 0
data/mapserver-7.6.1/maphttp.c:604:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(pasReqInfo[i].pszProxyPassword) > 0) {
data/mapserver-7.6.1/maphttp.c:628:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(pasReqInfo[i].pszHttpUsername) > 0
data/mapserver-7.6.1/maphttp.c:629:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(pasReqInfo[i].pszHttpPassword) > 0) {
data/mapserver-7.6.1/maphttp.c:700:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(nPos=0; nPos<strlen(pasReqInfo[i].pszHTTPCookieData); nPos++) {
data/mapserver-7.6.1/mapimagemap.c:128:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *result = msSmallMalloc(strlen(fmt)+1+3*MAX), *cp;
data/mapserver-7.6.1/mapimagemap.c:313:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
imgStr.string_len = strlen(*(imgStr.string));
data/mapserver-7.6.1/mapimagemap.c:629:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(string) == 0) return(0);
data/mapserver-7.6.1/mapimagemap.c:653:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename != NULL && strlen(filename) > 0) {
data/mapserver-7.6.1/mapimagemap.c:676:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUG_IF printf("FLEN %d<BR>\n", (int)strlen(img->img.imagemap));
data/mapserver-7.6.1/mapimagemap.c:686:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(img->img.imagemap);
data/mapserver-7.6.1/mapimagemap.c:692:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msIO_fwrite(workbuffer, strlen(workbuffer), 1, stream);
data/mapserver-7.6.1/mapimagemap.c:715:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename != NULL && strlen(filename) > 0) fclose(stream);
data/mapserver-7.6.1/mapio.c:952:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( content_type, (const char *) buf->data + 14, end_of_ct - 14 + 2);
data/mapserver-7.6.1/mapjoin.c:602:39: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if (strcmp(DB_PASSWD, "none") == 0) strcpy(DB_PASSWD, "");
data/mapserver-7.6.1/mapkmlrenderer.cpp:274:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name && strlen(name) > 0)
data/mapserver-7.6.1/mapkmlrenderer.cpp:277:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (layer->name && strlen(layer->name) > 0)
data/mapserver-7.6.1/mapkmlrenderer.cpp:288:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp && pszItemName && strlen(pszItemName) > 0) {
data/mapserver-7.6.1/mapkmlrenderer.cpp:313:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!layerDsiplayFolder || strlen(layerDsiplayFolder)<=0) {
data/mapserver-7.6.1/mapkmlrenderer.cpp:561:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (CurrentShapeName && strlen(CurrentShapeName)>0) {
data/mapserver-7.6.1/mapkmlrenderer.cpp:1131:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value && strlen(value) > 0) {
data/mapserver-7.6.1/mapkmlrenderer.cpp:1192:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(currentLayer->items[i]) + 3;
data/mapserver-7.6.1/mapkmlrenderer.cpp:1242:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (shape->values[i] && strlen(shape->values[i]))
data/mapserver-7.6.1/maplabel.c:827:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!(*file1) || !(*alias) || (strlen(file1) <= 0))
data/mapserver-7.6.1/maplabel.c:832:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (file1[0] == '\\' || (strlen(file1) > 1 && (file1[1] == ':')))
data/mapserver-7.6.1/maplayer.c:1173:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(key);
data/mapserver-7.6.1/maplayer.c:1178:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
directive = (char *) msSmallMalloc(strlen(key)+strlen(value)+2);
data/mapserver-7.6.1/maplayer.c:1178:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
directive = (char *) msSmallMalloc(strlen(key)+strlen(value)+2);
data/mapserver-7.6.1/maplayer.c:1241:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(key);
data/mapserver-7.6.1/maplayer.c:1396:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszBuffer && strlen(pszBuffer) > 0 && bOnlyExistingFilter == 0)
data/mapserver-7.6.1/maplayer.c:1456:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszBuffer && strlen(pszBuffer) > 0 && bOnlyExistingFilter == 0)
data/mapserver-7.6.1/maplayer.c:1502:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszBuffer && strlen(pszBuffer) > 0) {
data/mapserver-7.6.1/maplayer.c:1896:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nSrcLen = (int)strlen(pszString);
data/mapserver-7.6.1/maplayer.c:1924:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (layer && pszString && strlen(pszString) > 0) {
data/mapserver-7.6.1/maplayer.c:1925:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nLength = strlen(pszString);
data/mapserver-7.6.1/maplexer.c:2323:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext), \
data/mapserver-7.6.1/maplexer.c:2449:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( msyyin )) != EOF && c != '\n'; ++n ) \
data/mapserver-7.6.1/maplexer.c:4311:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4312:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4323:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4324:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4337:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4338:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4375:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4376:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4389:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-2] = '\0';
data/mapserver-7.6.1/maplexer.c:4390:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4403:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-2] = '\0';
data/mapserver-7.6.1/maplexer.c:4404:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4414:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4425:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4438:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4439:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4451:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-2] = '\0';
data/mapserver-7.6.1/maplexer.c:4452:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4464:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4465:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4476:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4477:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4488:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4489:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4518:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msyystring_icase && strlen(msyytext)==2) {
data/mapserver-7.6.1/maplexer.c:4530:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msyytext)==2) {
data/mapserver-7.6.1/maplexer.c:4547:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msyytext) == 2)
data/mapserver-7.6.1/maplexer.c:4573:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msyytext[strlen(msyytext)-1] = '\0';
data/mapserver-7.6.1/maplexer.c:4612:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:4649:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_LEXER_STRING_REALLOC(msyystring_buffer, strlen(msyytext),
data/mapserver-7.6.1/maplexer.c:5425:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return msyy_scan_bytes(yystr,strlen(yystr) );
data/mapserver-7.6.1/mapmetadata.c:813:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszLayer==NULL || strlen(paramsObj->pszLayer)<=0) {
data/mapserver-7.6.1/mapmssql2008.c:676:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_hay = strlen(haystack);
data/mapserver-7.6.1/mapmssql2008.c:677:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_need = strlen(needle);
data/mapserver-7.6.1/mapmssql2008.c:894:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_width) > 0
data/mapserver-7.6.1/mapmssql2008.c:899:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_precision) > 0
data/mapserver-7.6.1/mapmssql2008.c:985:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maskeddata = (char *)msSmallMalloc(strlen(layer->connection) + 1);
data/mapserver-7.6.1/mapmssql2008.c:1376:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_table_name = (char *) msSmallMalloc(strlen(geom_table) + 1);
data/mapserver-7.6.1/mapmssql2008.c:1440:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data_source = (char *)msSmallMalloc(strlen(geom_table) + 1);
data/mapserver-7.6.1/mapmssql2008.c:1453:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)msSmallMalloc((start - geom_table) + strlen(box3d) + strlen(end) + 1);
data/mapserver-7.6.1/mapmssql2008.c:1453:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *)msSmallMalloc((start - geom_table) + strlen(box3d) + strlen(end) + 1);
data/mapserver-7.6.1/mapmssql2008.c:2492:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), "convert(varchar(max), %s),", layer->items[t]);
data/mapserver-7.6.1/mapmssql2008.c:2492:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), "convert(varchar(max), %s),", layer->items[t]);
data/mapserver-7.6.1/mapmssql2008.c:2496:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), "%s, convert(varchar(36), %s)", layerinfo->geom_column, layerinfo->urid_name);
data/mapserver-7.6.1/mapmssql2008.c:2496:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), "%s, convert(varchar(36), %s)", layerinfo->geom_column, layerinfo->urid_name);
data/mapserver-7.6.1/mapmssql2008.c:2498:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), "%s.STAsBinary(), convert(varchar(36), %s)", layerinfo->geom_column, layerinfo->urid_name);
data/mapserver-7.6.1/mapmssql2008.c:2498:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buffer + strlen(buffer), sizeof(buffer) - strlen(buffer), "%s.STAsBinary(), convert(varchar(36), %s)", layerinfo->geom_column, layerinfo->urid_name);
data/mapserver-7.6.1/mapmssql2008.c:2575:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(rectProjection->args[0], "init=epsg:", (int)strlen("init=epsg:")) != 0)
data/mapserver-7.6.1/mapmssql2008.c:2697:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sqlSize = strlen(layerinfo->geom_table) + 30;
data/mapserver-7.6.1/mapmssql2008.c:2734:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
layer->items[item_num] = (char *) msSmallMalloc(strlen(colBuff) + 1);
data/mapserver-7.6.1/mapmssql2008.c:2789:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2 = (char *)msSmallMalloc(sizeof(char)*(strlen(tmp1) + strlen(sql) + 1));
data/mapserver-7.6.1/mapmssql2008.c:2789:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp2 = (char *)msSmallMalloc(sizeof(char)*(strlen(tmp1) + strlen(sql) + 1));
data/mapserver-7.6.1/mapmssql2008.c:2855:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = pos_urid + strlen(pos_urid);
data/mapserver-7.6.1/mapmssql2008.c:2885:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = pos_indexHint + strlen(pos_indexHint);
data/mapserver-7.6.1/mapmssql2008.c:2896:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !pos_opt ) pos_opt = data + strlen(data);
data/mapserver-7.6.1/mapmssql2008.c:2938:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(*table_name) < 1 || strlen(*geom_column_name) < 1) {
data/mapserver-7.6.1/mapmssql2008.c:2938:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(*table_name) < 1 || strlen(*geom_column_name) < 1) {
data/mapserver-7.6.1/mapmssql2008.c:2975:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszString && strlen(pszString) > 0) {
data/mapserver-7.6.1/mapmssql2008.c:2976:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nLength = strlen(pszString);
data/mapserver-7.6.1/mapmssql2008.c:2997:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nSrcLen = (int)strlen(pszString);
data/mapserver-7.6.1/mapmssql2008.c:3081:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + 16);
data/mapserver-7.6.1/mapmssql2008.c:3089:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mapmssql2008.c:3089:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mapmssql2008.c:3161:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mapmssql2008.c:3161:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mapmssql2008.c:3172:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + 16);
data/mapserver-7.6.1/mapmssql2008.c:3202:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strtmpl[strlen(strtmpl) - 1] = '\0';
data/mapserver-7.6.1/mapmssql2008.c:3216:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *)msSmallMalloc(strlen(strtmpl) + nEscapeLen + 3);
data/mapserver-7.6.1/mapmssql2008.c:3218:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i < strlen(strtmpl)) {
data/mapserver-7.6.1/mapmssql2008.c:3541:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/mapmssql2008.c:3541:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/mapmssql2008.c:3559:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/mapmssql2008.c:3559:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/mapmvt.c:308:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UT_HASH_ADD_KEYPTR(hh,value_lookup_cache->cache,value->value, strlen(value->value), value);
data/mapserver-7.6.1/mapogcfilter.c:59:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszValue);
data/mapserver-7.6.1/mapogcfilter.c:843:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (szXMLString == NULL || strlen(szXMLString) <= 0 ||
data/mapserver-7.6.1/mapogcfilter.c:1526:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nStrLength = strlen(pszLowerNode) + strlen(pszUpperNode) + 2;
data/mapserver-7.6.1/mapogcfilter.c:1526:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nStrLength = strlen(pszLowerNode) + strlen(pszUpperNode) + 2;
data/mapserver-7.6.1/mapogcfilter.c:1717:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psFilterNode->psRightNode->pszValue = msSmallMalloc( strlen(pszBeginTime) + strlen(pszEndTime) + 2 );
data/mapserver-7.6.1/mapogcfilter.c:1717:87: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
psFilterNode->psRightNode->pszValue = msSmallMalloc( strlen(pszBeginTime) + strlen(pszEndTime) + 2 );
data/mapserver-7.6.1/mapogcfilter.c:2233:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszId) <= 0)
data/mapserver-7.6.1/mapogcfilter.c:2312:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBuffer = (char *)malloc(sizeof(char) * (strlen(pszTmp) + 1));
data/mapserver-7.6.1/mapogcfilter.c:2331:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBuffer = (char *)malloc(sizeof(char) * (strlen(pszTmp) + 1));
data/mapserver-7.6.1/mapogcfilter.c:2344:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(pszTmp) +
data/mapserver-7.6.1/mapogcfilter.c:2345:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(psFilterNode->pszValue) + 5));
data/mapserver-7.6.1/mapogcfilter.c:2349:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pszBuffer, " ");
data/mapserver-7.6.1/mapogcfilter.c:2351:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pszBuffer, " ");
data/mapserver-7.6.1/mapogcfilter.c:2355:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nTmp = strlen(pszBuffer);
data/mapserver-7.6.1/mapogcfilter.c:2363:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(char) * (strlen(pszTmp) + nTmp +3));
data/mapserver-7.6.1/mapogcfilter.c:2376:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBuffer = (char *)malloc(sizeof(char) * (strlen(pszTmp) + 9));
data/mapserver-7.6.1/mapogcfilter.c:2653:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszWild || strlen(pszWild) == 0 ||
data/mapserver-7.6.1/mapogcfilter.c:2654:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!pszSingle || strlen(pszSingle) == 0 ||
data/mapserver-7.6.1/mapogcfilter.c:2655:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!pszEscape || strlen(pszEscape) == 0)
data/mapserver-7.6.1/mapogcfilter.c:2688:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszValue);
data/mapserver-7.6.1/mapogcfilter.c:3096:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nGroupNameLen = strlen(pszGroupName);
data/mapserver-7.6.1/mapogcfilter.c:3153:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!lp->items[i] || strlen(lp->items[i]) <= 0)
data/mapserver-7.6.1/mapogcfilter.c:3198:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( pszDot - pszId != strlen(lp->name) ||
data/mapserver-7.6.1/mapogcfilter.c:3199:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(pszId, lp->name, strlen(lp->name)) != 0 )
data/mapserver-7.6.1/mapogcfilter.c:3341:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!items->items[i].name || strlen(items->items[i].name) <= 0 ||
data/mapserver-7.6.1/mapogcfiltercommon.cpp:52:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszWild || strlen(pszWild) == 0 || !pszSingle || strlen(pszSingle) == 0 || !pszEscape || strlen(pszEscape) == 0)
data/mapserver-7.6.1/mapogcfiltercommon.cpp:52:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszWild || strlen(pszWild) == 0 || !pszSingle || strlen(pszSingle) == 0 || !pszEscape || strlen(pszEscape) == 0)
data/mapserver-7.6.1/mapogcfiltercommon.cpp:52:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszWild || strlen(pszWild) == 0 || !pszSingle || strlen(pszSingle) == 0 || !pszEscape || strlen(pszEscape) == 0)
data/mapserver-7.6.1/mapogcfiltercommon.cpp:70:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t nLength = strlen(pszValue);
data/mapserver-7.6.1/mapogcfiltercommon.cpp:606:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = 11+strlen(pszId)+strlen(pszAttribute)+1;
data/mapserver-7.6.1/mapogcfiltercommon.cpp:606:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = 11+strlen(pszId)+strlen(pszAttribute)+1;
data/mapserver-7.6.1/mapogcfiltercommon.cpp:610:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = 8+strlen(pszId)+strlen(pszAttribute)+1;
data/mapserver-7.6.1/mapogcfiltercommon.cpp:610:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = 8+strlen(pszId)+strlen(pszAttribute)+1;
data/mapserver-7.6.1/mapogcsld.c:295:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!lp->items[z] || strlen(lp->items[z]) <= 0)
data/mapserver-7.6.1/mapogcsld.c:302:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* pszTmp2 = (char *)malloc(sizeof(char)*(strlen(tmpstr1)+3));
data/mapserver-7.6.1/mapogcsld.c:518:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (map == NULL || psSLDXML == NULL || strlen(psSLDXML) <= 0 ||
data/mapserver-7.6.1/mapogcsld.c:1310:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(psRoot->pszValue) == 7 && psRoot->pszValue[0] == '#')
data/mapserver-7.6.1/mapogcsld.c:1319:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(psRoot->pszValue) == 7 && psRoot->pszValue[0] == '#')
data/mapserver-7.6.1/mapogcsld.c:1341:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(psRoot->pszValue) == 7 && psRoot->pszValue[0] == '#')
data/mapserver-7.6.1/mapogcsld.c:1350:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(psRoot->pszValue) == 7 && psRoot->pszValue[0] == '#')
data/mapserver-7.6.1/mapogcsld.c:2290:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sep = baseurl + strlen(baseurl);
data/mapserver-7.6.1/mapogcsld.c:2601:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszPreviousColor) == 7 &&
data/mapserver-7.6.1/mapogcsld.c:2603:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszColor) == 7 && pszColor[0] == '#') {
data/mapserver-7.6.1/mapogcsld.c:2687:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszColor) == 7 && pszColor[0] == '#') {
data/mapserver-7.6.1/mapogcsld.c:2772:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszTmp && strlen(pszTmp) == 7 && pszTmp[0] == '#') {
data/mapserver-7.6.1/mapogcsld.c:3227:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psHexColor && psColor && strlen(psHexColor)== 7 &&
data/mapserver-7.6.1/mapogcsld.c:3517:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(psSymbol->imagepath);
data/mapserver-7.6.1/mapogcsld.c:3523:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFormat) > 0 &&
data/mapserver-7.6.1/mapogcsld.c:3994:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(psLayer->labelitem) > 0 && psClass->numlabels > 0) {
data/mapserver-7.6.1/mapogcsld.c:4501:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszExpression || (nLength = strlen(pszExpression)) <=0)
data/mapserver-7.6.1/mapogcsld.c:4627:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszExpression || !pszComparionValue || strlen(pszExpression) <=0)
data/mapserver-7.6.1/mapogcsld.c:4702:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszExpression);
data/mapserver-7.6.1/mapogcsld.c:4724:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszExpression);
data/mapserver-7.6.1/mapogcsld.c:4761:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszAttributeName);
data/mapserver-7.6.1/mapogcsld.c:4790:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszAttributeValue);
data/mapserver-7.6.1/mapogcsld.c:4823:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFinalAttributeValue) > 2 && strcasecmp(pszComparionValue, "PropertyIsLike") == 0) {
data/mapserver-7.6.1/mapogcsld.c:4824:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(pszFinalAttributeValue);
data/mapserver-7.6.1/mapogcsld.c:4883:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszExpression || (nLength = strlen(pszExpression)) <=0)
data/mapserver-7.6.1/mapogcsld.c:5062:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszExpression || strlen(pszExpression) <=0)
data/mapserver-7.6.1/mapogcsld.c:5113:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszExpression);
data/mapserver-7.6.1/mapogcsld.c:5127:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(szAttribute);
data/mapserver-7.6.1/mapogcsld.c:5146:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(szValue);
data/mapserver-7.6.1/mapogcsld.c:5164:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFinalAtt) > 0 && strlen(szFinalValue) >0) {
data/mapserver-7.6.1/mapogcsld.c:5164:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFinalAtt) > 0 && strlen(szFinalValue) >0) {
data/mapserver-7.6.1/mapogcsld.c:5212:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszRegex || strlen(pszRegex) == 0)
data/mapserver-7.6.1/mapogcsld.c:5216:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszRegex);
data/mapserver-7.6.1/mapogcsos.c:693:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sShape.values[i] && strlen(sShape.values[i]) > 0) {
data/mapserver-7.6.1/mapogcsos.c:1449:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value && strlen(value) > 0) {
data/mapserver-7.6.1/mapogcsos.c:1941:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->filter.string && strlen(lp->filter.string) > 0)
data/mapserver-7.6.1/mapogcsos.c:2135:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(tokens[k], "EPSG:", strlen("EPSG:")) == 0 &&
data/mapserver-7.6.1/mapogcsos.c:2143:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(srsbuffer, sizeof(srsbuffer), "+init=epsg:%.20s", sosparams->pszSrsName+strlen("EPSG:"));
data/mapserver-7.6.1/mapogcsos.c:2551:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszId && strlen(pszId) > 0) {
data/mapserver-7.6.1/mapogcsos.c:2558:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tokens[k] && strlen(tokens[k]) > 0) {
data/mapserver-7.6.1/mapogcsos.c:2579:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpstr = (char *)malloc(sizeof(char)*strlen("procedure") + 3);
data/mapserver-7.6.1/mapogcsos.c:2637:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpstr = (char *)malloc(sizeof(char)*strlen("procedure") + 3);
data/mapserver-7.6.1/mapoglrenderer.cpp:181:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(string);
data/mapserver-7.6.1/mapogr.cpp:983:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszProj == NULL || strlen(pszProj) == 0) {
data/mapserver-7.6.1/mapogr.cpp:1195:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(CPLGetLastErrorMsg()) == 0 )
data/mapserver-7.6.1/mapogr.cpp:1226:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(CPLGetLastErrorMsg()) == 0 )
data/mapserver-7.6.1/mapogr.cpp:1419:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* pszBeginningOfTable = from + strlen(" FROM ");
data/mapserver-7.6.1/mapogr.cpp:1727:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* pszEscapedOGRStr = CPLEscapeString(pszString, strlen(pszString),
data/mapserver-7.6.1/mapogr.cpp:1788:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(stresc)+3;
data/mapserver-7.6.1/mapogr.cpp:1815:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(wkt)+strlen(stresc)+35;
data/mapserver-7.6.1/mapogr.cpp:1815:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(wkt)+strlen(stresc)+35;
data/mapserver-7.6.1/mapogr.cpp:1893:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
regex[strlen(regex) - 1] = '\0';
data/mapserver-7.6.1/mapogr.cpp:1900:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *re = (char *) msSmallMalloc(strlen(regex)+3);
data/mapserver-7.6.1/mapogr.cpp:1903:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (i < strlen(regex)) {
data/mapserver-7.6.1/mapogr.cpp:1928:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = 1 + strlen(op)+ 1 + strlen(re) + 1;
data/mapserver-7.6.1/mapogr.cpp:1928:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = 1 + strlen(op)+ 1 + strlen(re) + 1;
data/mapserver-7.6.1/mapogr.cpp:1973:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(stresc)+ + 30;
data/mapserver-7.6.1/mapogr.cpp:2002:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(stresc)+ 20;
data/mapserver-7.6.1/mapogr.cpp:2026:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(stresc) + 30;
data/mapserver-7.6.1/mapogr.cpp:2049:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(stresc)+ 10;
data/mapserver-7.6.1/mapogr.cpp:2057:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOutSize = strlen(stresc)+ 10;
data/mapserver-7.6.1/mapogr.cpp:2688:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_width) > 0
data/mapserver-7.6.1/mapogr.cpp:2693:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_precision) > 0
data/mapserver-7.6.1/mapogr.cpp:4970:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(papszTokens[i]) > 2 &&
data/mapserver-7.6.1/mapogr.cpp:4971:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(papszTokens[i] + strlen(papszTokens[i]) - 2, "px") == 0 )
data/mapserver-7.6.1/mapogr.cpp:5326:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(layer && pszString && strlen(pszString) > 0) {
data/mapserver-7.6.1/mapogr.cpp:5327:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszEscapedStr = (char*) msSmallMalloc( strlen(pszString) * 2 + 1 );
data/mapserver-7.6.1/mapogroutput.cpp:588:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strncmp(file, "http://", strlen("http://")) == 0 ||
data/mapserver-7.6.1/mapogroutput.cpp:589:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(file, "https://", strlen("https://")) == 0 )
data/mapserver-7.6.1/mapogroutput.cpp:600:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nLen = (int)strlen(file);
data/mapserver-7.6.1/mapogroutput.cpp:719:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( pszNativeData[strlen(pszNativeData)-1] == '}' )
data/mapserver-7.6.1/mapogroutput.cpp:723:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(pszNativeData) > 2 )
data/mapserver-7.6.1/mapogroutput.cpp:779:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(base_dir) > 0)
data/mapserver-7.6.1/mapogroutput.cpp:784:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( request_dir[strlen(request_dir)-1] == '.' )
data/mapserver-7.6.1/mapogroutput.cpp:785:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
request_dir[strlen(request_dir)-1] = '\0';
data/mapserver-7.6.1/mapogroutput.cpp:1206:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( datasource_path, CPLGetPath( datasource_name ), MS_MAXPATHLEN-1 );
data/mapserver-7.6.1/maporaclespatial.c:57:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define SDO_GEOMETRY_LEN strlen( SDO_GEOMETRY )
data/mapserver-7.6.1/maporaclespatial.c:274:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY( hand, OCIDescribeAny(hand->svchp, hand->errhp, (text *)typename, (ub4)strlen((char *)typename), OCI_OTYPE_NAME, (ub1)1, (ub1)OCI_PTYPE_TYPE, dthand->dschp))
data/mapserver-7.6.1/maporaclespatial.c:312:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(connection)+1;
data/mapserver-7.6.1/maporaclespatial.c:366:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(data)+1;
data/mapserver-7.6.1/maporaclespatial.c:575:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY(hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (const OraText*)cmd, (ub4) strlen(cmd), (ub4) OCI_NTV_SYNTAX, (ub4) OCI_DEFAULT));
data/mapserver-7.6.1/maporaclespatial.c:579:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY(hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (const OraText*)cmd, (ub4) strlen(cmd), (ub4) OCI_NTV_SYNTAX, (ub4) OCI_DEFAULT));
data/mapserver-7.6.1/maporaclespatial.c:583:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY(hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (const OraText*)cmd, (ub4) strlen(cmd), (ub4) OCI_NTV_SYNTAX, (ub4) OCI_DEFAULT));
data/mapserver-7.6.1/maporaclespatial.c:587:95: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY(hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (const OraText*)cmd, (ub4) strlen(cmd), (ub4) OCI_NTV_SYNTAX, (ub4) OCI_DEFAULT));
data/mapserver-7.6.1/maporaclespatial.c:668:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OCILogon( hand->envhp, hand->errhp, &hand->svchp, (text *)username, strlen(username), (text *)password, strlen(password), (text *)dblink, strlen(dblink) ) );
data/mapserver-7.6.1/maporaclespatial.c:668:125: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OCILogon( hand->envhp, hand->errhp, &hand->svchp, (text *)username, strlen(username), (text *)password, strlen(password), (text *)dblink, strlen(dblink) ) );
data/mapserver-7.6.1/maporaclespatial.c:668:159: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OCILogon( hand->envhp, hand->errhp, &hand->svchp, (text *)username, strlen(username), (text *)password, strlen(password), (text *)dblink, strlen(dblink) ) );
data/mapserver-7.6.1/maporaclespatial.c:725:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:725:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:735:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:735:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:745:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:745:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:758:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:758:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:775:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:775:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:787:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:787:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:794:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:794:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:805:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:805:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:818:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:818:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), size-strlen(query_str),
data/mapserver-7.6.1/maporaclespatial.c:1030:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (query_str + strlen(query_str), size-strlen(query_str), " %s ", layer->filter.native_string);
data/mapserver-7.6.1/maporaclespatial.c:1030:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (query_str + strlen(query_str), size-strlen(query_str), " %s ", layer->filter.native_string);
data/mapserver-7.6.1/maporaclespatial.c:1034:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (query_str + strlen(query_str), size-strlen(query_str), " AND ");
data/mapserver-7.6.1/maporaclespatial.c:1034:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (query_str + strlen(query_str), size-strlen(query_str), " AND ");
data/mapserver-7.6.1/maporaclespatial.c:1049:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(query_str + strlen(query_str) , size-strlen(query_str), " %s ", native_filter);
data/mapserver-7.6.1/maporaclespatial.c:1049:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(query_str + strlen(query_str) , size-strlen(query_str), " %s ", native_filter);
data/mapserver-7.6.1/maporaclespatial.c:1066:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s,", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:1066:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s,", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:1068:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s FROM %s", geom_column_name, table_name);
data/mapserver-7.6.1/maporaclespatial.c:1068:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s FROM %s", geom_column_name, table_name);
data/mapserver-7.6.1/maporaclespatial.c:1085:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s,", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:1085:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s,", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:1087:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s FROM %s", geom_column_name, table_name);
data/mapserver-7.6.1/maporaclespatial.c:1087:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str2 + strlen(query_str2), sizeof(query_str2)-strlen(query_str2), " %s FROM %s", geom_column_name, table_name);
data/mapserver-7.6.1/maporaclespatial.c:2022:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "\"%s\", ", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:2022:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "\"%s\", ", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:2027:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s,", unique);
data/mapserver-7.6.1/maporaclespatial.c:2027:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s,", unique);
data/mapserver-7.6.1/maporaclespatial.c:2030:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s, ", "rownum");
data/mapserver-7.6.1/maporaclespatial.c:2030:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s, ", "rownum");
data/mapserver-7.6.1/maporaclespatial.c:2033:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s FROM %s", geom_column_name, table_name );
data/mapserver-7.6.1/maporaclespatial.c:2033:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s FROM %s", geom_column_name, table_name );
data/mapserver-7.6.1/maporaclespatial.c:2039:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s"," WHERE ");
data/mapserver-7.6.1/maporaclespatial.c:2039:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s"," WHERE ");
data/mapserver-7.6.1/maporaclespatial.c:2041:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s"," AND ");
data/mapserver-7.6.1/maporaclespatial.c:2041:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), "%s"," AND ");
data/mapserver-7.6.1/maporaclespatial.c:2042:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " ROWNUM<=%d ", layer->maxfeatures);
data/mapserver-7.6.1/maporaclespatial.c:2042:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " ROWNUM<=%d ", layer->maxfeatures);
data/mapserver-7.6.1/maporaclespatial.c:2044:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " AND ");
data/mapserver-7.6.1/maporaclespatial.c:2044:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf (query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " AND ");
data/mapserver-7.6.1/maporaclespatial.c:2055:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " ORDER BY %s ", tmp1_str );
data/mapserver-7.6.1/maporaclespatial.c:2055:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " ORDER BY %s ", tmp1_str );
data/mapserver-7.6.1/maporaclespatial.c:2093:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY( hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (text *)query_str, (ub4)strlen(query_str), (ub4)OCI_NTV_SYNTAX, (ub4)OCI_DEFAULT) );
data/mapserver-7.6.1/maporaclespatial.c:2129:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OCIBindByName( sthand->stmthp, &bnd2p, hand->errhp, (text *) ":srid", strlen(":srid"),(ub1 *) srid, strlen(srid)+1, SQLT_STR,
data/mapserver-7.6.1/maporaclespatial.c:2129:122: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
OCIBindByName( sthand->stmthp, &bnd2p, hand->errhp, (text *) ":srid", strlen(":srid"),(ub1 *) srid, strlen(srid)+1, SQLT_STR,
data/mapserver-7.6.1/maporaclespatial.c:2142:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bind_tag = (char*)malloc(sizeof(char) * strlen(bind_key) + 2);
data/mapserver-7.6.1/maporaclespatial.c:2145:109: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = success && TRY(hand, OCIBindByName( sthand->stmthp, &bnd2p, hand->errhp, (text *)bind_tag, strlen(bind_tag),(ub1 *) bind_value, strlen(bind_value)+1, SQLT_STR,
data/mapserver-7.6.1/maporaclespatial.c:2145:147: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = success && TRY(hand, OCIBindByName( sthand->stmthp, &bnd2p, hand->errhp, (text *)bind_tag, strlen(bind_tag),(ub1 *) bind_value, strlen(bind_value)+1, SQLT_STR,
data/mapserver-7.6.1/maporaclespatial.c:2287:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape->values[i] = (char *)malloc(strlen((char *)sthand->items[i][ sthand->row ])+1);
data/mapserver-7.6.1/maporaclespatial.c:2293:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape->values[i][strlen((char *)sthand->items[i][ sthand->row ])] = '\0';
data/mapserver-7.6.1/maporaclespatial.c:2408:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape->values[i] = (char *)malloc(strlen((char *)sthand->items[i][ sthand->row ])+1);
data/mapserver-7.6.1/maporaclespatial.c:2414:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape->values[i][strlen((char *)sthand->items[i][ sthand->row ])] = '\0';
data/mapserver-7.6.1/maporaclespatial.c:2531:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " %s,", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:2531:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " %s,", layer->items[i] );
data/mapserver-7.6.1/maporaclespatial.c:2533:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " %s FROM %s WHERE %s = %ld", geom_column_name, table_name, unique, shapeindex);
data/mapserver-7.6.1/maporaclespatial.c:2533:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( query_str + strlen(query_str), sizeof(query_str)-strlen(query_str), " %s FROM %s WHERE %s = %ld", geom_column_name, table_name, unique, shapeindex);
data/mapserver-7.6.1/maporaclespatial.c:2544:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY( hand,OCIStmtPrepare( sthand->stmthp, hand->errhp, (text *)query_str, (ub4)strlen(query_str), (ub4)OCI_NTV_SYNTAX, (ub4)OCI_DEFAULT) );
data/mapserver-7.6.1/maporaclespatial.c:2650:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape->values[i] = (char *)malloc(strlen((char *)sthand->items_query[sthand->row][i])+1);
data/mapserver-7.6.1/maporaclespatial.c:2671:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape->values[i][strlen((char *)sthand->items_query[sthand->row][i])] = '\0';
data/mapserver-7.6.1/maporaclespatial.c:2811:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY( hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (text *)query_str, (ub4)strlen(query_str), (ub4)OCI_NTV_SYNTAX, (ub4)OCI_DEFAULT ) )
data/mapserver-7.6.1/maporaclespatial.c:2812:103: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& TRY( hand, OCIBindByName( sthand->stmthp, &bnd2p, hand->errhp, (text *) ":table_name", strlen(":table_name"), (ub1*) table_name, strlen(table_name)+1, SQLT_STR, (dvoid *) 0, (ub2 *) 0, (ub2) 0, (ub4) 0, (ub4 *) 0, OCI_DEFAULT ) )
data/mapserver-7.6.1/maporaclespatial.c:2812:145: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& TRY( hand, OCIBindByName( sthand->stmthp, &bnd2p, hand->errhp, (text *) ":table_name", strlen(":table_name"), (ub1*) table_name, strlen(table_name)+1, SQLT_STR, (dvoid *) 0, (ub2 *) 0, (ub2) 0, (ub4) 0, (ub4 *) 0, OCI_DEFAULT ) )
data/mapserver-7.6.1/maporaclespatial.c:2813:105: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& TRY( hand, OCIBindByName( sthand->stmthp, &bnd1p, hand->errhp, (text *) ":geo_col_name", strlen(":geo_col_name"), (ub1*) geom_column_name, strlen(geom_column_name)+1, SQLT_STR, (dvoid *) 0, (ub2 *) 0, (ub2) 0, (ub4) 0, (ub4 *) 0, OCI_DEFAULT ) )
data/mapserver-7.6.1/maporaclespatial.c:2813:155: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& TRY( hand, OCIBindByName( sthand->stmthp, &bnd1p, hand->errhp, (text *) ":geo_col_name", strlen(":geo_col_name"), (ub1*) geom_column_name, strlen(geom_column_name)+1, SQLT_STR, (dvoid *) 0, (ub2 *) 0, (ub2) 0, (ub4) 0, (ub4 *) 0, OCI_DEFAULT ) )
data/mapserver-7.6.1/maporaclespatial.c:2959:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_width) > 0
data/mapserver-7.6.1/maporaclespatial.c:2964:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_precision) > 0
data/mapserver-7.6.1/maporaclespatial.c:3028:94: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY( hand, OCIStmtPrepare( sthand->stmthp, hand->errhp, (text *)query_str, (ub4)strlen(query_str), (ub4)OCI_NTV_SYNTAX, (ub4)OCI_DESCRIBE_ONLY) )
data/mapserver-7.6.1/maporaclespatial.c:3126:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( rzt, "" );
data/mapserver-7.6.1/maporaclespatial.c:3237:92: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = TRY( hand,OCIStmtPrepare( sthand->stmthp, hand->errhp, (text *)query_str, (ub4)strlen(query_str), (ub4)OCI_NTV_SYNTAX, (ub4)OCI_DEFAULT) );
data/mapserver-7.6.1/maporaclespatial.c:3336:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape.values[i] = (char *)malloc(strlen((char *)sthand->items_query[sthand->row][i])+1);
data/mapserver-7.6.1/maporaclespatial.c:3353:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
shape.values[i][strlen((char *)sthand->items_query[sthand->row][i])] = '\0';
data/mapserver-7.6.1/maporaclespatial.c:3432:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (layer && pszString && strlen(pszString) > 0) {
data/mapserver-7.6.1/maporaclespatial.c:3433:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nLength = strlen(pszString);
data/mapserver-7.6.1/maporaclespatial.c:3541:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/maporaclespatial.c:3541:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/maporaclespatial.c:3554:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/maporaclespatial.c:3554:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(filter->string));
data/mapserver-7.6.1/maporaclespatial.c:3601:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + 16);
data/mapserver-7.6.1/maporaclespatial.c:3621:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(node->tokenval.strval));
data/mapserver-7.6.1/maporaclespatial.c:3621:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(node->tokenval.strval));
data/mapserver-7.6.1/maporaclespatial.c:3699:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(node->tokenval.strval));
data/mapserver-7.6.1/maporaclespatial.c:3699:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(node->tokenval.strval));
data/mapserver-7.6.1/maporaclespatial.c:3712:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + 16);
data/mapserver-7.6.1/mapoutput.c:598:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( map == NULL || imagetype == NULL || strlen(imagetype) == 0 )
data/mapserver-7.6.1/mapoutput.c:770:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(optionkey);
data/mapserver-7.6.1/mapoutput.c:798:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newline = (char *) malloc(strlen(key)+strlen(value)+2);
data/mapserver-7.6.1/mapoutput.c:798:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newline = (char *) malloc(strlen(key)+strlen(value)+2);
data/mapserver-7.6.1/mapoutput.c:809:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(key);
data/mapserver-7.6.1/mapoutput.c:881:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( format_list && strlen(format_list) > 0)
data/mapserver-7.6.1/mapoutput.c:928:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( format_list && strlen(format_list) > 0)
data/mapserver-7.6.1/mapows.c:115:99: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& request->contenttype && strncmp(request->contenttype, "application/x-www-form-urlencoded", strlen("application/x-www-form-urlencoded")) == 0)) {
data/mapserver-7.6.1/mapows.c:145:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!request->postrequest || !strlen(request->postrequest)) {
data/mapserver-7.6.1/mapows.c:159:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(request->postrequest));
data/mapserver-7.6.1/mapows.c:767:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ptr);
data/mapserver-7.6.1/mapows.c:896:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bufferSize = strlen(name)+strlen(validated_language)+2;
data/mapserver-7.6.1/mapows.c:896:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t bufferSize = strlen(name)+strlen(validated_language)+2;
data/mapserver-7.6.1/mapows.c:1006:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newname = (char*)malloc((strlen(lp->name)+5)*sizeof(char));
data/mapserver-7.6.1/mapows.c:1097:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(src_url)+2;
data/mapserver-7.6.1/mapows.c:1112:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = online_resource+strlen(online_resource)-1;
data/mapserver-7.6.1/mapows.c:1114:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlcpy(c+1, "&", buffer_size-strlen(online_resource));
data/mapserver-7.6.1/mapows.c:1169:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
online_resource = (char *)msSmallRealloc(online_resource, strlen(online_resource) + strlen(validated_language) + 11);
data/mapserver-7.6.1/mapows.c:1169:89: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
online_resource = (char *)msSmallRealloc(online_resource, strlen(online_resource) + strlen(validated_language) + 11);
data/mapserver-7.6.1/mapows.c:1172:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(online_resource, "&");
data/mapserver-7.6.1/mapows.c:1262:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (languages && strlen(languages) > 0) {
data/mapserver-7.6.1/mapows.c:1460:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default_language = msSmallRealloc(default_language,strlen(default_language)+strlen("_exclude")+1);
data/mapserver-7.6.1/mapows.c:1460:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default_language = msSmallRealloc(default_language,strlen(default_language)+strlen("_exclude")+1);
data/mapserver-7.6.1/mapows.c:1743:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(name)+10;
data/mapserver-7.6.1/mapows.c:1752:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(type_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1752:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(type_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1765:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(width_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1765:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(width_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1778:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(height_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1778:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(height_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1791:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(urlfrmt_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1791:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(urlfrmt_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1804:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(href_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1804:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(href_format)+strlen(encoded)+1;
data/mapserver-7.6.1/mapows.c:1826:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(type_format) + strlen(default_type) + 2;
data/mapserver-7.6.1/mapows.c:1826:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(type_format) + strlen(default_type) + 2;
data/mapserver-7.6.1/mapows.c:1832:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(width_format) + strlen(default_width) + 2;
data/mapserver-7.6.1/mapows.c:1832:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(width_format) + strlen(default_width) + 2;
data/mapserver-7.6.1/mapows.c:1838:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(height_format) + strlen(default_height) + 2;
data/mapserver-7.6.1/mapows.c:1838:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(height_format) + strlen(default_height) + 2;
data/mapserver-7.6.1/mapows.c:1844:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(urlfrmt_format) + strlen(default_urlfrmt) + 2;
data/mapserver-7.6.1/mapows.c:1844:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(urlfrmt_format) + strlen(default_urlfrmt) + 2;
data/mapserver-7.6.1/mapows.c:1850:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(href_format) + strlen(default_href) + 2;
data/mapserver-7.6.1/mapows.c:1850:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size_tmp = strlen(href_format) + strlen(default_href) + 2;
data/mapserver-7.6.1/mapows.c:1890:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(value && strlen(value) > 0) {
data/mapserver-7.6.1/mapows.c:1916:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(value && strlen(value) > 0) {
data/mapserver-7.6.1/mapows.c:1969:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncasecmp(keywords[kw],default_value,strlen(keywords[kw])) == 0
data/mapserver-7.6.1/mapows.c:1970:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncasecmp("_exclude",default_value+strlen(default_value)-8,8) == 0)
data/mapserver-7.6.1/mapows.c:2009:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default_value_len = strlen(default_value);
data/mapserver-7.6.1/mapows.c:2022:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncasecmp(keywords[kw],default_value,strlen(keywords[kw])) == 0
data/mapserver-7.6.1/mapows.c:2053:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(value && strlen(value) > 0)
data/mapserver-7.6.1/mapows.c:2491:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBufLen = strlen(pszURL) + strlen(pszExt) +2;
data/mapserver-7.6.1/mapows.c:2491:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBufLen = strlen(pszURL) + strlen(pszExt) +2;
data/mapserver-7.6.1/mapows.c:2493:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBufLen += (strlen(pszPath)+1);
data/mapserver-7.6.1/mapows.c:2504:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszPath[strlen(pszPath) -1] != '/' &&
data/mapserver-7.6.1/mapows.c:2505:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszPath[strlen(pszPath) -1] != '\\')
data/mapserver-7.6.1/mapows.c:2510:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszPath[strlen(pszPath) -1] != '/')
data/mapserver-7.6.1/mapows.c:2517:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszPtr = pszBuf + strlen(pszBuf);
data/mapserver-7.6.1/mapows.c:2563:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*epsgCode = msSmallMalloc((strlen("EPSG:")+strlen(value+10)+1)*sizeof(char));
data/mapserver-7.6.1/mapows.c:2563:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*epsgCode = msSmallMalloc((strlen("EPSG:")+strlen(value+10)+1)*sizeof(char));
data/mapserver-7.6.1/mapows.c:2567:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*epsgCode = msSmallMalloc((strlen("CRS:")+strlen(value+9)+1)*sizeof(char));
data/mapserver-7.6.1/mapows.c:2567:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*epsgCode = msSmallMalloc((strlen("CRS:")+strlen(value+9)+1)*sizeof(char));
data/mapserver-7.6.1/mapows.c:2615:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(urn) > 0 ) {
data/mapserver-7.6.1/mapows.c:2616:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(result)+strlen(urn)+2;
data/mapserver-7.6.1/mapows.c:2616:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(result)+strlen(urn)+2;
data/mapserver-7.6.1/mapows.c:2619:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(result) > 0 )
data/mapserver-7.6.1/mapows.c:2630:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(result) == 0 ) {
data/mapserver-7.6.1/mapows.c:2674:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(urn) > 0 ) {
data/mapserver-7.6.1/mapows.c:2675:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *) realloc(result,strlen(result)+strlen(urn)+2);
data/mapserver-7.6.1/mapows.c:2675:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char *) realloc(result,strlen(result)+strlen(urn)+2);
data/mapserver-7.6.1/mapows.c:2677:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(result) > 0 )
data/mapserver-7.6.1/mapows.c:2678:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( result, " " );
data/mapserver-7.6.1/mapows.c:2688:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(result) == 0 ) {
data/mapserver-7.6.1/mapows.c:2721:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(pszDimension)+50;
data/mapserver-7.6.1/mapowscommon.c:645:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(xml_schema) > strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION) &&
data/mapserver-7.6.1/mapowscommon.c:645:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(xml_schema) > strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION) &&
data/mapserver-7.6.1/mapowscommon.c:646:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcmp(xml_schema + strlen(xml_schema) -
data/mapserver-7.6.1/mapowscommon.c:647:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION), MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION) == 0 )
data/mapserver-7.6.1/mapowscommon.c:652:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(szBaseLocation, xml_schema, strlen(xml_schema) - strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION));
data/mapserver-7.6.1/mapowscommon.c:652:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(szBaseLocation, xml_schema, strlen(xml_schema) - strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION));
data/mapserver-7.6.1/mapowscommon.c:652:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(szBaseLocation, xml_schema, strlen(xml_schema) - strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION));
data/mapserver-7.6.1/mapowscommon.c:653:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szBaseLocation[strlen(xml_schema) - strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION)] = '\0';
data/mapserver-7.6.1/mapowscommon.c:653:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szBaseLocation[strlen(xml_schema) - strlen(MS_OWSCOMMON_WFS_20_SCHEMA_LOCATION)] = '\0';
data/mapserver-7.6.1/mapowscommon.c:658:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:664:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:671:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:679:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:685:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(szInMemSchema + strlen(szInMemSchema),
data/mapserver-7.6.1/mapowscommon.c:694:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ctxt = xmlSchemaNewMemParserCtxt(szInMemSchema, strlen(szInMemSchema));
data/mapserver-7.6.1/mapparser.c:1048:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/mapserver-7.6.1/mapparser.c:2430:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ (yyval.dblval) = strlen((yyvsp[-1].strval)); }
data/mapserver-7.6.1/mapparser.c:2625:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval.strval) = (char *)malloc(strlen((yyvsp[-2].strval)) + strlen((yyvsp[0].strval)) + 1);
data/mapserver-7.6.1/mapparser.c:2625:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval.strval) = (char *)malloc(strlen((yyvsp[-2].strval)) + strlen((yyvsp[0].strval)) + 1);
data/mapserver-7.6.1/mapparser.c:2634:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(yyval.strval) = (char *) malloc(strlen((yyvsp[-1].strval)) + 64); /* Plenty big? Should use snprintf below... */
data/mapserver-7.6.1/mappostgis.c:1033:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(strVersion);
data/mapserver-7.6.1/mappostgis.c:1173:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(layerinfo->fromsource) + strlen(v72sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1173:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(layerinfo->fromsource) + strlen(v72sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1182:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(layerinfo->fromsource) - strlen(pos_sep) + 1;
data/mapserver-7.6.1/mappostgis.c:1182:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(layerinfo->fromsource) - strlen(pos_sep) + 1;
data/mapserver-7.6.1/mappostgis.c:1186:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(pos_sep) + 1;
data/mapserver-7.6.1/mappostgis.c:1201:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(schema) + strlen(table) + strlen(v73sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1201:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(schema) + strlen(table) + strlen(v73sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1201:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(schema) + strlen(table) + strlen(v73sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1205:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(layerinfo->fromsource) + strlen(v73sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1205:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = msSmallMalloc(strlen(layerinfo->fromsource) + strlen(v73sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1230:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size2 = sizeof(char)*(strlen(tmp1) + strlen(sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1230:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size2 = sizeof(char)*(strlen(tmp1) + strlen(sql) + 1);
data/mapserver-7.6.1/mappostgis.c:1302:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsize = strlen ( layer->data ) + 1;
data/mapserver-7.6.1/mappostgis.c:1388:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = pos_uid + strlen(pos_uid);
data/mapserver-7.6.1/mappostgis.c:1430:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos_opt = data + strlen(data);
data/mapserver-7.6.1/mappostgis.c:1471:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(layerinfo->fromsource) < 1 || strlen(layerinfo->geomcolumn) < 1) {
data/mapserver-7.6.1/mappostgis.c:1471:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(layerinfo->fromsource) < 1 || strlen(layerinfo->geomcolumn) < 1) {
data/mapserver-7.6.1/mappostgis.c:1677:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = 10 * 22 + strlen(strSRID) + strlen(strBoxTemplate);
data/mapserver-7.6.1/mappostgis.c:1677:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = 10 * 22 + strlen(strSRID) + strlen(strBoxTemplate);
data/mapserver-7.6.1/mappostgis.c:1692:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sz = 10 * 22 + strlen(strBoxTemplate);
data/mapserver-7.6.1/mappostgis.c:1779:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strGeom = (char*)msSmallMalloc(strlen(strGeomTemplate) + strlen(force2d) + strlen(strEndian) + strlen(layerinfo->geomcolumn) + strlen(layerinfo->uid) + 1);
data/mapserver-7.6.1/mappostgis.c:1779:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strGeom = (char*)msSmallMalloc(strlen(strGeomTemplate) + strlen(force2d) + strlen(strEndian) + strlen(layerinfo->geomcolumn) + strlen(layerinfo->uid) + 1);
data/mapserver-7.6.1/mappostgis.c:1779:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strGeom = (char*)msSmallMalloc(strlen(strGeomTemplate) + strlen(force2d) + strlen(strEndian) + strlen(layerinfo->geomcolumn) + strlen(layerinfo->uid) + 1);
data/mapserver-7.6.1/mappostgis.c:1779:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strGeom = (char*)msSmallMalloc(strlen(strGeomTemplate) + strlen(force2d) + strlen(strEndian) + strlen(layerinfo->geomcolumn) + strlen(layerinfo->uid) + 1);
data/mapserver-7.6.1/mappostgis.c:1779:132: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strGeom = (char*)msSmallMalloc(strlen(strGeomTemplate) + strlen(force2d) + strlen(strEndian) + strlen(layerinfo->geomcolumn) + strlen(layerinfo->uid) + 1);
data/mapserver-7.6.1/mappostgis.c:1797:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int length = strlen(strGeom) + 2;
data/mapserver-7.6.1/mappostgis.c:1800:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(layer->items[t]) + 3; /* itemname + "", */
data/mapserver-7.6.1/mappostgis.c:1881:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( layerinfo->srid && (strlen(layerinfo->srid) > 0) ) {
data/mapserver-7.6.1/mappostgis.c:1902:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSRID = msSmallMalloc(strlen(strSRIDTemplate) + strlen(f_table_name) + strlen(layerinfo->geomcolumn) + 1);
data/mapserver-7.6.1/mappostgis.c:1902:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSRID = msSmallMalloc(strlen(strSRIDTemplate) + strlen(f_table_name) + strlen(layerinfo->geomcolumn) + 1);
data/mapserver-7.6.1/mappostgis.c:1902:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSRID = msSmallMalloc(strlen(strSRIDTemplate) + strlen(f_table_name) + strlen(layerinfo->geomcolumn) + 1);
data/mapserver-7.6.1/mappostgis.c:1947:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = (start - fromsource) + strlen(strBox) + strlen(end) +1;
data/mapserver-7.6.1/mappostgis.c:1947:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = (start - fromsource) + strlen(strBox) + strlen(end) +1;
data/mapserver-7.6.1/mappostgis.c:2040:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strLimit = msSmallMalloc(strlen(strLimitTemplate) + 12);
data/mapserver-7.6.1/mappostgis.c:2042:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strLimitLength = strlen(strLimit);
data/mapserver-7.6.1/mappostgis.c:2048:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strOffset = msSmallMalloc(strlen(strOffsetTemplate) + 12);
data/mapserver-7.6.1/mappostgis.c:2050:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strOffsetLength = strlen(strOffset);
data/mapserver-7.6.1/mappostgis.c:2071:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strBoxLength = strlen(strBox);
data/mapserver-7.6.1/mappostgis.c:2079:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRect = (char*)msSmallMalloc(strlen(strRectTemplate) + strBoxLength + strlen(layerinfo->geomcolumn) +1 );
data/mapserver-7.6.1/mappostgis.c:2079:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRect = (char*)msSmallMalloc(strlen(strRectTemplate) + strBoxLength + strlen(layerinfo->geomcolumn) +1 );
data/mapserver-7.6.1/mappostgis.c:2081:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectLength = strlen(strRect);
data/mapserver-7.6.1/mappostgis.c:2097:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strBoxLength = strlen(strBox);
data/mapserver-7.6.1/mappostgis.c:2105:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectOtherSRID = (char*)msSmallMalloc(strlen(strRectOtherSRIDTemplate) + strBoxLength + strlen(layerinfo->geomcolumn) +1 );
data/mapserver-7.6.1/mappostgis.c:2105:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectOtherSRID = (char*)msSmallMalloc(strlen(strRectOtherSRIDTemplate) + strBoxLength + strlen(layerinfo->geomcolumn) +1 );
data/mapserver-7.6.1/mappostgis.c:2118:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectLength = strlen(strRect);
data/mapserver-7.6.1/mappostgis.c:2136:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strBoxLength = strlen(strBox);
data/mapserver-7.6.1/mappostgis.c:2144:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectOtherSRID = (char*)msSmallMalloc(strlen(strRectOtherSRIDTemplate) + strBoxLength + strlen(layerinfo->geomcolumn) +1 );
data/mapserver-7.6.1/mappostgis.c:2144:97: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectOtherSRID = (char*)msSmallMalloc(strlen(strRectOtherSRIDTemplate) + strBoxLength + strlen(layerinfo->geomcolumn) +1 );
data/mapserver-7.6.1/mappostgis.c:2157:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strRectLength = strlen(strRect);
data/mapserver-7.6.1/mappostgis.c:2164:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter1 = (char *) msSmallMalloc(strlen(strFilterTemplate) + strlen(layer->filter.native_string)+1);
data/mapserver-7.6.1/mappostgis.c:2164:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter1 = (char *) msSmallMalloc(strlen(strFilterTemplate) + strlen(layer->filter.native_string)+1);
data/mapserver-7.6.1/mappostgis.c:2166:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilterLength1 = strlen(strFilter1);
data/mapserver-7.6.1/mappostgis.c:2173:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter2 = (char *) msSmallMalloc(strlen(strFilterTemplate) + strlen(native_filter)+1);
data/mapserver-7.6.1/mappostgis.c:2173:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter2 = (char *) msSmallMalloc(strlen(strFilterTemplate) + strlen(native_filter)+1);
data/mapserver-7.6.1/mappostgis.c:2175:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilterLength2 = strlen(strFilter2);
data/mapserver-7.6.1/mappostgis.c:2181:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strUid = (char*)msSmallMalloc(strlen(strUidTemplate) + strlen(layerinfo->uid) + 64);
data/mapserver-7.6.1/mappostgis.c:2181:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strUid = (char*)msSmallMalloc(strlen(strUidTemplate) + strlen(layerinfo->uid) + 64);
data/mapserver-7.6.1/mappostgis.c:2183:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strUidLength = strlen(strUid);
data/mapserver-7.6.1/mappostgis.c:2192:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strOrderByLength = strlen(strOrderBy);
data/mapserver-7.6.1/mappostgis.c:2304:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSQLTemplate = strlen(strWhere) ? strSQLTemplate0 : strSQLTemplate1;
data/mapserver-7.6.1/mappostgis.c:2306:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSQL = msSmallMalloc(strlen(strSQLTemplate) + strlen(strFrom) + strlen(strItems) + strlen(strWhere) + 1);
data/mapserver-7.6.1/mappostgis.c:2306:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSQL = msSmallMalloc(strlen(strSQLTemplate) + strlen(strFrom) + strlen(strItems) + strlen(strWhere) + 1);
data/mapserver-7.6.1/mappostgis.c:2306:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSQL = msSmallMalloc(strlen(strSQLTemplate) + strlen(strFrom) + strlen(strItems) + strlen(strWhere) + 1);
data/mapserver-7.6.1/mappostgis.c:2306:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strSQL = msSmallMalloc(strlen(strSQLTemplate) + strlen(strFrom) + strlen(strItems) + strlen(strWhere) + 1);
data/mapserver-7.6.1/mappostgis.c:2975:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncasecmp(rectProjection->args[0], "init=epsg:", strlen("init=epsg:")) != 0 )
data/mapserver-7.6.1/mappostgis.c:2986:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rectSRID = atoi(rectProjection->args[0] + strlen("init=epsg:"));
data/mapserver-7.6.1/mappostgis.c:3312:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_width) > 0
data/mapserver-7.6.1/mappostgis.c:3317:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_precision) > 0
data/mapserver-7.6.1/mappostgis.c:3374:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = (char*) msSmallMalloc(strlen(strSQLTemplate) + strlen(strFrom));
data/mapserver-7.6.1/mappostgis.c:3374:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = (char*) msSmallMalloc(strlen(strSQLTemplate) + strlen(strFrom));
data/mapserver-7.6.1/mappostgis.c:3483:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter1 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(layer->filter.native_string) + 1);
data/mapserver-7.6.1/mappostgis.c:3483:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter1 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(layer->filter.native_string) + 1);
data/mapserver-7.6.1/mappostgis.c:3485:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilterLength1 = strlen(strFilter1) + 7;
data/mapserver-7.6.1/mappostgis.c:3492:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter2 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(native_filter) + 1);
data/mapserver-7.6.1/mappostgis.c:3492:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter2 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(native_filter) + 1);
data/mapserver-7.6.1/mappostgis.c:3494:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilterLength2 = strlen(strFilter2) + 7;
data/mapserver-7.6.1/mappostgis.c:3497:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(layerinfo->geomcolumn) + strlen(f_table_name) + strlen(sqlExtentTemplate)
data/mapserver-7.6.1/mappostgis.c:3497:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(layerinfo->geomcolumn) + strlen(f_table_name) + strlen(sqlExtentTemplate)
data/mapserver-7.6.1/mappostgis.c:3497:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(layerinfo->geomcolumn) + strlen(f_table_name) + strlen(sqlExtentTemplate)
data/mapserver-7.6.1/mappostgis.c:3615:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter1 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(layer->filter.native_string) + 1);
data/mapserver-7.6.1/mappostgis.c:3615:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter1 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(layer->filter.native_string) + 1);
data/mapserver-7.6.1/mappostgis.c:3617:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilterLength1 = strlen(strFilter1) + 7;
data/mapserver-7.6.1/mappostgis.c:3624:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter2 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(native_filter) + 1);
data/mapserver-7.6.1/mappostgis.c:3624:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilter2 = (char *)msSmallMalloc(strlen(strFilterTemplate) + strlen(native_filter) + 1);
data/mapserver-7.6.1/mappostgis.c:3626:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strFilterLength2 = strlen(strFilter2) + 7;
data/mapserver-7.6.1/mappostgis.c:3629:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(f_table_name) + strlen(sqlNumFeaturesTemplate)
data/mapserver-7.6.1/mappostgis.c:3629:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(f_table_name) + strlen(sqlNumFeaturesTemplate)
data/mapserver-7.6.1/mappostgis.c:3713:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nlength = strlen(timestring);
data/mapserver-7.6.1/mappostgis.c:3929:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nSrcLen = strlen(pszString);
data/mapserver-7.6.1/mappostgis.c:4049:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4049:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4069:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4069:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4133:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4133:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4149:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4149:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4204:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4204:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + strlen(stresc));
data/mapserver-7.6.1/mappostgis.c:4215:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snippet = (char *) msSmallMalloc(strlen(strtmpl) + 16);
data/mapserver-7.6.1/mappostgresql.c:128:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maskeddata = (char *)malloc(strlen(layer->connection) + 1);
data/mapserver-7.6.1/mappostgresql.c:152:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = (char *)malloc(36 + strlen(join->table) + 1);
data/mapserver-7.6.1/mappostgresql.c:179:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
join->items[i + test] = (char *)malloc(strlen(column) + 1);
data/mapserver-7.6.1/mappostgresql.c:183:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
join->items[0] = (char *)malloc(strlen(column) + 1);
data/mapserver-7.6.1/mappostgresql.c:310:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += 8 + strlen(join->items[i]) + 2;
data/mapserver-7.6.1/mappostgresql.c:320:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(columns, "");
data/mapserver-7.6.1/mappostgresql.c:322:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(columns, "\"");
data/mapserver-7.6.1/mappostgresql.c:331:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = (char *)malloc(26 + strlen(columns) + strlen(join->table) +
data/mapserver-7.6.1/mappostgresql.c:331:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sql = (char *)malloc(26 + strlen(columns) + strlen(join->table) +
data/mapserver-7.6.1/mappostgresql.c:332:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(join->to) + strlen(joininfo->from_value));
data/mapserver-7.6.1/mappostgresql.c:332:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(join->to) + strlen(joininfo->from_value));
data/mapserver-7.6.1/mapprimitive.c:181:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen( shape->values[i] ) + 1;
data/mapserver-7.6.1/mapprimitive.c:184:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen( shape->text ) + 1;
data/mapserver-7.6.1/mapproject.c:103:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strncmp(in->args[i], "lon_wrap=", strlen("lon_wrap=")) == 0 ||
data/mapserver-7.6.1/mapproject.c:168:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(in_str) < 400 && strlen(out_str) < 400 )
data/mapserver-7.6.1/mapproject.c:168:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(in_str) < 400 && strlen(out_str) < 400 )
data/mapserver-7.6.1/mapproject.c:844:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( p->numargs && strncmp(args[0], "init=epsg:", strlen("init=epsg:")) == 0 &&
data/mapserver-7.6.1/mapproject.c:845:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(args[0]) < 24)
data/mapserver-7.6.1/mapproject.c:848:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(szTemp, args[0] + strlen("init=epsg:"));
data/mapserver-7.6.1/mapproject.c:1924:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("lon_wrap=")) == 0 )
data/mapserver-7.6.1/mapproject.c:1927:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pdfLonWrap = atof(in->args[i] + strlen("lon_wrap="));
data/mapserver-7.6.1/mapproject.c:2081:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(pnew->args[i]) > 0 && pnew->args[i][strlen(pnew->args[i])-1] == ' ' )
data/mapserver-7.6.1/mapproject.c:2081:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(pnew->args[i]) > 0 && pnew->args[i][strlen(pnew->args[i])-1] == ' ' )
data/mapserver-7.6.1/mapproject.c:2082:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pnew->args[i][strlen(pnew->args[i])-1] = '\0';
data/mapserver-7.6.1/mapproject.c:2312:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_filename = (char *) malloc(strlen(filename)+strlen(ms_proj_lib)+2);
data/mapserver-7.6.1/mapproject.c:2312:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
last_filename = (char *) malloc(strlen(filename)+strlen(ms_proj_lib)+2);
data/mapserver-7.6.1/mapproject.c:2345:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extended_path = (char*) msSmallMalloc(strlen(pszRelToPath)
data/mapserver-7.6.1/mapproject.c:2346:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(proj_lib) + 10);
data/mapserver-7.6.1/mapproject.c:2423:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen += (strlen(proj->args[i]) + 2);
data/mapserver-7.6.1/mapproject.c:2433:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!proj->args[i] || strlen(proj->args[i]) == 0)
data/mapserver-7.6.1/mapproject.c:2438:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pszProjString, "+");
data/mapserver-7.6.1/mapproject.c:2443:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pszProjString, " ");
data/mapserver-7.6.1/mapquery.c:145:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(lp->template && strlen(lp->template) > 0) return MS_TRUE;
data/mapserver-7.6.1/mapquery.c:148:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(lp->class[i]->template && strlen(lp->class[i]->template) > 0)
data/mapserver-7.6.1/mapquery.c:531:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(buffer, MS_QUERY_RESULTS_MAGIC_STRING, strlen(MS_QUERY_RESULTS_MAGIC_STRING)) == 0) {
data/mapserver-7.6.1/mapquery.c:533:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(strncasecmp(buffer, MS_QUERY_PARAMS_MAGIC_STRING, strlen(MS_QUERY_PARAMS_MAGIC_STRING)) == 0) {
data/mapserver-7.6.1/mapraster.c:285:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)msSmallMalloc(sizeof(char)*(strlen(layer->filter.string)+3));
data/mapserver-7.6.1/mapraster.c:292:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)msSmallMalloc(sizeof(char)*(strlen(layer->filter.string)+3));
data/mapserver-7.6.1/mapraster.c:314:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
requested_fields = (char*) msSmallMalloc(sizeof(char)*(strlen(layer->tileitem)+1+
data/mapserver-7.6.1/mapraster.c:315:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(layer->tilesrs ? strlen(layer->tilesrs) : 0) + 1));
data/mapserver-7.6.1/mapraster.c:410:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(layer->data == NULL || strlen(layer->data) == 0 ) { /* assume whole filename is in attribute field */
data/mapserver-7.6.1/mapraster.c:507:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( pszWKT != NULL && strlen(pszWKT) > 0 ) {
data/mapserver-7.6.1/mapraster.c:536:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( pszWKT != NULL && strlen(pszWKT) > 0 ) {
data/mapserver-7.6.1/mapraster.c:622:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strncmp(filename, "<VRTDataset", strlen("<VRTDataset")) == 0 )
data/mapserver-7.6.1/mapraster.c:857:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue;
data/mapserver-7.6.1/maprasterquery.c:798:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue;
data/mapserver-7.6.1/maprasterquery.c:1231:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( szWork+strlen(szWork), bufferSize-strlen(szWork), "%.8g",
data/mapserver-7.6.1/maprasterquery.c:1231:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( szWork+strlen(szWork), bufferSize-strlen(szWork), "%.8g",
data/mapserver-7.6.1/maprasterquery.c:1323:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (!layer->data || strlen(layer->data) == 0)
data/mapserver-7.6.1/mapscale.c:208:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sx = (map->scalebar.intervals*isx) + MS_NINT((1.5 + strlen(label)/2.0 + strlen(unitText[map->scalebar.units]))*fontWidth);
data/mapserver-7.6.1/mapscale.c:208:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sx = (map->scalebar.intervals*isx) + MS_NINT((1.5 + strlen(label)/2.0 + strlen(unitText[map->scalebar.units]))*fontWidth);
data/mapserver-7.6.1/mapscale.c:302:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ox = ox + j*isx - MS_NINT((strlen(label)*fontWidth)/2.0);
data/mapserver-7.6.1/mapscale.c:348:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p.x = ox + j*isx - MS_NINT((strlen(label)*fontWidth)/2.0);
data/mapserver-7.6.1/mapscript/php/color.c:221:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MAPSCRIPT_RETURN_STRINGL(hex, strlen(hex), 0);
data/mapserver-7.6.1/mapscript/php/error.c:39:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Z_STRLEN_P(__z) = strlen(__s); \
data/mapserver-7.6.1/mapscript/php/image.c:311:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(php_image->image->img.imagemap);
data/mapserver-7.6.1/mapscript/php/label.c:314:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!value || strlen(value) <= 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:50:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename && strlen(filename))
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:60:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(map_text && strlen(map_text))
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:752:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:930:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:943:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1081:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1094:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1964:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/mapscript_i.c:1977:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0) {
data/mapserver-7.6.1/mapscript/php/owsrequest.c:418:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cookie_tmp = malloc((strlen(string_key)+Z_STRLEN_PP(ppzval)+3) * sizeof(char));
data/mapserver-7.6.1/mapscript/php/owsrequest.c:430:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(zend_hash_find(PG(http_globals)[TRACK_VARS_SERVER]->value.ht, name, strlen(name)+1, (void **) &val) == SUCCESS) &&
data/mapserver-7.6.1/mapscript/php/owsrequest.c:477:90: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
((val = zend_hash_str_find(Z_ARRVAL(PG(http_globals)[TRACK_VARS_SERVER]), name, strlen(name))) != NULL) &&
data/mapserver-7.6.1/mapscript/php/php_mapscript.h:88:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_hash_str_update(ht, keyname, strlen(keyname)+1, &data);
data/mapserver-7.6.1/mapscript/php/php_mapscript.h:118:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zend_hash_update(Z_ARRVAL_P(return_value), key, strlen(key)+1, &data, sizeof(data), NULL)
data/mapserver-7.6.1/mapscript/php/style.c:395:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!value || strlen(value) <= 0) {
data/mapserver-7.6.1/mapscript/v8/v8_mapscript.cpp:43:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *str = (char *) malloc(strlen(fallback) + 1);
data/mapserver-7.6.1/mapservutil.c:271:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(mapserv->request->ParamValues[i] && strlen(mapserv->request->ParamValues[i]) > 0) {
data/mapserver-7.6.1/mapservutil.c:362:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(mapserv->request->ParamValues[i]) == 0)
data/mapserver-7.6.1/mapservutil.c:955:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(mapserv->request->ParamValues[i]) < 1 ) {
data/mapserver-7.6.1/mapservutil.c:1578:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msIO_fwrite(legendTemplate, strlen(legendTemplate), 1, stdout);
data/mapserver-7.6.1/mapshape.c:235:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(pszLayer)+5);
data/mapserver-7.6.1/mapshape.c:237:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/mapserver-7.6.1/mapshape.c:248:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/mapshape.c:488:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(pszLayer)+5);
data/mapserver-7.6.1/mapshape.c:490:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/mapserver-7.6.1/mapshape.c:500:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/mapshape.c:1731:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(filename)+5;
data/mapserver-7.6.1/mapshape.c:1737:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(dbfFilename) - 1;
data/mapserver-7.6.1/mapshape.c:1839:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *)malloc(strlen(sourcename)+strlen(MS_INDEX_EXTENSION)+1);
data/mapserver-7.6.1/mapshape.c:1839:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = (char *)malloc(strlen(sourcename)+strlen(MS_INDEX_EXTENSION)+1);
data/mapserver-7.6.1/mapshape.c:1840:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_CHECK_ALLOC(filename, strlen(sourcename)+strlen(MS_INDEX_EXTENSION)+1, MS_FAILURE);
data/mapserver-7.6.1/mapshape.c:1840:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_CHECK_ALLOC(filename, strlen(sourcename)+strlen(MS_INDEX_EXTENSION)+1, MS_FAILURE);
data/mapserver-7.6.1/mapshape.c:2058:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue; /* check again */
data/mapserver-7.6.1/mapshape.c:2112:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue; /* check again */
data/mapserver-7.6.1/mapshape.c:2155:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue; /* check again */
data/mapserver-7.6.1/mapshape.c:2233:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue; /* check again */
data/mapserver-7.6.1/mapshape.c:2279:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) continue; /* check again */
data/mapserver-7.6.1/mapshape.c:2384:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) == 0) return(MS_FAILURE);
data/mapserver-7.6.1/mapshape.c:2531:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_width) > 0
data/mapserver-7.6.1/mapshape.c:2536:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(gml_precision) > 0
data/mapserver-7.6.1/mapstring.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
findlen = strlen(find);
data/mapserver-7.6.1/mapstring.c:106:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlen = strlen(string);
data/mapserver-7.6.1/mapstring.c:156:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(dlen + strlen(s));
data/mapserver-7.6.1/mapstring.c:269:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/mapserver-7.6.1/mapstring.c:383:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++) {
data/mapserver-7.6.1/mapstring.c:395:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++) {
data/mapserver-7.6.1/mapstring.c:411:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(string); i++) {
data/mapserver-7.6.1/mapstring.c:434:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(string); i++) {
data/mapserver-7.6.1/mapstring.c:451:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(string);
data/mapserver-7.6.1/mapstring.c:471:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(str, str + i, strlen(str) - i + 1);
data/mapserver-7.6.1/mapstring.c:474:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(str) == 0) {
data/mapserver-7.6.1/mapstring.c:478:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(str)-1; i>=0; i--) { /* step backwards from end */
data/mapserver-7.6.1/mapstring.c:492:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char *read, *write;
data/mapserver-7.6.1/mapstring.c:495:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (string && strlen(string) > 0) {
data/mapserver-7.6.1/mapstring.c:496:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/mapserver-7.6.1/mapstring.c:507:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > write) {
data/mapserver-7.6.1/mapstring.c:508:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (*read) {
data/mapserver-7.6.1/mapstring.c:509:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*write = *read;
data/mapserver-7.6.1/mapstring.c:526:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(string);
data/mapserver-7.6.1/mapstring.c:572:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/mapserver-7.6.1/mapstring.c:573:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_len = strlen(old);
data/mapserver-7.6.1/mapstring.c:574:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_len = strlen(new);
data/mapserver-7.6.1/mapstring.c:596:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(tmp_ptr+new_len, tmp_ptr+old_len, strlen(tmp_ptr)-old_len+1);
data/mapserver-7.6.1/mapstring.c:632:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(str);
data/mapserver-7.6.1/mapstring.c:672:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(fn);
data/mapserver-7.6.1/mapstring.c:711:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(path);
data/mapserver-7.6.1/mapstring.c:713:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abslen = strlen(abs_path);
data/mapserver-7.6.1/mapstring.c:815:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/mapserver-7.6.1/mapstring.c:1017:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = 1, iChar, nLength = strlen(pszLine), iTokenChar = 0, bInQuotes = MS_FALSE;
data/mapserver-7.6.1/mapstring.c:1019:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nDelimLen = strlen(pszDelim);
data/mapserver-7.6.1/mapstring.c:1121:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
code = (char*)msSmallMalloc(strlen(data)+inc+1);
data/mapserver-7.6.1/mapstring.c:1152:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszRet = (char*) msSmallMalloc(strlen(pszJSonString) * 6 + 1);
data/mapserver-7.6.1/mapstring.c:1229:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen = strlen(string) + 100;
data/mapserver-7.6.1/mapstring.c:1293:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(pszBuffer);
data/mapserver-7.6.1/mapstring.c:1354:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(string);
data/mapserver-7.6.1/mapstring.c:1385:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(pszDest) + strlen(pszSrc);
data/mapserver-7.6.1/mapstring.c:1385:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(pszDest) + strlen(pszSrc);
data/mapserver-7.6.1/mapstring.c:1410:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
delimeterLength = strlen(delimeter);
data/mapserver-7.6.1/mapstring.c:1413:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringLength += strlen(array[i]) + delimeterLength;
data/mapserver-7.6.1/mapstring.c:1467:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_length = strlen(str);
data/mapserver-7.6.1/mapstring.c:1472:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
num_commas = floor(((old_length - strlen(strchr(str, decimal_point))) - 1)/3);
data/mapserver-7.6.1/mapstring.c:1527:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/mapserver-7.6.1/mapstring.c:1528:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_len = strlen(old);
data/mapserver-7.6.1/mapstring.c:1529:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_len = strlen(new);
data/mapserver-7.6.1/mapstring.c:1551:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(tmp_ptr+new_len, tmp_ptr+old_len, strlen(tmp_ptr)-old_len+1);
data/mapserver-7.6.1/mapstring.c:1601:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/mapserver-7.6.1/mapstring.c:1718:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/mapserver-7.6.1/mapstring.c:1784:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nStr = wcslen (string);
data/mapserver-7.6.1/mapstring.c:2088:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(string);
data/mapserver-7.6.1/mapstring.c:2115:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nStringLength = strlen(pszString) + 1; /* null terminated byte */
data/mapserver-7.6.1/mapstring.c:2120:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(long)strlen(pszString));
data/mapserver-7.6.1/mapstring.c:2143:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszString == NULL || strlen(pszString) == 0)
data/mapserver-7.6.1/mapstring.c:2153:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_tmp = (char*)msSmallMalloc(strlen(pszString)+ncharstoescape+1);
data/mapserver-7.6.1/mapstring.c:2201:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!shape->values[i] || (len = strlen(shape->values[i]))==0) {
data/mapserver-7.6.1/mapstring.c:2297:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nAppendLen = strlen(pszAppendedString);
data/mapserver-7.6.1/mapsymbol.c:361:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!filename || strlen(filename) == 0) return(-1);
data/mapserver-7.6.1/mapsymbol.c:865:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!filename || strlen(filename) == 0) {
data/mapserver-7.6.1/maptemplate.c:481:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(pszTag) + 1; /* adding [ character to the beginning */
data/mapserver-7.6.1/maptemplate.c:484:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pszTag1, "[");
data/mapserver-7.6.1/maptemplate.c:557:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszStart = pszStart + strlen(pszTag) + 1;
data/mapserver-7.6.1/maptemplate.c:574:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(papszArgs[i]) == 0) {
data/mapserver-7.6.1/maptemplate.c:619:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszEndTag = (char*)msSmallMalloc(strlen(pszTag) + 3);
data/mapserver-7.6.1/maptemplate.c:835:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(string1) - strlen(tmpstr);
data/mapserver-7.6.1/maptemplate.c:835:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(string1) - strlen(tmpstr);
data/mapserver-7.6.1/maptemplate.c:849:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpstr += strlen(string2); /* skip string2 */
data/mapserver-7.6.1/maptemplate.c:1288:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(shape->values[i] && strlen(shape->values[i]) > 0) {
data/mapserver-7.6.1/maptemplate.c:1311:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=0; j<strlen(itemValue); j++) itemValue[j] = toupper(itemValue[j]);
data/mapserver-7.6.1/maptemplate.c:1313:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(j=0; j<strlen(itemValue); j++) itemValue[j] = tolower(itemValue[j]);
data/mapserver-7.6.1/maptemplate.c:1319:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int paddedSize = strlen(tagValue) + padding + 1;
data/mapserver-7.6.1/maptemplate.c:2131:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pointFormatLength = strlen(xh) + strlen(xf) + strlen(yh) + strlen(yf) + strlen(cs) + 12 + 1;
data/mapserver-7.6.1/maptemplate.c:2131:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pointFormatLength = strlen(xh) + strlen(xf) + strlen(yh) + strlen(yf) + strlen(cs) + 12 + 1;
data/mapserver-7.6.1/maptemplate.c:2131:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pointFormatLength = strlen(xh) + strlen(xf) + strlen(yh) + strlen(yf) + strlen(cs) + 12 + 1;
data/mapserver-7.6.1/maptemplate.c:2131:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pointFormatLength = strlen(xh) + strlen(xf) + strlen(yh) + strlen(yf) + strlen(cs) + 12 + 1;
data/mapserver-7.6.1/maptemplate.c:2131:77: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pointFormatLength = strlen(xh) + strlen(xf) + strlen(yh) + strlen(yf) + strlen(cs) + 12 + 1;
data/mapserver-7.6.1/maptemplate.c:2246:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sh) > 0) coords = msStringConcatenate(coords, sh);
data/mapserver-7.6.1/maptemplate.c:2249:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tShape.type == MS_SHAPE_POLYGON && strlen(orh) > 0 && strlen(irh) > 0) {
data/mapserver-7.6.1/maptemplate.c:2249:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(tShape.type == MS_SHAPE_POLYGON && strlen(orh) > 0 && strlen(irh) > 0) {
data/mapserver-7.6.1/maptemplate.c:2259:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((!firstPart) && (strlen(ps) > 0)) coords = msStringConcatenate(coords, ps);
data/mapserver-7.6.1/maptemplate.c:2261:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ph) > 0) coords = msStringConcatenate(coords, ph);
data/mapserver-7.6.1/maptemplate.c:2286:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pf) > 0) coords = msStringConcatenate(coords, pf);
data/mapserver-7.6.1/maptemplate.c:2299:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ph) > 0) coords = msStringConcatenate(coords, ph);
data/mapserver-7.6.1/maptemplate.c:2308:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pf) > 0) coords = msStringConcatenate(coords, pf);
data/mapserver-7.6.1/maptemplate.c:2310:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((i < tShape.numlines-1) && (strlen(ps) > 0)) coords = msStringConcatenate(coords, ps);
data/mapserver-7.6.1/maptemplate.c:2313:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(sf) > 0) coords = msStringConcatenate(coords, sf);
data/mapserver-7.6.1/maptemplate.c:2472:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(szStyleCode+strlen(szStyleCode), 255,
data/mapserver-7.6.1/maptemplate.c:2539:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullImgFname = (char*)msSmallMalloc(strlen(map->web.imageurl) + strlen(szImgFname) + 1);
data/mapserver-7.6.1/maptemplate.c:2539:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullImgFname = (char*)msSmallMalloc(strlen(map->web.imageurl) + strlen(szImgFname) + 1);
data/mapserver-7.6.1/maptemplate.c:2645:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pszTemp = (char*)msSmallMalloc(strlen(pszGroupTemplate) + 1);
data/mapserver-7.6.1/maptemplate.c:2920:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*pszTemp = (char*)msSmallMalloc(strlen(pszClassTemplate) + 1);
data/mapserver-7.6.1/maptemplate.c:3085:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = (mapserv->map->name?strlen(mapserv->map->name):0) + 50;
data/mapserver-7.6.1/maptemplate.c:3748:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(repstr, ""); /* list of ALL layers that can be toggled */
data/mapserver-7.6.1/maptemplate.c:4210:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCurrentSize = strlen((*papszBuffer));
data/mapserver-7.6.1/maptemplate.c:4224:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nBufferSize <= (int)(nCurrentSize + strlen(tmpline) + 1)) {
data/mapserver-7.6.1/maptemplate.c:4225:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nExpandBuffer = (strlen(tmpline) / MS_TEMPLATE_BUFFER) + 1;
data/mapserver-7.6.1/maptemplate.c:4226:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBufferSize = MS_TEMPLATE_BUFFER*nExpandBuffer + strlen((*papszBuffer));
data/mapserver-7.6.1/maptemplate.c:4230:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCurrentSize += strlen(tmpline);
data/mapserver-7.6.1/maptemplate.c:4232:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msIO_fwrite(tmpline, strlen(tmpline), 1, stdout);
data/mapserver-7.6.1/maptemplate.c:4237:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nBufferSize <= (int)(nCurrentSize + strlen(line))) {
data/mapserver-7.6.1/maptemplate.c:4238:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nExpandBuffer = (strlen(line) / MS_TEMPLATE_BUFFER) + 1;
data/mapserver-7.6.1/maptemplate.c:4239:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nBufferSize = MS_TEMPLATE_BUFFER*nExpandBuffer + strlen((*papszBuffer));
data/mapserver-7.6.1/maptemplate.c:4243:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCurrentSize += strlen(line);
data/mapserver-7.6.1/maptemplate.c:4245:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msIO_fwrite(line, strlen(line), 1, stdout);
data/mapserver-7.6.1/maptemplate.c:4381:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(nBufferSize <= (int)(nCurrentSize + strlen(buffer) + 1)) {
data/mapserver-7.6.1/maptemplate.c:4387:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nCurrentSize += strlen(buffer);
data/mapserver-7.6.1/maptemplate.c:4522:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msIO_fwrite(buffer, strlen(buffer), 1, stdout);
data/mapserver-7.6.1/maptile.c:190:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int)strlen( msObj->TileCoords ) - params.metatile_level < 0 ) {
data/mapserver-7.6.1/maptile.c:198:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen( msObj->TileCoords ) - params.metatile_level;
data/mapserver-7.6.1/maptile.c:199:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i < strlen( msObj->TileCoords );
data/mapserver-7.6.1/maptile.c:305:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strspn( msObj->TileCoords, "0123" ) < strlen( msObj->TileCoords ) ) {
data/mapserver-7.6.1/maptile.c:310:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( params.metatile_level >= strlen(msObj->TileCoords) ) {
data/mapserver-7.6.1/maptile.c:404:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = 0; i < strlen( msObj->TileCoords ) - params.metatile_level; i++ ) {
data/mapserver-7.6.1/maptime.c:344:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(timestring) <= 0 || strlen(timeextent) <= 0)
data/mapserver-7.6.1/maptime.c:344:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(timestring) <= 0 || strlen(timeextent) <= 0)
data/mapserver-7.6.1/maptree.c:112:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(pszTree)+5);
data/mapserver-7.6.1/maptree.c:114:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/mapserver-7.6.1/maptree.c:126:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/maptree.c:731:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(filename)+5);
data/mapserver-7.6.1/maptree.c:733:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/mapserver-7.6.1/maptree.c:745:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/maputil.c:78:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!value || strlen(value) == 0) return MS_FAILURE;
data/mapserver-7.6.1/maputil.c:85:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!value || strlen(value) == 0) return MS_FAILURE;
data/mapserver-7.6.1/maputil.c:94:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!value || ((len = strlen(value)) == 0)) return MS_FAILURE;
data/mapserver-7.6.1/maputil.c:323:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(shape->values[label->bindings[MS_LABEL_BINDING_ALIGN].index]) >= 4) {
data/mapserver-7.6.1/maputil.c:341:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(shape->values[label->bindings[MS_LABEL_BINDING_POSITION].index]) == 2) {
data/mapserver-7.6.1/maputil.c:481:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ltags[i] = (char *) msSmallMalloc(sizeof(char)*strlen(GET_LAYER(map, i)->name) + 3);
data/mapserver-7.6.1/maputil.c:528:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tag = (char *)msSmallMalloc(sizeof(char)*strlen(GET_LAYER(map, i)->name) + 3);
data/mapserver-7.6.1/maputil.c:600:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int value_len = strlen(shape->values[itemindex]);
data/mapserver-7.6.1/maputil.c:772:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
target = (char *) msSmallMalloc(strlen(node->tokenval.bindval.item) + 3);
data/mapserver-7.6.1/maputil.c:785:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(result)) {
data/mapserver-7.6.1/maputil.c:813:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(result && !strlen(result)) {
data/mapserver-7.6.1/maputil.c:858:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (shape->values && layer->labelitemindex >= 0 && shape->values[layer->labelitemindex] && strlen(shape->values[layer->labelitemindex]) )
data/mapserver-7.6.1/maputil.c:1652:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpFnameBufsize = strlen(tmpId) + 10 + strlen(ext) + 1;
data/mapserver-7.6.1/maputil.c:1652:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpFnameBufsize = strlen(tmpId) + 10 + strlen(ext) + 1;
data/mapserver-7.6.1/maputil.c:2581:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mapparam_len = strlen(mapparam)+5; /* +5 for "map="+"&" */
data/mapserver-7.6.1/maputil.c:2589:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(hostname)+strlen(port)+strlen(script)+mapparam_len+11; /* 11 comes from https://[host]:[port][scriptname]?[map]\0, i.e. "https://:?\0" */
data/mapserver-7.6.1/maputil.c:2589:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(hostname)+strlen(port)+strlen(script)+mapparam_len+11; /* 11 comes from https://[host]:[port][scriptname]?[map]\0, i.e. "https://:?\0" */
data/mapserver-7.6.1/maputil.c:2589:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_size = strlen(hostname)+strlen(port)+strlen(script)+mapparam_len+11; /* 11 comes from https://[host]:[port][scriptname]?[map]\0, i.e. "https://:?\0" */
data/mapserver-7.6.1/maputil.c:2599:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
baselen = strlen(online_resource);
data/mapserver-7.6.1/mapuvraster.c:548:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen("lon_wrap=")) == 0 ) {
data/mapserver-7.6.1/mapuvraster.c:550:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dfLonWrap = atof( layer->projection.args[i] + strlen("lon_wrap=") );
data/mapserver-7.6.1/mapuvraster.c:578:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strncmp(layer->data, "<VRTDataset", strlen("<VRTDataset")) == 0 )
data/mapserver-7.6.1/mapuvraster.c:608:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nMaxLen = 100 + nBands * (800 + 2 * strlen(decrypted_path));
data/mapserver-7.6.1/mapuvraster.c:615:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOffset = strlen(pszInlineVRT);
data/mapserver-7.6.1/mapuvraster.c:654:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nOffset += strlen(pszInlineVRT + nOffset);
data/mapserver-7.6.1/mapuvraster.c:921:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (!layer->data || strlen(layer->data) == 0)
data/mapserver-7.6.1/mapv8.cpp:100:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
i += read;
data/mapserver-7.6.1/mapwcs.c:64:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpname = (char *)msSmallMalloc(sizeof(char)*strlen(name) + 10);
data/mapserver-7.6.1/mapwcs.c:327:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( bandlist, "1" );
data/mapserver-7.6.1/mapwcs.c:329:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( bandlist+strlen(bandlist), bufferSize-strlen(bandlist), ",%d", i+1 );
data/mapserver-7.6.1/mapwcs.c:329:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf( bandlist+strlen(bandlist), bufferSize-strlen(bandlist), ",%d", i+1 );
data/mapserver-7.6.1/mapwcs.c:361:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if((doc = xmlParseMemory(request->postrequest, strlen(request->postrequest)))
data/mapserver-7.6.1/mapwcs.c:412:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncasecmp(params->crs+strlen(params->crs)-8,"imageCRS",8)==0)
data/mapserver-7.6.1/mapwcs.c:582:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncasecmp(params->crs+strlen(params->crs)-8,"imageCRS",8)==0)
data/mapserver-7.6.1/mapwcs.c:1583:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nKeyBeginningLength = strlen(szKeyBeginning);
data/mapserver-7.6.1/mapwcs.c:1593:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( EQUALN(pszGDALKey, "BAND_", strlen("BAND_")) )
data/mapserver-7.6.1/mapwcs.c:1597:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nKeyOriBandNumber = atoi(pszGDALKey + strlen("BAND_"));
data/mapserver-7.6.1/mapwcs.c:1612:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strchr(pszGDALKey + strlen("BAND_"), '_');
data/mapserver-7.6.1/mapwcs.c:1666:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nKeyBeginningLength = strlen(szKeyBeginning);
data/mapserver-7.6.1/mapwcs.c:2110:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(bandlist, "1");
data/mapserver-7.6.1/mapwcs.c:2112:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(bandlist+strlen(bandlist), bufferSize-strlen(bandlist), ",%d", i+1);
data/mapserver-7.6.1/mapwcs.c:2112:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(bandlist+strlen(bandlist), bufferSize-strlen(bandlist), ",%d", i+1);
data/mapserver-7.6.1/mapwcs.c:2127:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lp->data) > 0 &&
data/mapserver-7.6.1/mapwcs.c:2582:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(srs_urn) > sizeof(cm->srs_urn) - 1 ) {
data/mapserver-7.6.1/mapwcs11.c:190:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( mimetype == NULL || strlen(mimetype) == 0 ) {
data/mapserver-7.6.1/mapwcs11.c:334:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( owned_value != NULL && strlen(owned_value) > 0 )
data/mapserver-7.6.1/mapwcs11.c:345:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format_list) > 0 )
data/mapserver-7.6.1/mapwcs11.c:410:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_length = strlen(identifier_list) + strlen(layer->name) + 2;
data/mapserver-7.6.1/mapwcs11.c:410:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_length = strlen(identifier_list) + strlen(layer->name) + 2;
data/mapserver-7.6.1/mapwcs11.c:413:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(identifier_list) > 0 )
data/mapserver-7.6.1/mapwcs11.c:414:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( identifier_list, "," );
data/mapserver-7.6.1/mapwcs11.c:863:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( owned_value != NULL && strlen(owned_value) > 0 )
data/mapserver-7.6.1/mapwcs11.c:878:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(format_list) > 0 )
data/mapserver-7.6.1/mapwcs11.c:1071:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = rangesubset + strlen(field_id);
data/mapserver-7.6.1/mapwcs11.c:1079:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(rangesubset) <= strlen(field_id)+1
data/mapserver-7.6.1/mapwcs11.c:1079:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(rangesubset) <= strlen(field_id)+1
data/mapserver-7.6.1/mapwcs11.c:1080:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncasecmp(rangesubset,field_id,strlen(field_id)) != 0
data/mapserver-7.6.1/mapwcs11.c:1107:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value += strlen(params->interpolation) + 1;
data/mapserver-7.6.1/mapwcs11.c:1120:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(value) <= strlen(axis_id)+1
data/mapserver-7.6.1/mapwcs11.c:1120:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(value) <= strlen(axis_id)+1
data/mapserver-7.6.1/mapwcs11.c:1121:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strncasecmp(value,axis_id,strlen(axis_id)) != 0
data/mapserver-7.6.1/mapwcs11.c:1122:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| value[strlen(axis_id)] != '[' ) {
data/mapserver-7.6.1/mapwcs11.c:1135:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value += strlen(axis_id) + 1;
data/mapserver-7.6.1/mapwcs20.c:75:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(afterLastClosingBracket, ptr, strlen(ptr) + 1);
data/mapserver-7.6.1/mapwcs20.c:106:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(parse_check - strlen(string) != string) {
data/mapserver-7.6.1/mapwcs20.c:128:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(parse_check - strlen(string) != string) {
data/mapserver-7.6.1/mapwcs20.c:149:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!string || strlen(string) == 0 || !u) {
data/mapserver-7.6.1/mapwcs20.c:387:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (axis == NULL || strlen(axis) == 0) {
data/mapserver-7.6.1/mapwcs20.c:407:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (max != NULL && strlen(max) > 0) {
data/mapserver-7.6.1/mapwcs20.c:506:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (min[strlen(min) - 1] == ')') {
data/mapserver-7.6.1/mapwcs20.c:507:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
min[strlen(min) - 1] = '\0';
data/mapserver-7.6.1/mapwcs20.c:874:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (id == NULL || strlen(id) == 0) {
data/mapserver-7.6.1/mapwcs20.c:907:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (id == NULL || strlen(id) == 0) {
data/mapserver-7.6.1/mapwcs20.c:1348:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(start) + strlen(stop) + 2;
data/mapserver-7.6.1/mapwcs20.c:1348:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(start) + strlen(stop) + 2;
data/mapserver-7.6.1/mapwcs20.c:1966:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( mimetype == NULL || strlen(mimetype) == 0 ) {
data/mapserver-7.6.1/mapwcs20.c:2014:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(srs_uri != NULL && strlen(srs_uri) > 0) {
data/mapserver-7.6.1/mapwcs20.c:2574:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(srs_uri) > sizeof(cm->srs_uri) - 1 ) {
data/mapserver-7.6.1/mapwcs20.c:2992:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(cm->bands[i].uom) == 0) {
data/mapserver-7.6.1/mapwcs20.c:4125:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*key, string, size + 1);
data/mapserver-7.6.1/mapwcs20.c:4782:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(layer->data) > 0 &&
data/mapserver-7.6.1/mapwcs20.c:5002:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen("cid:coverage/") + strlen(filename) + 1;
data/mapserver-7.6.1/mapwcs20.c:5002:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen("cid:coverage/") + strlen(filename) + 1;
data/mapserver-7.6.1/mapwcs20.c:5009:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(MS_WCS_20_PROFILE_GML_GEOTIFF) + 1;
data/mapserver-7.6.1/mapwcs20.c:5013:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(MS_IMAGE_MIME_TYPE(map->outputformat)) + 1;
data/mapserver-7.6.1/mapwfs.c:242:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (hit[strlen(fname)] == '\0' || hit[strlen(fname)] == ','))
data/mapserver-7.6.1/mapwfs.c:242:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (hit[strlen(fname)] == '\0' || hit[strlen(fname)] == ','))
data/mapserver-7.6.1/mapwfs.c:245:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(out_list) + strlen(fname)+3 < out_list_size ) {
data/mapserver-7.6.1/mapwfs.c:245:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strlen(out_list) + strlen(fname)+3 < out_list_size ) {
data/mapserver-7.6.1/mapwfs.c:246:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat( out_list, "," );
data/mapserver-7.6.1/mapwfs.c:562:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->name && strlen(lp->name) > 0 &&
data/mapserver-7.6.1/mapwfs.c:681:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wfsparams->pszAcceptVersions && strlen(wfsparams->pszAcceptVersions) > 0) {
data/mapserver-7.6.1/mapwfs.c:1144:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
element_tab = (char *) msSmallMalloc(sizeof(char)*strlen(tab)+5);
data/mapserver-7.6.1/mapwfs.c:1487:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(encoded_name) + strlen("Type") + 1;
data/mapserver-7.6.1/mapwfs.c:1487:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sz = strlen(encoded_name) + strlen("Type") + 1;
data/mapserver-7.6.1/mapwfs.c:2031:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(pszTmp)+
data/mapserver-7.6.1/mapwfs.c:2032:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszSep)+
data/mapserver-7.6.1/mapwfs.c:2033:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pszValue)+1));
data/mapserver-7.6.1/mapwfs.c:2273:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszFilter && strlen(pszFilter) > 0) {
data/mapserver-7.6.1/mapwfs.c:2295:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (gmlinfo->typename == NULL || strlen(gmlinfo->typename) <= 0 || layers == NULL || numlayers <= 0) {
data/mapserver-7.6.1/mapwfs.c:2333:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFilter) > 0 && pszFilter[0] == '(') {
data/mapserver-7.6.1/mapwfs.c:2672:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* pszTmpPropertyName = msSmallMalloc(1+strlen(pszPropertyName)+1+1);
data/mapserver-7.6.1/mapwfs.c:2688:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tokens[i]) > 0) {
data/mapserver-7.6.1/mapwfs.c:2691:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
papszPropertyName[i][strlen(papszPropertyName[i])-1] = '\0';
data/mapserver-7.6.1/mapwfs.c:3137:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!lp->items[z] || strlen(lp->items[z]) <= 0)
data/mapserver-7.6.1/mapwfs.c:3174:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nGroupNameLen = strlen(pszGroupName);
data/mapserver-7.6.1/mapwfs.c:3590:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(papszPropertyName[k]) > 0) {
data/mapserver-7.6.1/mapwfs.c:3638:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chAfterNeedle = papszPropertyName[k][strlen(groupList->groups[z].name)];
data/mapserver-7.6.1/mapwfs.c:4028:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strncmp(psIter->pszValue, "xmlns:", strlen("xmlns:")) == 0 ||
data/mapserver-7.6.1/mapwfs.c:4029:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(psIter->pszValue, "xsi:", strlen("xsi:")) == 0) )
data/mapserver-7.6.1/mapwfs.c:4403:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszRequest==NULL || strlen(paramsObj->pszRequest)<=0) {
data/mapserver-7.6.1/mapwfs.c:4426:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszVersion == NULL || strlen(paramsObj->pszVersion) <=0)
data/mapserver-7.6.1/mapwfs.c:4434:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((paramsObj->pszService == NULL || strlen(paramsObj->pszService) == 0) &&
data/mapserver-7.6.1/mapwfs.c:4444:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszService == NULL || strlen(paramsObj->pszService) == 0)
data/mapserver-7.6.1/mapwfs.c:4474:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszVersion==NULL || strlen(paramsObj->pszVersion)<=0) {
data/mapserver-7.6.1/mapwfs.c:4484:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszRequest==NULL || strlen(paramsObj->pszRequest)<=0) {
data/mapserver-7.6.1/mapwfs.c:4493:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (paramsObj->pszService==NULL || strlen(paramsObj->pszService)<=0) {
data/mapserver-7.6.1/mapwfs.c:4741:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszTmp2 = (char *)msSmallRealloc(pszTmp2, sizeof(char)* (strlen(pszTmp)+ strlen(pszValue)+2));
data/mapserver-7.6.1/mapwfs.c:4741:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszTmp2 = (char *)msSmallRealloc(pszTmp2, sizeof(char)* (strlen(pszTmp)+ strlen(pszValue)+2));
data/mapserver-7.6.1/mapwfs.c:4749:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszTmp2 = (char *)msSmallRealloc(pszTmp2, sizeof(char)* (strlen(pszTmp)+ 3));
data/mapserver-7.6.1/mapwfs.c:4767:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(pszCPLTmp)+3));
data/mapserver-7.6.1/mapwfs11.c:119:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(value)+strlen(lp->name)+1+1;
data/mapserver-7.6.1/mapwfs11.c:119:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(value)+strlen(lp->name)+1+1;
data/mapserver-7.6.1/mapwfs11.c:129:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->name && strlen(lp->name) > 0 &&
data/mapserver-7.6.1/mapwfs20.c:134:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strncasecmp( params->pszSections + i, "All", strlen("All")) == 0 )
data/mapserver-7.6.1/mapwfs20.c:136:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strncasecmp( params->pszSections + i, pszSection, strlen(pszSection)) == 0 )
data/mapserver-7.6.1/mapwfs20.c:287:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(afterLastClosingBracket, ptr, strlen(ptr) + 1);
data/mapserver-7.6.1/mapwfs20.c:1074:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( returnFeatureTypes != NULL && strlen((const char*)returnFeatureTypes) > 0 )
data/mapserver-7.6.1/mapwfslayer.c:132:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(pszTypeName);
data/mapserver-7.6.1/mapwfslayer.c:153:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszTmp && strlen(pszTmp) > 0) {
data/mapserver-7.6.1/mapwfslayer.c:259:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(pszFilter)+strlen(psParams->pszTypeName)+500;
data/mapserver-7.6.1/mapwfslayer.c:259:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(pszFilter)+strlen(psParams->pszTypeName)+500;
data/mapserver-7.6.1/mapwfslayer.c:382:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(lp->connection)+1024;
data/mapserver-7.6.1/mapwfslayer.c:399:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&REQUEST=GetFeature");
data/mapserver-7.6.1/mapwfslayer.c:399:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&REQUEST=GetFeature");
data/mapserver-7.6.1/mapwfslayer.c:403:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&VERSION=%s", pszVersion);
data/mapserver-7.6.1/mapwfslayer.c:403:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&VERSION=%s", pszVersion);
data/mapserver-7.6.1/mapwfslayer.c:407:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&SERVICE=%s", pszService);
data/mapserver-7.6.1/mapwfslayer.c:407:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&SERVICE=%s", pszService);
data/mapserver-7.6.1/mapwfslayer.c:411:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&TYPENAME=%s", pszTypename);
data/mapserver-7.6.1/mapwfslayer.c:411:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&TYPENAME=%s", pszTypename);
data/mapserver-7.6.1/mapwfslayer.c:420:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&FILTER=%s",encoded_filter);
data/mapserver-7.6.1/mapwfslayer.c:420:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL), "&FILTER=%s",encoded_filter);
data/mapserver-7.6.1/mapwfslayer.c:441:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize - strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:441:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize - strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:446:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize - strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:446:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize - strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:452:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize - strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:452:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize - strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:462:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL),
data/mapserver-7.6.1/mapwfslayer.c:462:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(pszURL + strlen(pszURL), bufferSize-strlen(pszURL),
data/mapserver-7.6.1/mapwms.c:191:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (patterns[i] && strlen(patterns[i]) > 0) {
data/mapserver-7.6.1/mapwms.c:247:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (time == NULL || strlen(time) <=0) {
data/mapserver-7.6.1/mapwms.c:267:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (timepattern && time && strlen(time) > 0) {
data/mapserver-7.6.1/mapwms.c:300:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (timepattern && time && strlen(time) > 0) {
data/mapserver-7.6.1/mapwms.c:321:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!filter || strlen(filter) == 0)
data/mapserver-7.6.1/mapwms.c:528:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((groups != NULL) && (strlen(groups) != 0)) {
data/mapserver-7.6.1/mapwms.c:529:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (GET_LAYER(map, i)->group != NULL && strlen(GET_LAYER(map, i)->group) != 0) {
data/mapserver-7.6.1/mapwms.c:915:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) > 0)
data/mapserver-7.6.1/mapwms.c:921:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (dimensiondefault && strlen(dimensiondefault) > 0)
data/mapserver-7.6.1/mapwms.c:1057:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (layers==NULL || strlen(values[i]) <=0 || numwmslayerargs < 1) {
data/mapserver-7.6.1/mapwms.c:1176:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (srsbuffer[strlen(srsbuffer)-1] == ',')
data/mapserver-7.6.1/mapwms.c:1177:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srsbuffer[strlen(srsbuffer)-1] = '\0';
data/mapserver-7.6.1/mapwms.c:1178:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (epsgbuf[strlen(epsgbuf)-1] == ',')
data/mapserver-7.6.1/mapwms.c:1179:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
epsgbuf[strlen(epsgbuf)-1] = '\0';
data/mapserver-7.6.1/mapwms.c:1348:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srsbuffer) > 1) {
data/mapserver-7.6.1/mapwms.c:1360:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srsbuffer) > 1 && strncasecmp(srsbuffer, "AUTO2:", 6) == 0) {
data/mapserver-7.6.1/mapwms.c:1606:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srsbuffer) > 1 || nonsquare_enabled) {
data/mapserver-7.6.1/mapwms.c:1627:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srsbuffer) > 1) {
data/mapserver-7.6.1/mapwms.c:1649:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(srsbuffer) > 1) {
data/mapserver-7.6.1/mapwms.c:1740:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(styles && strlen(styles) > 0) {
data/mapserver-7.6.1/mapwms.c:1749:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tokens[i] && strlen(tokens[i]) > 0 &&
data/mapserver-7.6.1/mapwms.c:2208:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sName = 22 + 6 + strlen(vocabularylist) +1;
data/mapserver-7.6.1/mapwms.c:2211:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sTemplate = strlen(tabspace)+4+21+strlen(vocabularylist)+17+1;
data/mapserver-7.6.1/mapwms.c:2211:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sTemplate = strlen(tabspace)+4+21+strlen(vocabularylist)+17+1;
data/mapserver-7.6.1/mapwms.c:2274:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->name && strlen(lp->name) > 0 &&
data/mapserver-7.6.1/mapwms.c:2433:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pszDimensionDefault && strlen(pszDimensionDefault) > 0)
data/mapserver-7.6.1/mapwms.c:2441:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pszDimensionDefault && strlen(pszDimensionDefault) > 0)
data/mapserver-7.6.1/mapwms.c:2579:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(lp->class[i]->name) > 0) {
data/mapserver-7.6.1/mapwms.c:2620:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(script_url_encoded)+300;
data/mapserver-7.6.1/mapwms.c:3186:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format_list && strlen(format_list) > 0) {
data/mapserver-7.6.1/mapwms.c:3195:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tokens[i]) > 0 && mime_count<max_mime)
data/mapserver-7.6.1/mapwms.c:3337:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( !rootlayer_name || strlen(rootlayer_name) > 0 ) {
data/mapserver-7.6.1/mapwms.c:3351:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (map->name && strlen(map->name) > 0 &&
data/mapserver-7.6.1/mapwms.c:3358:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(rootlayer_name) > 0) {
data/mapserver-7.6.1/mapwms.c:3463:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (map->name && strlen(map->name) > 0 && msOWSLookupMetadata(&(map->web.metadata), "MO", "inspire_capabilities") ) {
data/mapserver-7.6.1/mapwms.c:3518:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(script_url_encoded)+300;
data/mapserver-7.6.1/mapwms.c:3524:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format_list && strlen(format_list) > 0) {
data/mapserver-7.6.1/mapwms.c:3609:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (lp->group == NULL || strlen(lp->group) == 0) {
data/mapserver-7.6.1/mapwms.c:3633:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->group && strlen(lp->group) > 0 &&
data/mapserver-7.6.1/mapwms.c:3649:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->group && strlen(lp->group) > 0) {
data/mapserver-7.6.1/mapwms.c:3707:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferSize = strlen(script_url_encoded)+300;
data/mapserver-7.6.1/mapwms.c:3713:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format_list && strlen(format_list) > 0) {
data/mapserver-7.6.1/mapwms.c:3905:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strcasecmp(names[i], "SLD") == 0 && values[i] && strlen(values[i]) > 0) ||
data/mapserver-7.6.1/mapwms.c:3906:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strcasecmp(names[i], "SLD_BODY") == 0 && values[i] && strlen(values[i]) > 0)) {
data/mapserver-7.6.1/mapwms.c:3921:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strcasecmp(names[i], "FILTER") == 0 && values[i] && strlen(values[i]) > 0)) {
data/mapserver-7.6.1/mapwms.c:4090:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reqBuffSize = strlen(lp->items[k]) + 7;
data/mapserver-7.6.1/mapwms.c:4160:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(layers==NULL || numlayers < 1 || strlen(msStringTrimLeft(values[i])) < 1) {
data/mapserver-7.6.1/mapwms.c:4213:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (values[i] && strlen(values[i]) > 0) {
data/mapserver-7.6.1/mapwms.c:4504:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszOnlineResMapWFS && strlen(pszOnlineResMapWFS) == 0)
data/mapserver-7.6.1/mapwms.c:4508:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszOnlineResMapWCS && strlen(pszOnlineResMapWCS) == 0)
data/mapserver-7.6.1/mapwms.c:4531:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszOnlineResLyrWFS == NULL || strlen(pszOnlineResLyrWFS) == 0)
data/mapserver-7.6.1/mapwms.c:4534:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszOnlineResLyrWCS == NULL || strlen(pszOnlineResLyrWCS) == 0)
data/mapserver-7.6.1/mapwms.c:4694:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values[i] && strlen(values[i]) > 0 && strcasecmp(sldenabled, "true") == 0)
data/mapserver-7.6.1/mapwms.c:4697:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
values[i] && strlen(values[i]) > 0 && strcasecmp(sldenabled, "true") == 0)
data/mapserver-7.6.1/mapwms.c:4753:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lp->class[j]->name != NULL && strlen(lp->class[j]->name)>0) {
data/mapserver-7.6.1/mapwms.c:4805:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nLayers == 1 && pszStyle && strlen(pszStyle) > 0 && strcasecmp(pszStyle, "default") != 0) {
data/mapserver-7.6.1/mapwms.c:4883:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(GET_LAYER(map, iLayerIndex)->class[i]->name) > 0 &&
data/mapserver-7.6.1/mapwmslayer.c:153:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(wmsparams->onlineresource) + 3;
data/mapserver-7.6.1/mapwmslayer.c:158:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen += strlen(key) + strlen(value) + 2;
data/mapserver-7.6.1/mapwmslayer.c:158:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen += strlen(key) + strlen(value) + 2;
data/mapserver-7.6.1/mapwmslayer.c:171:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(pszURL, "?");
data/mapserver-7.6.1/mapwmslayer.c:174:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c = pszURL+strlen(pszURL)-1;
data/mapserver-7.6.1/mapwmslayer.c:176:7: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(c+1, "&");
data/mapserver-7.6.1/mapwmslayer.c:181:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(pszURL);
data/mapserver-7.6.1/mapwmslayer.c:186:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen += strlen(key) + strlen(value) + 2;
data/mapserver-7.6.1/mapwmslayer.c:186:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen += strlen(key) + strlen(value) + 2;
data/mapserver-7.6.1/mapwmslayer.c:358:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszTime && strlen(pszTime) > 0) {
data/mapserver-7.6.1/mapwmslayer.c:548:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(pszEPSG);
data/mapserver-7.6.1/mapwmslayer.c:1101:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (map->web.imagepath == NULL || strlen(map->web.imagepath) == 0) {
data/mapserver-7.6.1/mapwmslayer.c:1198:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(value1) + strlen(value2) +2;
data/mapserver-7.6.1/mapwmslayer.c:1198:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(value1) + strlen(value2) +2;
data/mapserver-7.6.1/mapwmslayer.c:1475:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wldfile && (strlen(wldfile)>=3))
data/mapserver-7.6.1/mapwmslayer.c:1476:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(wldfile+strlen(wldfile)-3, "wld");
data/mapserver-7.6.1/mapwmslayer.c:1492:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
VSIFWriteL( world_text, 1, strlen(world_text), fp );
data/mapserver-7.6.1/mapxbase.c:150:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszDBFFilename = (char *) msSmallMalloc(strlen(pszFilename)+1);
data/mapserver-7.6.1/mapxbase.c:153:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strcmp(pszFilename+strlen(pszFilename)-4,".shp") == 0
data/mapserver-7.6.1/mapxbase.c:154:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strcmp(pszFilename+strlen(pszFilename)-4,".shx") == 0 ) {
data/mapserver-7.6.1/mapxbase.c:155:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy( pszDBFFilename+strlen(pszDBFFilename)-4, ".dbf");
data/mapserver-7.6.1/mapxbase.c:156:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if( strcmp(pszFilename+strlen(pszFilename)-4,".SHP") == 0
data/mapserver-7.6.1/mapxbase.c:157:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strcmp(pszFilename+strlen(pszFilename)-4,".SHX") == 0 ) {
data/mapserver-7.6.1/mapxbase.c:158:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy( pszDBFFilename+strlen(pszDBFFilename)-4, ".DBF");
data/mapserver-7.6.1/mapxbase.c:169:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( strcmp(pszDBFFilename+strlen(pszDBFFilename)-4,".dbf") == 0 ) {
data/mapserver-7.6.1/mapxbase.c:170:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy( pszDBFFilename+strlen(pszDBFFilename)-4, ".DBF");
data/mapserver-7.6.1/mapxbase.c:442:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pszFInfo, pszFieldName, 10);
data/mapserver-7.6.1/mapxbase.c:490:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(pszValue) == 0;
data/mapserver-7.6.1/mapxbase.c:553:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( psDBF->pszStringField,(const char *) pabyRec+psDBF->panFieldOffset[iField], psDBF->panFieldSize[iField] );
data/mapserver-7.6.1/mapxbase.c:559:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(psDBF->pszStringField)-1; i>=0; i--) {
data/mapserver-7.6.1/mapxbase.c:658:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( pszFieldName, (char *) psDBF->pszHeader+iField*32, 11 );
data/mapserver-7.6.1/mapxbase.c:736:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *) szSField);
data/mapserver-7.6.1/mapxbase.c:741:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *) pValue);
data/mapserver-7.6.1/msencrypt.c:67:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBuf = (char*)malloc((strlen(argv[3])*2+17)*sizeof(char));
data/mapserver-7.6.1/msencrypt.c:68:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MS_CHECK_ALLOC(pszBuf, (strlen(argv[3])*2+17)*sizeof(char), -1);
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:1031:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned remove_duplicates(Array& arr, Equal equal)
data/mapserver-7.6.1/renderers/agg/include/agg_array.h:1039:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(e, arr[i - 1]))
data/mapserver-7.6.1/renderers/agg/include/agg_font_cache_manager.h:63:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_signature = (char*)m_allocator.allocate(strlen(font_signature) + 1);
data/mapserver-7.6.1/renderers/agg/include/agg_svg_exception.h:55:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_msg(exc.m_msg ? new char[strlen(exc.m_msg) + 1] : 0)
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:654:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_face_names[m_num_faces] = new char [strlen(font_name) + 1];
data/mapserver-7.6.1/renderers/agg/src/agg_font_freetype.cpp:831:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned name_len = strlen(m_name);
data/mapserver-7.6.1/renderers/agg/src/agg_gsv_text.cpp:574:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned new_size = strlen(text) + 1;
data/mapserver-7.6.1/renderers/agg/src/agg_svg_parser.cpp:432:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned len = strlen(str);
data/mapserver-7.6.1/shptree.c:45:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(Filename)+5);
data/mapserver-7.6.1/shptree.c:47:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = (int)strlen(pszBasename)-1;
data/mapserver-7.6.1/shptree.c:59:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/shptreetst.c:56:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(Filename)+5);
data/mapserver-7.6.1/shptreetst.c:58:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = (int)strlen(pszBasename)-1;
data/mapserver-7.6.1/shptreetst.c:70:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/shptreevis.c:56:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszBasename = (char *) msSmallMalloc(strlen(Filename)+5);
data/mapserver-7.6.1/shptreevis.c:58:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( i = strlen(pszBasename)-1;
data/mapserver-7.6.1/shptreevis.c:70:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pszFullname = (char *) msSmallMalloc(strlen(pszBasename) + 5);
data/mapserver-7.6.1/sortshp.c:134:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncasecmp(argv[3],fName,(int)strlen(argv[3])) == 0) { /* ---- Found it ---- */
data/mapserver-7.6.1/strptime.c:125:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen (strs[i]);
data/mapserver-7.6.1/textlayout.c:263:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int prefixlen = strlen(prefix);
data/mapserver-7.6.1/textlayout.c:269:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
startfont += strlen(prefix);
data/mapserver-7.6.1/textlayout.c:455:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(ts->annotext);
data/mapserver-7.6.1/textlayout.c:484:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text_num_bytes = strlen(ts->annotext);
data/mapserver-7.6.1/tile4ms.c:133:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(shapeFileName))
data/mapserver-7.6.1/tile4ms.c:175:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(shapeFileName) > 4 &&
data/mapserver-7.6.1/tile4ms.c:176:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(p=shapeFileName+strlen(shapeFileName)-4) &&
data/mapserver-7.6.1/tile4ms.c:180:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(shapeFileName))
data/mapserver-7.6.1/uthash.h:253:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UT_HASH_FIND(hh,head,findstr,strlen(findstr),out)
data/mapserver-7.6.1/uthash.h:255:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UT_HASH_ADD(hh,head,strfield,strlen(add->strfield),add)
data/mapserver-7.6.1/uthash.h:257:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UT_HASH_REPLACE(hh,head,strfield,strlen(add->strfield),add,replaced)
ANALYSIS SUMMARY:
Hits = 2637
Lines analyzed = 320951 in approximately 12.21 seconds (26285 lines/second)
Physical Source Lines of Code (SLOC) = 245352
Hits@level = [0] 895 [1] 1133 [2] 1123 [3] 52 [4] 329 [5] 0
Hits@level+ = [0+] 3532 [1+] 2637 [2+] 1504 [3+] 381 [4+] 329 [5+] 0
Hits/KSLOC@level+ = [0+] 14.3956 [1+] 10.7478 [2+] 6.12997 [3+] 1.55287 [4+] 1.34093 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.